#2043

Committed 29 Dec 2025 06:12PM UTC coverage: 77.222% (-0.005%) from 77.227%

Build # #2043

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge dad4446a5 into a3917cb92

Run Details

36065 of 46703 relevant lines covered (77.22%)

101207.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.74

/src/tpm2/EncryptDecrypt_spt.c

/********************************************************************************/
/*                                                                                */
/*                                 Encrypt Decrypt Support                         */
/*                             Written by Ken Goldman                                */
/*                       IBM Thomas J. Watson Research Center                        */
/*            $Id: EncryptDecrypt_spt.c 1658 2021-01-22 23:14:01Z kgoldman $        */
/*                                                                                */
/*  Licenses and Notices                                                        */
/*                                                                                */
/*  1. Copyright Licenses:                                                        */
/*                                                                                */
/*  - Trusted Computing Group (TCG) grants to the user of the source code in        */
/*    this specification (the "Source Code") a worldwide, irrevocable,                 */
/*    nonexclusive, royalty free, copyright license to reproduce, create         */
/*    derivative works, distribute, display and perform the Source Code and        */
/*    derivative works thereof, and to grant others the rights granted herein.        */
/*                                                                                */
/*  - The TCG grants to the user of the other parts of the specification         */
/*    (other than the Source Code) the rights to reproduce, distribute,         */
/*    display, and perform the specification solely for the purpose of                 */
/*    developing products based on such documents.                                */
/*                                                                                */
/*  2. Source Code Distribution Conditions:                                        */
/*                                                                                */
/*  - Redistributions of Source Code must retain the above copyright licenses,         */
/*    this list of conditions and the following disclaimers.                        */
/*                                                                                */
/*  - Redistributions in binary form must reproduce the above copyright         */
/*    licenses, this list of conditions        and the following disclaimers in the         */
/*    documentation and/or other materials provided with the distribution.        */
/*                                                                                */
/*  3. Disclaimers:                                                                */
/*                                                                                */
/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF        */
/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH        */
/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)        */
/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.                */
/*  Contact TCG Administration (admin@trustedcomputinggroup.org) for                 */
/*  information on specification licensing rights available through TCG         */
/*  membership agreements.                                                        */
/*                                                                                */
/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED         */
/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR         */
/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR                 */
/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY                 */
/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.                */
/*                                                                                */
/*  - Without limitation, TCG and its members and licensors disclaim all         */
/*    liability, including liability for infringement of any proprietary         */
/*    rights, relating to use of information in this specification and to the        */
/*    implementation of this specification, and TCG disclaims all liability for        */
/*    cost of procurement of substitute goods or services, lost profits, loss         */
/*    of use, loss of data or any incidental, consequential, direct, indirect,         */
/*    or special damages, whether under contract, tort, warranty or otherwise,         */
/*    arising in any way out of use or reliance upon this specification or any         */
/*    information herein.                                                        */
/*                                                                                */
/*  (c) Copyright IBM Corp. and others, 2016 - 2021                                */
/*                                                                                */
/********************************************************************************/

/* 7.7 Encrypt Decrypt Support (EncryptDecrypt_spt.c) */
#include "Tpm.h"
#include "EncryptDecrypt_fp.h"
#include "EncryptDecrypt_spt_fp.h"
#if CC_EncryptDecrypt2
/* Error Returns Meaning */
/* TPM_RC_KEY is not a symmetric decryption key with both public and private portions loaded */
/* TPM_RC_SIZE IvIn size is incompatible with the block cipher mode; or inData size is not an even
   multiple of the block size for CBC or ECB mode */
/* TPM_RC_VALUE keyHandle is restricted and the argument mode does not match the key's mode */
TPM_RC
EncryptDecryptShared(
                     TPMI_DH_OBJECT        keyHandleIn,
                     TPMI_YES_NO           decryptIn,
                     TPMI_ALG_SYM_MODE     modeIn,
                     TPM2B_IV              *ivIn,
                     TPM2B_MAX_BUFFER      *inData,
                     EncryptDecrypt_Out    *out
                     )
{
    OBJECT              *symKey;
    UINT16               keySize;
    UINT16               blockSize;
    BYTE                *key;
    TPM_ALG_ID           alg;
    TPM_ALG_ID           mode;
    TPM_RC               result;
    BOOL                 OK;
    // Input Validation
    symKey = HandleToObject(keyHandleIn);
    mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;
    // The input key should be a symmetric key
    if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)
        return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
    // The key must be unrestricted and allow the selected operation
    OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
                       TPMA_OBJECT, restricted);
    if(YES == decryptIn)
        OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
                                TPMA_OBJECT, decrypt);
    else
        OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
                                TPMA_OBJECT, sign);
    if(!OK)
        return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;
    // Make sure that key is an encrypt/decrypt key and not SMAC
    if(!CryptSymModeIsValid(mode, TRUE))
        return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle;
    // If the key mode is not TPM_ALG_NULL...
    // or TPM_ALG_NULL
    if(mode != TPM_ALG_NULL)
        {
            // then the input mode has to be TPM_ALG_NULL or the same as the key
            if((modeIn != TPM_ALG_NULL) && (modeIn != mode))
                return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
        }
    else
        {
            // if the key mode is null, then the input can't be null
            if(modeIn == TPM_ALG_NULL)
                return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
            mode = modeIn;
        }
    // The input iv for ECB mode should be an Empty Buffer.  All the other modes
    // should have an iv size same as encryption block size
    keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;
    alg = symKey->publicArea.parameters.symDetail.sym.algorithm;
    blockSize = CryptGetSymmetricBlockSize(alg, keySize);
    // reverify the algorithm. This is mainly to keep static analysis tools happy
    if(blockSize == 0)
        return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
    if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0))
       || ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize)))
        return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;
    // The input data size of CBC mode or ECB mode must be an even multiple of
    // the symmetric algorithm's block size
    if(((mode == TPM_ALG_CBC) || (mode == TPM_ALG_ECB))
       && ((inData->t.size % blockSize) != 0))
        return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;
    // Copy IV
    // Note: This is copied here so that the calls to the encrypt/decrypt functions
    // will modify the output buffer, not the input buffer
    out->ivOut = *ivIn;
    // Command Output
    key = symKey->sensitive.sensitive.sym.t.buffer;
    // For symmetric encryption, the cipher data size is the same as plain data
    // size.
    out->outData.t.size = inData->t.size;
    if(decryptIn == YES)
        {
            // Decrypt data to output
            result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key,
                                           &(out->ivOut), mode, inData->t.size,
                                           inData->t.buffer);
        }
    else
        {
            // Encrypt data to output
            result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key,
                                           &(out->ivOut), mode, inData->t.size,
                                           inData->t.buffer);
        }
    return result;
}
#endif // CC_EncryptDecrypt

1	/********************************************************************************/
2	/* */
3	/* Encrypt Decrypt Support */
4	/* Written by Ken Goldman */
5	/* IBM Thomas J. Watson Research Center */
6	/* $Id: EncryptDecrypt_spt.c 1658 2021-01-22 23:14:01Z kgoldman $ */
7	/* */
8	/* Licenses and Notices */
9	/* */
10	/* 1. Copyright Licenses: */
11	/* */
12	/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13	/* this specification (the "Source Code") a worldwide, irrevocable, */
14	/* nonexclusive, royalty free, copyright license to reproduce, create */
15	/* derivative works, distribute, display and perform the Source Code and */
16	/* derivative works thereof, and to grant others the rights granted herein. */
17	/* */
18	/* - The TCG grants to the user of the other parts of the specification */
19	/* (other than the Source Code) the rights to reproduce, distribute, */
20	/* display, and perform the specification solely for the purpose of */
21	/* developing products based on such documents. */
22	/* */
23	/* 2. Source Code Distribution Conditions: */
24	/* */
25	/* - Redistributions of Source Code must retain the above copyright licenses, */
26	/* this list of conditions and the following disclaimers. */
27	/* */
28	/* - Redistributions in binary form must reproduce the above copyright */
29	/* licenses, this list of conditions and the following disclaimers in the */
30	/* documentation and/or other materials provided with the distribution. */
31	/* */
32	/* 3. Disclaimers: */
33	/* */
34	/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35	/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36	/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37	/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38	/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
39	/* information on specification licensing rights available through TCG */
40	/* membership agreements. */
41	/* */
42	/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43	/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44	/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45	/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46	/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47	/* */
48	/* - Without limitation, TCG and its members and licensors disclaim all */
49	/* liability, including liability for infringement of any proprietary */
50	/* rights, relating to use of information in this specification and to the */
51	/* implementation of this specification, and TCG disclaims all liability for */
52	/* cost of procurement of substitute goods or services, lost profits, loss */
53	/* of use, loss of data or any incidental, consequential, direct, indirect, */
54	/* or special damages, whether under contract, tort, warranty or otherwise, */
55	/* arising in any way out of use or reliance upon this specification or any */
56	/* information herein. */
57	/* */
58	/* (c) Copyright IBM Corp. and others, 2016 - 2021 */
59	/* */
60	/********************************************************************************/
61
62	/* 7.7 Encrypt Decrypt Support (EncryptDecrypt_spt.c) */
63	#include "Tpm.h"
64	#include "EncryptDecrypt_fp.h"
65	#include "EncryptDecrypt_spt_fp.h"
66	#if CC_EncryptDecrypt2
67	/* Error Returns Meaning */
68	/* TPM_RC_KEY is not a symmetric decryption key with both public and private portions loaded */
69	/* TPM_RC_SIZE IvIn size is incompatible with the block cipher mode; or inData size is not an even
70	multiple of the block size for CBC or ECB mode */
71	/* TPM_RC_VALUE keyHandle is restricted and the argument mode does not match the key's mode */
72	TPM_RC
73	EncryptDecryptShared(	24✔
74	TPMI_DH_OBJECT keyHandleIn,
75	TPMI_YES_NO decryptIn,
76	TPMI_ALG_SYM_MODE modeIn,
77	TPM2B_IV *ivIn,
78	TPM2B_MAX_BUFFER *inData,
79	EncryptDecrypt_Out *out
80	)
81	{
82	OBJECT *symKey;	24✔
83	UINT16 keySize;	24✔
84	UINT16 blockSize;	24✔
85	BYTE *key;	24✔
86	TPM_ALG_ID alg;	24✔
87	TPM_ALG_ID mode;	24✔
88	TPM_RC result;	24✔
89	BOOL OK;	24✔
90	// Input Validation
91	symKey = HandleToObject(keyHandleIn);	24✔
92	mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;	24✔
93	// The input key should be a symmetric key
94	if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)	24✔
95	return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
96	// The key must be unrestricted and allow the selected operation
97	OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes,	24✔
98	TPMA_OBJECT, restricted);
99	if(YES == decryptIn)	24✔
100	OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,	12✔
101	TPMA_OBJECT, decrypt);
102	else
103	OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,	12✔
104	TPMA_OBJECT, sign);
105	if(!OK)
106	return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;
107	// Make sure that key is an encrypt/decrypt key and not SMAC
108	if(!CryptSymModeIsValid(mode, TRUE))	24✔
109	return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle;
110	// If the key mode is not TPM_ALG_NULL...
111	// or TPM_ALG_NULL
112	if(mode != TPM_ALG_NULL)	24✔
113	{
114	// then the input mode has to be TPM_ALG_NULL or the same as the key
115	if((modeIn != TPM_ALG_NULL) && (modeIn != mode))	24✔
116	return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
117	}
118	else
119	{
120	// if the key mode is null, then the input can't be null
121	if(modeIn == TPM_ALG_NULL)	×
122	return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
123	mode = modeIn;
124	}
125	// The input iv for ECB mode should be an Empty Buffer. All the other modes
126	// should have an iv size same as encryption block size
127	keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;	24✔
128	alg = symKey->publicArea.parameters.symDetail.sym.algorithm;	24✔
129	blockSize = CryptGetSymmetricBlockSize(alg, keySize);	24✔
130	// reverify the algorithm. This is mainly to keep static analysis tools happy
131	if(blockSize == 0)	24✔
132	return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
133	if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0))	24✔
134	\|\| ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize)))	24✔
135	return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;
136	// The input data size of CBC mode or ECB mode must be an even multiple of
137	// the symmetric algorithm's block size
138	if(((mode == TPM_ALG_CBC) \|\| (mode == TPM_ALG_ECB))	24✔
139	&& ((inData->t.size % blockSize) != 0))	×
140	return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;
141	// Copy IV
142	// Note: This is copied here so that the calls to the encrypt/decrypt functions
143	// will modify the output buffer, not the input buffer
144	out->ivOut = *ivIn;	24✔
145	// Command Output
146	key = symKey->sensitive.sensitive.sym.t.buffer;	24✔
147	// For symmetric encryption, the cipher data size is the same as plain data
148	// size.
149	out->outData.t.size = inData->t.size;	24✔
150	if(decryptIn == YES)	24✔
151	{
152	// Decrypt data to output
153	result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key,	12✔
154	&(out->ivOut), mode, inData->t.size,	12✔
155	inData->t.buffer);	12✔
156	}
157	else
158	{
159	// Encrypt data to output
160	result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key,	12✔
161	&(out->ivOut), mode, inData->t.size,	12✔
162	inData->t.buffer);	12✔
163	}
164	return result;
165	}
166	#endif // CC_EncryptDecrypt

stefanberger / libtpms / #2043

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous