#2037

Committed 05 Dec 2025 06:50PM UTC coverage: 77.185% (-0.03%) from 77.213%

Build # #2037

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge 73eca8c26 into 4f71e9b45

Run Details

992 of 1176 new or added lines in 85 files covered. (84.35%)

1748 existing lines in 62 files now uncovered.

36357 of 47104 relevant lines covered (77.18%)

125949.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.12

/src/tpm2/EncryptDecrypt_spt.c

// SPDX-License-Identifier: BSD-2-Clause

#include "Tpm.h"
#include "EncryptDecrypt_fp.h"
#include "EncryptDecrypt_spt_fp.h"

#if CC_EncryptDecrypt2

/*(See part 3 specification)
// symmetric encryption or decryption
*/
//  Return Type: TPM_RC
//      TPM_RC_KEY          is not a symmetric decryption key with both
//                          public and private portions loaded
//      TPM_RC_SIZE         'IvIn' size is incompatible with the block cipher mode;
//                          or 'inData' size is not an even multiple of the block
//                          size for CBC or ECB mode
//      TPM_RC_VALUE        'keyHandle' is restricted and the argument 'mode' does
//                          not match the key's mode
TPM_RC
EncryptDecryptShared(TPMI_DH_OBJECT      keyHandleIn,
                     TPMI_YES_NO         decryptIn,
                     TPMI_ALG_SYM_MODE   modeIn,
                     TPM2B_IV*           ivIn,
                     TPM2B_MAX_BUFFER*   inData,
                     EncryptDecrypt_Out* out)
{
    OBJECT*    symKey;
    UINT16     keySize;
    UINT16     blockSize;
    BYTE*      key;
    TPM_ALG_ID alg;
    TPM_ALG_ID mode;
    TPM_RC     result;
    BOOL       OK;
    // Input Validation
    symKey = HandleToObject(keyHandleIn);
    pAssert_RC(symKey != NULL);
    mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;

    // The input key should be a symmetric key
    if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)
        return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
    // The key must be unrestricted and allow the selected operation
    OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, restricted);
    if(YES == decryptIn)
        OK = OK
             && IS_ATTRIBUTE(
                 symKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt);
    else
        OK = OK
             && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, sign);
    if(!OK)
        return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;

    // Make sure that key is an encrypt/decrypt key and not SMAC
    if(!CryptSymModeIsValid(mode, TRUE))
        return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle;

    // If the key mode is not TPM_ALG_NULL...
    // or TPM_ALG_NULL
    if(mode != TPM_ALG_NULL)
    {
        // then the input mode has to be TPM_ALG_NULL or the same as the key
        if((modeIn != TPM_ALG_NULL) && (modeIn != mode))
            return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
    }
    else
    {
        // if the key mode is null, then the input can't be null
        if(modeIn == TPM_ALG_NULL)
            return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
        mode = modeIn;
    }
    // The input iv for ECB mode should be an Empty Buffer.  All the other modes
    // should have an iv size same as encryption block size
    keySize   = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;
    alg       = symKey->publicArea.parameters.symDetail.sym.algorithm;
    blockSize = CryptGetSymmetricBlockSize(alg, keySize);

    // reverify the algorithm. This is mainly to keep static analysis tools happy
    if(blockSize == 0)
        return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;

    if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0))
       || ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize)))
        return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;

    // The input data size of CBC mode or ECB mode must be an even multiple of
    // the symmetric algorithm's block size
    if(((mode == TPM_ALG_CBC) || (mode == TPM_ALG_ECB))
       && ((inData->t.size % blockSize) != 0))
        return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;

    // Copy IV
    // Note: This is copied here so that the calls to the encrypt/decrypt functions
    // will modify the output buffer, not the input buffer
    out->ivOut = *ivIn;

    // Command Output
    key = symKey->sensitive.sensitive.sym.t.buffer;
    // For symmetric encryption, the cipher data size is the same as plain data
    // size.
    out->outData.t.size = inData->t.size;
    if(decryptIn == YES)
    {
        // Decrypt data to output
        result = CryptSymmetricDecrypt(out->outData.t.buffer,
                                       alg,
                                       keySize,
                                       key,
                                       &(out->ivOut),
                                       mode,
                                       inData->t.size,
                                       inData->t.buffer);
    }
    else
    {
        // Encrypt data to output
        result = CryptSymmetricEncrypt(out->outData.t.buffer,
                                       alg,
                                       keySize,
                                       key,
                                       &(out->ivOut),
                                       mode,
                                       inData->t.size,
                                       inData->t.buffer);
    }
    return result;
}

#endif  // CC_EncryptDecrypt

1	// SPDX-License-Identifier: BSD-2-Clause
2
3	#include "Tpm.h"
4	#include "EncryptDecrypt_fp.h"
5	#include "EncryptDecrypt_spt_fp.h"
6
7	#if CC_EncryptDecrypt2
8
9	/*(See part 3 specification)
10	// symmetric encryption or decryption
11	*/
12	// Return Type: TPM_RC
13	// TPM_RC_KEY is not a symmetric decryption key with both
14	// public and private portions loaded
15	// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode;
16	// or 'inData' size is not an even multiple of the block
17	// size for CBC or ECB mode
18	// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does
19	// not match the key's mode
20	TPM_RC
21	EncryptDecryptShared(TPMI_DH_OBJECT keyHandleIn,	24✔
22	TPMI_YES_NO decryptIn,
23	TPMI_ALG_SYM_MODE modeIn,
24	TPM2B_IV* ivIn,
25	TPM2B_MAX_BUFFER* inData,
26	EncryptDecrypt_Out* out)
27	{
28	OBJECT* symKey;	24✔
29	UINT16 keySize;	24✔
30	UINT16 blockSize;	24✔
31	BYTE* key;	24✔
32	TPM_ALG_ID alg;	24✔
33	TPM_ALG_ID mode;	24✔
34	TPM_RC result;	24✔
35	BOOL OK;	24✔
36	// Input Validation
37	symKey = HandleToObject(keyHandleIn);	24✔
38	pAssert_RC(symKey != NULL);	24✔
39	mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;	24✔
40
41	// The input key should be a symmetric key
42	if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)	24✔
43	return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
44	// The key must be unrestricted and allow the selected operation
45	OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, restricted);	24✔
46	if(YES == decryptIn)	24✔
47	OK = OK	12✔
48	&& IS_ATTRIBUTE(	12✔
49	symKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt);
50	else
51	OK = OK	12✔
52	&& IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, sign);	12✔
53	if(!OK)
54	return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;
55
56	// Make sure that key is an encrypt/decrypt key and not SMAC
57	if(!CryptSymModeIsValid(mode, TRUE))	24✔
58	return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle;
59
60	// If the key mode is not TPM_ALG_NULL...
61	// or TPM_ALG_NULL
62	if(mode != TPM_ALG_NULL)	24✔
63	{
64	// then the input mode has to be TPM_ALG_NULL or the same as the key
65	if((modeIn != TPM_ALG_NULL) && (modeIn != mode))	24✔
66	return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
67	}
68	else
69	{
70	// if the key mode is null, then the input can't be null
UNCOV 71	if(modeIn == TPM_ALG_NULL)	×
72	return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
73	mode = modeIn;
74	}
75	// The input iv for ECB mode should be an Empty Buffer. All the other modes
76	// should have an iv size same as encryption block size
77	keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;	24✔
78	alg = symKey->publicArea.parameters.symDetail.sym.algorithm;	24✔
79	blockSize = CryptGetSymmetricBlockSize(alg, keySize);	24✔
80
81	// reverify the algorithm. This is mainly to keep static analysis tools happy
82	if(blockSize == 0)	24✔
83	return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
84
85	if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0))	24✔
86	\|\| ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize)))	24✔
87	return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;
88
89	// The input data size of CBC mode or ECB mode must be an even multiple of
90	// the symmetric algorithm's block size
91	if(((mode == TPM_ALG_CBC) \|\| (mode == TPM_ALG_ECB))	24✔
UNCOV 92	&& ((inData->t.size % blockSize) != 0))	×
93	return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;
94
95	// Copy IV
96	// Note: This is copied here so that the calls to the encrypt/decrypt functions
97	// will modify the output buffer, not the input buffer
98	out->ivOut = *ivIn;	24✔
99
100	// Command Output
101	key = symKey->sensitive.sensitive.sym.t.buffer;	24✔
102	// For symmetric encryption, the cipher data size is the same as plain data
103	// size.
104	out->outData.t.size = inData->t.size;	24✔
105	if(decryptIn == YES)	24✔
106	{
107	// Decrypt data to output
108	result = CryptSymmetricDecrypt(out->outData.t.buffer,	12✔
109	alg,
110	keySize,
111	key,
112	&(out->ivOut),
113	mode,
114	inData->t.size,	12✔
115	inData->t.buffer);	12✔
116	}
117	else
118	{
119	// Encrypt data to output
120	result = CryptSymmetricEncrypt(out->outData.t.buffer,	12✔
121	alg,
122	keySize,
123	key,
124	&(out->ivOut),
125	mode,
126	inData->t.size,	12✔
127	inData->t.buffer);	12✔
128	}
129	return result;
130	}
131
132	#endif // CC_EncryptDecrypt

stefanberger / libtpms / #2037

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous