diff --git a/src/tpm2/RuntimeAlgorithm.c b/src/tpm2/RuntimeAlgorithm.c index f0237505f..5c7e7e15f 100644 --- a/src/tpm2/RuntimeAlgorithm.c +++ b/src/tpm2/RuntimeAlgorithm.c @@ -534,13 +534,13 @@ RuntimeAlgorithmCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm, * it needs to be filtered-out so that the profile doesn't need an upgrade to * stateFormatLevel '4'. */ -LIB_EXPORT BOOL -RuntimeAlgorithmKeySizeCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm, - TPM_ALG_ID algId, // IN: the algorithm to check - UINT16 keySizeInBits, // IN: size of the key in bits - TPM_ECC_CURVE curveId, // IN: curve Id if algId == TPM_ALG_ECC - unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel - ) +static BOOL _RuntimeAlgorithmKeySizeCheckEnabled( + struct RuntimeAlgorithm *RuntimeAlgorithm, + TPM_ALG_ID algId, // IN: the algorithm to check + UINT16 keySizeInBits, // IN: size of the key in bits + unsigned int maxStateFormatLevel, // IN: maximum stateFormatLevel + TPM_ECC_CURVE curveId // IN: curve Id for TPM_ALG_ECC +) { const struct KeySizes *keysizes; UINT16 minKeySize; @@ -578,6 +578,41 @@ RuntimeAlgorithmKeySizeCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm, return TRUE; } +LIB_EXPORT BOOL +RuntimeAlgorithmKeySizeCheckEnabled( + struct RuntimeAlgorithm *RuntimeAlgorithm, + TPM_ALG_ID algId, // IN: the algorithm to check + UINT16 keySizeInBits, // IN: size of the key in bits + unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel + ) +{ + return _RuntimeAlgorithmKeySizeCheckEnabled( + RuntimeAlgorithm, + algId, + keySizeInBits, + maxStateFormatLevel, + TPM_ECC_NONE + ); +} + +LIB_EXPORT BOOL +RuntimeAlgorithmEccKeySizeCheckEnabled( + struct RuntimeAlgorithm *RuntimeAlgorithm, + TPM_ALG_ID algId, // IN: the algorithm to check + UINT16 keySizeInBits, // IN: size of the key in bits + TPM_ECC_CURVE curveId, // IN: curve Id if algId == TPM_ALG_ECC + unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel + ) +{ + return _RuntimeAlgorithmKeySizeCheckEnabled( + RuntimeAlgorithm, + algId, + keySizeInBits, + maxStateFormatLevel, + curveId + ); +} + static char * RuntimeAlgorithmGet( const struct AlgorithmShortcuts *shortcuts, size_t shortcuts_len, diff --git a/src/tpm2/RuntimeAlgorithm_fp.h b/src/tpm2/RuntimeAlgorithm_fp.h index 9f3226bcb..01f8330c0 100644 --- a/src/tpm2/RuntimeAlgorithm_fp.h +++ b/src/tpm2/RuntimeAlgorithm_fp.h @@ -43,12 +43,21 @@ RuntimeAlgorithmCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm, ); BOOL -RuntimeAlgorithmKeySizeCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm, - TPM_ALG_ID algId, // IN: the algorithm to check - UINT16 keySizeInBits, // IN: size of the key in bits - TPM_ECC_CURVE curveId, // IN: curveId if algId == TPM_ALG_ECC - unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel - ); +RuntimeAlgorithmKeySizeCheckEnabled( + struct RuntimeAlgorithm *RuntimeAlgorithm, + TPM_ALG_ID algId, // IN: the algorithm to check + UINT16 keySizeInBits, // IN: size of the key in bits + unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel +); + +BOOL +RuntimeAlgorithmEccKeySizeCheckEnabled( + struct RuntimeAlgorithm *RuntimeAlgorithm, + TPM_ALG_ID algId, // IN: the algorithm to check + UINT16 keySizeInBits, // IN: size of the key in bits + TPM_ECC_CURVE curveId, // IN: curveId if algId == TPM_ALG_ECC + unsigned int maxStateFormatLevel // IN: maximum stateFormatLevel +); enum RuntimeAlgorithmType { RUNTIME_ALGO_IMPLEMENTED, diff --git a/src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c b/src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c index 33a74a1af..e8549adca 100644 --- a/src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c +++ b/src/tpm2/TPMCmd/tpm/src/crypt/AlgorithmTests.c @@ -177,7 +177,6 @@ static void TestSymmetricAlgorithm(const SYMMETRIC_TEST_VECTOR* test, // /* Skip test cases whose algorithms or keysizes are runtime-disabled */ if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, test->alg, test->keyBits, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) return; // libtpms added end diff --git a/src/tpm2/TPMCmd/tpm/src/crypt/CryptEccMain.c b/src/tpm2/TPMCmd/tpm/src/crypt/CryptEccMain.c index e35484b63..a4827c9dc 100644 --- a/src/tpm2/TPMCmd/tpm/src/crypt/CryptEccMain.c +++ b/src/tpm2/TPMCmd/tpm/src/crypt/CryptEccMain.c @@ -128,11 +128,11 @@ CryptCapGetECCCurve(TPM_ECC_CURVE curveID, // IN: the starting ECC curve continue; if (!CryptEccIsCurveRuntimeUsable(curve)) // libtpms added begin continue; - if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, - TPM_ALG_ECC, - CryptEccGetKeySizeForCurve(curve), - curve, - g_RuntimeProfile.stateFormatLevel)) + if (!RuntimeAlgorithmEccKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, + TPM_ALG_ECC, + CryptEccGetKeySizeForCurve(curve), + curve, + g_RuntimeProfile.stateFormatLevel)) continue; // libtpms added end if(curveList->count < maxCount) { @@ -160,11 +160,11 @@ BOOL CryptCapGetOneECCCurve(TPM_ECC_CURVE curveID // IN: the ECC curve UINT16 i; if (!CryptEccIsCurveRuntimeUsable(curveID) || // libtpms added begin - !RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, - TPM_ALG_ECC, - CryptEccGetKeySizeForCurve(curveID), - curveID, - g_RuntimeProfile.stateFormatLevel)) + !RuntimeAlgorithmEccKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, + TPM_ALG_ECC, + CryptEccGetKeySizeForCurve(curveID), + curveID, + g_RuntimeProfile.stateFormatLevel)) return FALSE; // libtpms added end // Scan the eccCurveValues array diff --git a/src/tpm2/TPMCmd/tpm/src/crypt/CryptUtil.c b/src/tpm2/TPMCmd/tpm/src/crypt/CryptUtil.c index e1975645a..7401f26f0 100644 --- a/src/tpm2/TPMCmd/tpm/src/crypt/CryptUtil.c +++ b/src/tpm2/TPMCmd/tpm/src/crypt/CryptUtil.c @@ -32,7 +32,6 @@ static TPM_RC CryptHmacSign(TPMT_SIGNATURE* signature, // OUT: signature if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin TPM_ALG_HMAC, signKey->sensitive.sensitive.bits.t.size * 8, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) return TPM_RC_KEY_SIZE; // libtpms added end @@ -70,7 +69,6 @@ static TPM_RC CryptHMACVerifySignature( if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpm added begin TPM_ALG_HMAC, signKey->sensitive.sensitive.bits.t.size * 8, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) return TPM_RC_KEY_SIZE; // libtpms added end diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c index 32cb30ef7..31a11fbe5 100644 --- a/src/tpm2/Unmarshal.c +++ b/src/tpm2/Unmarshal.c @@ -223,11 +223,11 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) !CryptEccIsCurveRuntimeUsable(*target)) { rc = TPM_RC_CURVE; } - if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, - TPM_ALG_ECC, - CryptEccGetKeySizeForCurve(*target), - *target, - g_RuntimeProfile.stateFormatLevel)) { + if (!RuntimeAlgorithmEccKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, + TPM_ALG_ECC, + CryptEccGetKeySizeForCurve(*target), + *target, + g_RuntimeProfile.stateFormatLevel)) { rc = TPM_RC_CURVE; } // libtpms added end break; @@ -2872,7 +2872,6 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin TPM_ALG_AES, *target, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) { rc = TPM_RC_VALUE; } // libtpms added end @@ -2912,7 +2911,6 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin TPM_ALG_CAMELLIA, *target, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) { rc = TPM_RC_VALUE; } // libtpms added end @@ -2975,7 +2973,6 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin TPM_ALG_TDES, *target, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) { rc = TPM_RC_VALUE; } // libtpms added end @@ -3961,7 +3958,6 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, TPM_ALG_RSA, *target, - TPM_ECC_NONE, g_RuntimeProfile.stateFormatLevel)) { rc = TPM_RC_VALUE; } // libtpms added end