You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1329 lines
50 KiB
1329 lines
50 KiB
From 8004d7ddc5e1bd7809f6a385908ceff216061187 Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?= |
|
<shoracek@redhat.com> |
|
Date: Thu, 17 Feb 2022 19:02:10 +0100 |
|
Subject: [PATCH 3/4] Restrict the usage of SHA-1 in code examples |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
Due to SHA-1 not being considered secure, it should be not used for |
|
cryptographical purposes. This commit disables the usage of SHA-1 in |
|
cases where it is used in potentially exploitable situations, most |
|
notably for creating signatures. |
|
|
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com> |
|
--- |
|
configure.ac | 4 ++++ |
|
utils/certify.c | 7 ++----- |
|
utils/certifycreation.c | 7 ++----- |
|
utils/create.c | 10 ++-------- |
|
utils/createloaded.c | 10 ++-------- |
|
utils/createprimary.c | 10 ++-------- |
|
utils/cryptoutils.c | 3 --- |
|
utils/getcommandauditdigest.c | 7 ++----- |
|
utils/getsessionauditdigest.c | 7 ++----- |
|
utils/gettime.c | 7 ++----- |
|
utils/hash.c | 7 ++----- |
|
utils/hashsequencestart.c | 7 ++----- |
|
utils/hmac.c | 7 ++----- |
|
utils/hmacstart.c | 7 ++----- |
|
utils/importpem.c | 14 ++++---------- |
|
utils/loadexternal.c | 14 ++++---------- |
|
utils/man/man1/tsscertify.1 | 2 +- |
|
utils/man/man1/tsscertifycreation.1 | 2 +- |
|
utils/man/man1/tsscreate.1 | 4 ++-- |
|
utils/man/man1/tsscreateloaded.1 | 4 ++-- |
|
utils/man/man1/tsscreateprimary.1 | 4 ++-- |
|
utils/man/man1/tssgetcommandauditdigest.1 | 2 +- |
|
utils/man/man1/tssgetsessionauditdigest.1 | 2 +- |
|
utils/man/man1/tssgettime.1 | 2 +- |
|
utils/man/man1/tsshash.1 | 2 +- |
|
utils/man/man1/tsshashsequencestart.1 | 2 +- |
|
utils/man/man1/tsshmac.1 | 2 +- |
|
utils/man/man1/tsshmacstart.1 | 2 +- |
|
utils/man/man1/tssimportpem.1 | 4 ++-- |
|
utils/man/man1/tssloadexternal.1 | 4 ++-- |
|
utils/man/man1/tssnvcertify.1 | 2 +- |
|
utils/man/man1/tssnvdefinespace.1 | 2 +- |
|
utils/man/man1/tssnvreadpublic.1 | 2 +- |
|
utils/man/man1/tsspolicymaker.1 | 2 +- |
|
utils/man/man1/tsspolicysigned.1 | 2 +- |
|
utils/man/man1/tsspublicname.1 | 4 ++-- |
|
utils/man/man1/tssquote.1 | 2 +- |
|
utils/man/man1/tssrsadecrypt.1 | 2 +- |
|
utils/man/man1/tsssetcommandcodeauditstatus.1 | 2 +- |
|
utils/man/man1/tsssetprimarypolicy.1 | 2 +- |
|
utils/man/man1/tsssign.1 | 2 +- |
|
utils/man/man1/tssstartauthsession.1 | 2 +- |
|
utils/man/man1/tssverifysignature.1 | 2 +- |
|
utils/nvcertify.c | 7 ++----- |
|
utils/nvdefinespace.c | 8 ++------ |
|
utils/nvreadpublic.c | 7 ++----- |
|
utils/objecttemplates.c | 4 ++-- |
|
utils/policymaker.c | 7 ++----- |
|
utils/policysigned.c | 7 ++----- |
|
utils/publicname.c | 14 ++++---------- |
|
utils/quote.c | 7 ++----- |
|
utils/reg.sh | 17 +++++++++++++---- |
|
utils/regtests/testattest.sh | 15 ++++++++++----- |
|
utils/regtests/testevent.sh | 2 +- |
|
utils/rsadecrypt.c | 12 ++---------- |
|
utils/setcommandcodeauditstatus.c | 7 ++----- |
|
utils/setprimarypolicy.c | 5 +---- |
|
utils/sign.c | 7 ++----- |
|
utils/startauthsession.c | 7 ++----- |
|
utils/verifysignature.c | 7 ++----- |
|
60 files changed, 122 insertions(+), 212 deletions(-) |
|
|
|
diff --git a/configure.ac b/configure.ac |
|
index ad870b1..4e4052e 100644 |
|
--- a/configure.ac |
|
+++ b/configure.ac |
|
@@ -123,6 +123,10 @@ AC_ARG_ENABLE(rmtpm, |
|
AM_CONDITIONAL([CONFIG_RMTPM], [test "x$enable_rmtpm" = "xyes"]) |
|
AS_IF([test "$enable_rmtpm" != "yes"], [enable_rmtpm="no"]) |
|
|
|
+AC_ARG_ENABLE(restricted-hash-alg, |
|
+ AS_HELP_STRING([--enable-restricted-hash-alg], [Restrict usage of SHA-1])) |
|
+ AS_IF([test "$enable_restricted_hash_alg" = "yes"], [CFLAGS="-DRESTRICTED_HASH_ALG $CFLAGS"]) |
|
+ |
|
AC_CONFIG_FILES([Makefile |
|
utils/Makefile |
|
utils12/Makefile |
|
diff --git a/utils/certify.c b/utils/certify.c |
|
index f1f54d0..f3cfc84 100644 |
|
--- a/utils/certify.c |
|
+++ b/utils/certify.c |
|
@@ -128,10 +128,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -397,7 +394,7 @@ static void printUsage(void) |
|
printf("\t[-pwdo\tpassword for object (default empty)]\n"); |
|
printf("\t-hk\tcertifying key handle\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384 sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
printf("\t[-os\tsignature file name (default do not save)]\n"); |
|
diff --git a/utils/certifycreation.c b/utils/certifycreation.c |
|
index ab54c0a..20377d2 100644 |
|
--- a/utils/certifycreation.c |
|
+++ b/utils/certifycreation.c |
|
@@ -121,10 +121,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -437,7 +434,7 @@ static void printUsage(void) |
|
printf("\t-ho\tobject handle\n"); |
|
printf("\t-hk\tcertifying key handle\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc) (default rsa)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
printf("\t-tk\tinput ticket file name\n"); |
|
diff --git a/utils/create.c b/utils/create.c |
|
index a8b805c..93c5d43 100644 |
|
--- a/utils/create.c |
|
+++ b/utils/create.c |
|
@@ -239,10 +239,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -264,10 +261,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
diff --git a/utils/createloaded.c b/utils/createloaded.c |
|
index d54f791..a21bbda 100644 |
|
--- a/utils/createloaded.c |
|
+++ b/utils/createloaded.c |
|
@@ -235,10 +235,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -257,10 +254,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
diff --git a/utils/createprimary.c b/utils/createprimary.c |
|
index 52ae083..d6374dd 100644 |
|
--- a/utils/createprimary.c |
|
+++ b/utils/createprimary.c |
|
@@ -246,10 +246,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -271,10 +268,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c |
|
index 57eade7..7b5de79 100644 |
|
--- a/utils/cryptoutils.c |
|
+++ b/utils/cryptoutils.c |
|
@@ -2025,9 +2025,6 @@ TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength, |
|
/* map the hash algorithm to the openssl NID */ |
|
if (rc == 0) { |
|
switch (hashAlg) { |
|
- case TPM_ALG_SHA1: |
|
- nid = NID_sha1; |
|
- break; |
|
case TPM_ALG_SHA256: |
|
nid = NID_sha256; |
|
break; |
|
diff --git a/utils/getcommandauditdigest.c b/utils/getcommandauditdigest.c |
|
index a219785..cc67a17 100644 |
|
--- a/utils/getcommandauditdigest.c |
|
+++ b/utils/getcommandauditdigest.c |
|
@@ -117,10 +117,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -381,7 +378,7 @@ static void printUsage(void) |
|
printf("\t[-pwde\tendorsement hierarchy password (default empty)]\n"); |
|
printf("\t-hk\tsigning key handle\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
printf("\t[-os\tsignature file name (default do not save)]\n"); |
|
diff --git a/utils/getsessionauditdigest.c b/utils/getsessionauditdigest.c |
|
index 61b12e6..e0706a1 100644 |
|
--- a/utils/getsessionauditdigest.c |
|
+++ b/utils/getsessionauditdigest.c |
|
@@ -128,10 +128,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -377,7 +374,7 @@ static void printUsage(void) |
|
printf("\t[-hk\tsigning key handle]\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
printf("\t-hs\taudit session handle\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
printf("\t[-os\tsignature file name (default do not save)]\n"); |
|
printf("\t[-oa\tattestation output file name (default do not save)]\n"); |
|
diff --git a/utils/gettime.c b/utils/gettime.c |
|
index b07baf1..2e4b819 100644 |
|
--- a/utils/gettime.c |
|
+++ b/utils/gettime.c |
|
@@ -118,10 +118,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -381,7 +378,7 @@ static void printUsage(void) |
|
printf("\t-hk\tsigning key handle\n"); |
|
printf("\t[-pwdk\tpassword for signing key (default empty)]\n"); |
|
printf("\t[-pwde\tpassword for endorsement hierarchy (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
printf("\t[-os\tsignature file name (default do not save)]\n"); |
|
diff --git a/utils/hash.c b/utils/hash.c |
|
index 71b8a7c..e21ff8c 100644 |
|
--- a/utils/hash.c |
|
+++ b/utils/hash.c |
|
@@ -93,10 +93,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -300,7 +297,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("\t[-hi\thierarchy (e, o, p, n) (default null)]\n"); |
|
printf("\t\te endorsement, o owner, p platform, n null\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t-if\tinput file to be hashed\n"); |
|
printf("\t-ic\tdata string to be hashed\n"); |
|
printf("\t[-ns\tno space, no text, no newlines]\n"); |
|
diff --git a/utils/hashsequencestart.c b/utils/hashsequencestart.c |
|
index d54fadd..8b1e6fc 100644 |
|
--- a/utils/hashsequencestart.c |
|
+++ b/utils/hashsequencestart.c |
|
@@ -87,10 +87,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- hashAlg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
hashAlg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -243,7 +240,7 @@ static void printUsage(void) |
|
printf("Runs TPM2_HashSequenceStart\n"); |
|
printf("\n"); |
|
printf("\t[-pwda\tpassword for sequence (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512, null) (default sha256)]\n"); |
|
printf("\t\tnull is an event sequence\n"); |
|
printf("\n"); |
|
printf("\t-se[0-2] session handle / attributes (default NULL)\n"); |
|
diff --git a/utils/hmac.c b/utils/hmac.c |
|
index be63e1b..7ea325d 100644 |
|
--- a/utils/hmac.c |
|
+++ b/utils/hmac.c |
|
@@ -105,10 +105,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -343,7 +340,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("\t-hk\tkey handle\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t-if\tinput file to be HMACed\n"); |
|
printf("\t-ic\tdata string to be HMACed\n"); |
|
printf("\t[-os\thmac file name (default do not save)]\n"); |
|
diff --git a/utils/hmacstart.c b/utils/hmacstart.c |
|
index 3fdd0f9..4463376 100644 |
|
--- a/utils/hmacstart.c |
|
+++ b/utils/hmacstart.c |
|
@@ -109,10 +109,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -270,7 +267,7 @@ static void printUsage(void) |
|
printf("\t-hk\tkey handle\n"); |
|
printf("\t-pwdk\tpassword for key (default empty)\n"); |
|
printf("\t-pwda\tpassword for sequence (default empty)\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\n"); |
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); |
|
printf("\t01\tcontinue\n"); |
|
diff --git a/utils/importpem.c b/utils/importpem.c |
|
index 38ad125..cbf3794 100644 |
|
--- a/utils/importpem.c |
|
+++ b/utils/importpem.c |
|
@@ -215,10 +215,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -240,10 +237,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -478,8 +472,8 @@ static void printUsage(void) |
|
printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); |
|
printf("\t-opu\tpublic area file name\n"); |
|
printf("\t-opr\tprivate area file name\n"); |
|
- printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
- printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-nalg\tname hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\tscheme hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-pol\tpolicy file (default empty)]\n"); |
|
printf("\n"); |
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); |
|
diff --git a/utils/loadexternal.c b/utils/loadexternal.c |
|
index 877501c..fc8cd1a 100644 |
|
--- a/utils/loadexternal.c |
|
+++ b/utils/loadexternal.c |
|
@@ -127,10 +127,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -152,10 +149,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -511,8 +505,8 @@ static void printUsage(void) |
|
printf("Runs TPM2_LoadExternal\n"); |
|
printf("\n"); |
|
printf("\t[-hi\thierarchy (e, o, p, n) (default NULL)]\n"); |
|
- printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
- printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-nalg\tname hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\tscheme hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\n"); |
|
printf("\t[Asymmetric Key Algorithm]\n"); |
|
printf("\n"); |
|
diff --git a/utils/man/man1/tsscertify.1 b/utils/man/man1/tsscertify.1 |
|
index 6895ee7..b837209 100644 |
|
--- a/utils/man/man1/tsscertify.1 |
|
+++ b/utils/man/man1/tsscertify.1 |
|
@@ -20,7 +20,7 @@ certifying key handle |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384 sha512) (default sha256)] |
|
+(sha256, sha384 sha512) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc, hmac) (default rsa)] |
|
diff --git a/utils/man/man1/tsscertifycreation.1 b/utils/man/man1/tsscertifycreation.1 |
|
index 4382ed9..7c77a1e 100644 |
|
--- a/utils/man/man1/tsscertifycreation.1 |
|
+++ b/utils/man/man1/tsscertifycreation.1 |
|
@@ -17,7 +17,7 @@ certifying key handle |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384) (default sha256)] |
|
+(sha256, sha384) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc) (default rsa)] |
|
diff --git a/utils/man/man1/tsscreate.1 b/utils/man/man1/tsscreate.1 |
|
index b4eda75..f2f6fc4 100644 |
|
--- a/utils/man/man1/tsscreate.1 |
|
+++ b/utils/man/man1/tsscreate.1 |
|
@@ -89,10 +89,10 @@ userWithAuth attribute clear (default set)] |
|
data (inSensitive) file name] |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-pwdk |
|
password for key (default empty)] |
|
diff --git a/utils/man/man1/tsscreateloaded.1 b/utils/man/man1/tsscreateloaded.1 |
|
index ccd3d73..ebcf721 100644 |
|
--- a/utils/man/man1/tsscreateloaded.1 |
|
+++ b/utils/man/man1/tsscreateloaded.1 |
|
@@ -93,10 +93,10 @@ userWithAuth attribute clear (default set)] |
|
data (inSensitive) file name] |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-der |
|
object's parent is a derivation parent] |
|
diff --git a/utils/man/man1/tsscreateprimary.1 b/utils/man/man1/tsscreateprimary.1 |
|
index 895a42e..55a9d85 100644 |
|
--- a/utils/man/man1/tsscreateprimary.1 |
|
+++ b/utils/man/man1/tsscreateprimary.1 |
|
@@ -114,10 +114,10 @@ userWithAuth attribute clear (default set)] |
|
data (inSensitive) file name] |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.HP |
|
\fB\-se[0\-2]\fR session handle / attributes (default PWAP) |
|
.TP |
|
diff --git a/utils/man/man1/tssgetcommandauditdigest.1 b/utils/man/man1/tssgetcommandauditdigest.1 |
|
index 34711e0..11d3b78 100644 |
|
--- a/utils/man/man1/tssgetcommandauditdigest.1 |
|
+++ b/utils/man/man1/tssgetcommandauditdigest.1 |
|
@@ -17,7 +17,7 @@ signing key handle |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc, hmac) (default rsa)] |
|
diff --git a/utils/man/man1/tssgetsessionauditdigest.1 b/utils/man/man1/tssgetsessionauditdigest.1 |
|
index d09c78b..3fa4a03 100644 |
|
--- a/utils/man/man1/tssgetsessionauditdigest.1 |
|
+++ b/utils/man/man1/tssgetsessionauditdigest.1 |
|
@@ -20,7 +20,7 @@ password for key (default empty)] |
|
audit session handle |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-qd |
|
qualifying data file name] |
|
diff --git a/utils/man/man1/tssgettime.1 b/utils/man/man1/tssgettime.1 |
|
index bec0627..ac4b425 100644 |
|
--- a/utils/man/man1/tssgettime.1 |
|
+++ b/utils/man/man1/tssgettime.1 |
|
@@ -17,7 +17,7 @@ password for signing key (default empty)] |
|
password for endorsement hierarchy (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc, hmac) (default rsa)] |
|
diff --git a/utils/man/man1/tsshash.1 b/utils/man/man1/tsshash.1 |
|
index 6eff929..01fa758 100644 |
|
--- a/utils/man/man1/tsshash.1 |
|
+++ b/utils/man/man1/tsshash.1 |
|
@@ -12,7 +12,7 @@ hierarchy (e, o, p, n) (default null)] |
|
e endorsement, o owner, p platform, n null |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
\fB\-if\fR |
|
input file to be hashed |
|
diff --git a/utils/man/man1/tsshashsequencestart.1 b/utils/man/man1/tsshashsequencestart.1 |
|
index f6d7f52..33225da 100644 |
|
--- a/utils/man/man1/tsshashsequencestart.1 |
|
+++ b/utils/man/man1/tsshashsequencestart.1 |
|
@@ -11,7 +11,7 @@ Runs TPM2_HashSequenceStart |
|
password for sequence (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512, null) (default sha256)] |
|
+(sha256, sha384, sha512, null) (default sha256)] |
|
null is an event sequence |
|
.HP |
|
\fB\-se[0\-2]\fR session handle / attributes (default NULL) |
|
diff --git a/utils/man/man1/tsshmac.1 b/utils/man/man1/tsshmac.1 |
|
index e64a861..c55b998 100644 |
|
--- a/utils/man/man1/tsshmac.1 |
|
+++ b/utils/man/man1/tsshmac.1 |
|
@@ -14,7 +14,7 @@ key handle |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
\fB\-if\fR |
|
input file to be HMACed |
|
diff --git a/utils/man/man1/tsshmacstart.1 b/utils/man/man1/tsshmacstart.1 |
|
index 65d4ab6..9dd8fbf 100644 |
|
--- a/utils/man/man1/tsshmacstart.1 |
|
+++ b/utils/man/man1/tsshmacstart.1 |
|
@@ -17,7 +17,7 @@ password for key (default empty) |
|
password for sequence (default empty) |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.HP |
|
\fB\-se[0\-2]\fR session handle / attributes (default PWAP) |
|
.TP |
|
diff --git a/utils/man/man1/tssimportpem.1 b/utils/man/man1/tssimportpem.1 |
|
index 21c362e..46821eb 100644 |
|
--- a/utils/man/man1/tssimportpem.1 |
|
+++ b/utils/man/man1/tssimportpem.1 |
|
@@ -49,10 +49,10 @@ public area file name |
|
private area file name |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-pol |
|
policy file (default empty)] |
|
diff --git a/utils/man/man1/tssloadexternal.1 b/utils/man/man1/tssloadexternal.1 |
|
index e32a251..729d357 100644 |
|
--- a/utils/man/man1/tssloadexternal.1 |
|
+++ b/utils/man/man1/tssloadexternal.1 |
|
@@ -11,10 +11,10 @@ Runs TPM2_LoadExternal |
|
hierarchy (e, o, p, n) (default NULL)] |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.IP |
|
[Asymmetric Key Algorithm] |
|
.TP |
|
diff --git a/utils/man/man1/tssnvcertify.1 b/utils/man/man1/tssnvcertify.1 |
|
index c55f6dc..1a50fd6 100644 |
|
--- a/utils/man/man1/tssnvcertify.1 |
|
+++ b/utils/man/man1/tssnvcertify.1 |
|
@@ -20,7 +20,7 @@ certifying key handle |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc, hmac) (default rsa)] |
|
diff --git a/utils/man/man1/tssnvdefinespace.1 b/utils/man/man1/tssnvdefinespace.1 |
|
index 0f378e9..5d9d395 100644 |
|
--- a/utils/man/man1/tssnvdefinespace.1 |
|
+++ b/utils/man/man1/tssnvdefinespace.1 |
|
@@ -36,7 +36,7 @@ password for NV index (default empty)] |
|
sets AUTHWRITE (if not PIN index), AUTHREAD |
|
.TP |
|
[\-nalg |
|
-name algorithm (sha1, sha256, sha384 sha512) (default sha256)] |
|
+name algorithm (sha256, sha384 sha512) (default sha256)] |
|
.TP |
|
[\-sz |
|
data size in decimal (default 0)] |
|
diff --git a/utils/man/man1/tssnvreadpublic.1 b/utils/man/man1/tssnvreadpublic.1 |
|
index b8c7bbb..c8619bb 100644 |
|
--- a/utils/man/man1/tssnvreadpublic.1 |
|
+++ b/utils/man/man1/tssnvreadpublic.1 |
|
@@ -11,7 +11,7 @@ Runs TPM2_NV_ReadPublic |
|
NV index handle |
|
.TP |
|
[\-nalg |
|
-expected name hash algorithm (sha1, sha256, sha384 sha512) |
|
+expected name hash algorithm (sha256, sha384 sha512) |
|
(default no check)] |
|
.TP |
|
[\-opu |
|
diff --git a/utils/man/man1/tsspolicymaker.1 b/utils/man/man1/tsspolicymaker.1 |
|
index 6660f36..36beaaa 100644 |
|
--- a/utils/man/man1/tsspolicymaker.1 |
|
+++ b/utils/man/man1/tsspolicymaker.1 |
|
@@ -6,7 +6,7 @@ policymaker \- Runs TPM2 policymaker |
|
policymaker |
|
.TP |
|
[\-halg |
|
-hash algorithm (sha1 sha256 sha384 sha512) (default sha256)] |
|
+hash algorithm (sha256 sha384 sha512) (default sha256)] |
|
.TP |
|
[\-nz |
|
do not extend starting with zeros, just hash the last line] |
|
diff --git a/utils/man/man1/tsspolicysigned.1 b/utils/man/man1/tsspolicysigned.1 |
|
index f50b81a..dab24ba 100644 |
|
--- a/utils/man/man1/tsspolicysigned.1 |
|
+++ b/utils/man/man1/tsspolicysigned.1 |
|
@@ -26,7 +26,7 @@ policyRef file (default none)] |
|
expiration in decimal (default none)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
\fB\-sk\fR |
|
RSA signing key file name (PEM format) |
|
diff --git a/utils/man/man1/tsspublicname.1 b/utils/man/man1/tsspublicname.1 |
|
index 6600436..e42481c 100644 |
|
--- a/utils/man/man1/tsspublicname.1 |
|
+++ b/utils/man/man1/tsspublicname.1 |
|
@@ -45,10 +45,10 @@ rsapss |
|
null |
|
.TP |
|
[\-nalg |
|
-name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+name hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-halg |
|
-scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
|
+scheme hash algorithm (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-uwa |
|
userWithAuth attribute clear (default set)] |
|
diff --git a/utils/man/man1/tssquote.1 b/utils/man/man1/tssquote.1 |
|
index 04a2e60..3de384b 100644 |
|
--- a/utils/man/man1/tssquote.1 |
|
+++ b/utils/man/man1/tssquote.1 |
|
@@ -17,7 +17,7 @@ quoting key handle |
|
password for quoting key (default empty)] |
|
.TP |
|
[\-halg |
|
-for signing (sha1, sha256, sha384, sha512) (default sha256)] |
|
+for signing (sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-palg |
|
for PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)] |
|
diff --git a/utils/man/man1/tssrsadecrypt.1 b/utils/man/man1/tssrsadecrypt.1 |
|
index 6c35e42..ff2b0f2 100644 |
|
--- a/utils/man/man1/tssrsadecrypt.1 |
|
+++ b/utils/man/man1/tssrsadecrypt.1 |
|
@@ -16,7 +16,7 @@ password for key (default empty)[ |
|
[\-ipwdk password file for key, nul terminated (default empty)] |
|
\fB\-ie\fR encrypt file name |
|
\fB\-od\fR decrypt file name (default do not save) |
|
-[\-oid (sha1, sha256, sha384 sha512)] |
|
+[\-oid (sha256, sha384 sha512)] |
|
.IP |
|
optionally add OID and PKCS1 padding to the |
|
encrypt data (demo of signing with arbitrary OID) |
|
diff --git a/utils/man/man1/tsssetcommandcodeauditstatus.1 b/utils/man/man1/tsssetcommandcodeauditstatus.1 |
|
index c4d19dc..d84a0c2 100644 |
|
--- a/utils/man/man1/tsssetcommandcodeauditstatus.1 |
|
+++ b/utils/man/man1/tsssetcommandcodeauditstatus.1 |
|
@@ -14,7 +14,7 @@ authhandle hierarchy (o, p) (default platform)] |
|
authorization password (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512, null) (default null)] |
|
+(sha256, sha384, sha512, null) (default null)] |
|
.TP |
|
[\-set |
|
command code to set (may be specified more than once (default none)] |
|
diff --git a/utils/man/man1/tsssetprimarypolicy.1 b/utils/man/man1/tsssetprimarypolicy.1 |
|
index c67c1f9..9238407 100644 |
|
--- a/utils/man/man1/tsssetprimarypolicy.1 |
|
+++ b/utils/man/man1/tsssetprimarypolicy.1 |
|
@@ -17,7 +17,7 @@ authorization password (default empty)] |
|
policy file (default empty policy)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256) (default null)] |
|
+(sha256) (default null)] |
|
.HP |
|
\fB\-se[0\-2]\fR session handle / attributes (default PWAP) |
|
.TP |
|
diff --git a/utils/man/man1/tsssign.1 b/utils/man/man1/tsssign.1 |
|
index d5ad351..df67aee 100644 |
|
--- a/utils/man/man1/tsssign.1 |
|
+++ b/utils/man/man1/tsssign.1 |
|
@@ -17,7 +17,7 @@ input message to hash and sign |
|
password for key (default empty)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-salg |
|
signature algorithm (rsa, ecc, hmac) (default rsa)] |
|
diff --git a/utils/man/man1/tssstartauthsession.1 b/utils/man/man1/tssstartauthsession.1 |
|
index 3e944bb..ad16b0f 100644 |
|
--- a/utils/man/man1/tssstartauthsession.1 |
|
+++ b/utils/man/man1/tssstartauthsession.1 |
|
@@ -19,7 +19,7 @@ t |
|
Trial policy session |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384, sha512) (default sha256)] |
|
+(sha256, sha384, sha512) (default sha256)] |
|
.TP |
|
[\-hs |
|
salt handle (default TPM_RH_NULL)] |
|
diff --git a/utils/man/man1/tssverifysignature.1 b/utils/man/man1/tssverifysignature.1 |
|
index e2d6460..d30eee9 100644 |
|
--- a/utils/man/man1/tssverifysignature.1 |
|
+++ b/utils/man/man1/tssverifysignature.1 |
|
@@ -37,7 +37,7 @@ One of \fB\-hk\fR, \fB\-ipem\fR, \fB\-ihmac\fR must be specified |
|
ticket file name (requires \fB\-hk\fR)] |
|
.TP |
|
[\-halg |
|
-(sha1, sha256, sha384 sha512) (default sha256)] |
|
+(sha256, sha384 sha512) (default sha256)] |
|
.IP |
|
[Asymmetric Key Algorithm] |
|
.TP |
|
diff --git a/utils/nvcertify.c b/utils/nvcertify.c |
|
index 81bde69..440c894 100644 |
|
--- a/utils/nvcertify.c |
|
+++ b/utils/nvcertify.c |
|
@@ -131,10 +131,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -433,7 +430,7 @@ static void printUsage(void) |
|
printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); |
|
printf("\t-hk\tcertifying key handle\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t-sz\tdata size\n"); |
|
printf("\t[-off\toffset (default 0)]\n"); |
|
diff --git a/utils/nvdefinespace.c b/utils/nvdefinespace.c |
|
index 18ce6ea..cbe253e 100644 |
|
--- a/utils/nvdefinespace.c |
|
+++ b/utils/nvdefinespace.c |
|
@@ -124,11 +124,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- hashSize = SHA1_DIGEST_SIZE; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
hashSize = SHA256_DIGEST_SIZE; |
|
} |
|
@@ -562,7 +558,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); |
|
printf("\t\tsets AUTHWRITE (if not PIN index), AUTHREAD\n"); |
|
- printf("\t[-nalg\tname algorithm (sha1, sha256, sha384 sha512) (default sha256)]\n"); |
|
+ printf("\t[-nalg\tname algorithm (sha256, sha384 sha512) (default sha256)]\n"); |
|
printf("\t[-sz\tdata size in decimal (default 0)]\n"); |
|
printf("\t\tIgnored for other than ordinary index\n"); |
|
printf("\t[-ty\tindex type (o, c, b, e, p, f) (default ordinary)]\n"); |
|
diff --git a/utils/nvreadpublic.c b/utils/nvreadpublic.c |
|
index cf36b96..cbcae63 100644 |
|
--- a/utils/nvreadpublic.c |
|
+++ b/utils/nvreadpublic.c |
|
@@ -101,10 +101,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -336,7 +333,7 @@ static void printUsage(void) |
|
printf("Runs TPM2_NV_ReadPublic\n"); |
|
printf("\n"); |
|
printf("\t-ha\tNV index handle\n"); |
|
- printf("\t[-nalg\texpected name hash algorithm (sha1, sha256, sha384 sha512)\n" |
|
+ printf("\t[-nalg\texpected name hash algorithm (sha256, sha384 sha512)\n" |
|
"\t\t(default no check)]\n"); |
|
printf("\t[-opu\tNV public file name (default do not save)]\n"); |
|
printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n"); |
|
diff --git a/utils/objecttemplates.c b/utils/objecttemplates.c |
|
index 37d7b64..4d1269c 100644 |
|
--- a/utils/objecttemplates.c |
|
+++ b/utils/objecttemplates.c |
|
@@ -576,7 +576,7 @@ void printUsageTemplate(void) |
|
printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); |
|
printf("\t[-if\tdata (inSensitive) file name]\n"); |
|
printf("\n"); |
|
- printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
- printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-nalg\tname hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\tscheme hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
return; |
|
} |
|
diff --git a/utils/policymaker.c b/utils/policymaker.c |
|
index 7290ed7..818ac8b 100644 |
|
--- a/utils/policymaker.c |
|
+++ b/utils/policymaker.c |
|
@@ -107,10 +107,7 @@ int main(int argc, char *argv[]) |
|
if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- digest.hashAlg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
digest.hashAlg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -342,7 +339,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("policymaker\n"); |
|
printf("\n"); |
|
- printf("\t[-halg\thash algorithm (sha1 sha256 sha384 sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\thash algorithm (sha256 sha384 sha512) (default sha256)]\n"); |
|
printf("\t[-nz\tdo not extend starting with zeros, just hash the last line]\n"); |
|
printf("\t-if\tinput policy statements in hex ascii\n"); |
|
printf("\t[-of\toutput file - policy hash in binary]\n"); |
|
diff --git a/utils/policysigned.c b/utils/policysigned.c |
|
index 469cec9..dbecfe0 100644 |
|
--- a/utils/policysigned.c |
|
+++ b/utils/policysigned.c |
|
@@ -216,10 +216,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -444,7 +441,7 @@ static void printUsage(void) |
|
printf("\t[-cp\tcpHash file (default none)]\n"); |
|
printf("\t[-pref\tpolicyRef file (default none)]\n"); |
|
printf("\t[-exp\texpiration in decimal (default none)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t-sk\tRSA signing key file name (PEM format)\n"); |
|
printf("\t\tUse this signing key.\n"); |
|
printf("\t-is\tsignature file name\n"); |
|
diff --git a/utils/publicname.c b/utils/publicname.c |
|
index f599d36..fbe9ee4 100644 |
|
--- a/utils/publicname.c |
|
+++ b/utils/publicname.c |
|
@@ -90,10 +90,7 @@ int main(int argc, char *argv[]) |
|
if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -115,10 +112,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-nalg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- nalg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
nalg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -441,8 +435,8 @@ static void printUsage(void) |
|
printf("\t\trsassa\n"); |
|
printf("\t\trsapss\n"); |
|
printf("\t\tnull\n"); |
|
- printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
- printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-nalg\tname hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\tscheme hash algorithm (sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); |
|
printf("\t[-si\tsigning (default) RSA]\n"); |
|
printf("\t[-st\tstorage (default NULL scheme)]\n"); |
|
diff --git a/utils/quote.c b/utils/quote.c |
|
index c29fad0..154187c 100644 |
|
--- a/utils/quote.c |
|
+++ b/utils/quote.c |
|
@@ -130,10 +130,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -424,7 +421,7 @@ static void printUsage(void) |
|
printf("\t-hp\tpcr handle (may be specified more than once)\n"); |
|
printf("\t-hk\tquoting key handle\n"); |
|
printf("\t[-pwdk\tpassword for quoting key (default empty)]\n"); |
|
- printf("\t[-halg\tfor signing (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\tfor signing (sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-palg\tfor PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t[-qd\tqualifying data file name]\n"); |
|
diff --git a/utils/reg.sh b/utils/reg.sh |
|
index 2d9d100..671720f 100755 |
|
--- a/utils/reg.sh |
|
+++ b/utils/reg.sh |
|
@@ -70,11 +70,20 @@ PREFIX=./ |
|
#PREFIX="valgrind ./" |
|
|
|
# hash algorithms to be used for testing |
|
+export RESTRICTED_HASH_ALG |
|
|
|
-export ITERATE_ALGS="sha1 sha256 sha384 sha512" |
|
-export ITERATE_ALGS_SIZES="20 32 48 64" |
|
-export ITERATE_ALGS_COUNT=4 |
|
-export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1" |
|
+if [ "${RESTRICTED_HASH_ALG}" ]; then |
|
+ export ITERATE_ALGS="sha256 sha384 sha512" |
|
+ export ITERATE_ALGS_SIZES="32 48 64" |
|
+ export ITERATE_ALGS_COUNT=3 |
|
+ export BAD_ITERATE_ALGS="sha384 sha512 sha256" |
|
+else |
|
+ export ITERATE_ALGS="sha1 sha256 sha384 sha512" |
|
+ export ITERATE_ALGS_SIZES="20 32 48 64" |
|
+ export ITERATE_ALGS_COUNT=4 |
|
+ export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1" |
|
+fi |
|
+export ITERATE_ALGS_WITH_SHA1="sha1 sha256 sha384 sha512" |
|
|
|
printUsage () |
|
{ |
|
diff --git a/utils/regtests/testattest.sh b/utils/regtests/testattest.sh |
|
index 2dacf88..044d35f 100755 |
|
--- a/utils/regtests/testattest.sh |
|
+++ b/utils/regtests/testattest.sh |
|
@@ -379,21 +379,26 @@ echo "" |
|
echo "Audit a PCR Read" |
|
echo "" |
|
|
|
-for HALG in ${ITERATE_ALGS} |
|
+for HALG in ${ITERATE_ALGS_WITH_SHA1} |
|
do |
|
+ if [ "${HALG}" = "sha1" ] && [ "${RESTRICTED_HASH_ALG}" ]; then |
|
+ ALT_HALG=sha256 |
|
+ else |
|
+ ALT_HALG=${HALG} |
|
+ fi |
|
|
|
echo "Start an audit session ${HALG}" |
|
- ${PREFIX}startauthsession -se h -halg ${HALG} > run.out |
|
+ ${PREFIX}startauthsession -se h -halg ${ALT_HALG} > run.out |
|
checkSuccess $? |
|
|
|
echo "PCR 16 reset" |
|
${PREFIX}pcrreset -ha 16 > run.out |
|
checkSuccess $? |
|
|
|
- cp policies/zero${HALG}.bin tmpdigestr.bin |
|
+ cp policies/zero${ALT_HALG}.bin tmpdigestr.bin |
|
|
|
echo "PCR 16 read ${HALG}" |
|
- ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out |
|
+ ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${ALT_HALG} -iosad tmpdigestr.bin > run.out |
|
checkSuccess $? |
|
|
|
echo "Get session audit digest" |
|
@@ -409,7 +414,7 @@ do |
|
checkSuccess $? |
|
|
|
echo "PCR 16 read ${HALG}" |
|
- ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out |
|
+ ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${ALT_HALG} -iosad tmpdigestr.bin > run.out |
|
checkSuccess $? |
|
|
|
echo "Get session audit digest" |
|
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh |
|
index 6336920..57a96d2 100755 |
|
--- a/utils/regtests/testevent.sh |
|
+++ b/utils/regtests/testevent.sh |
|
@@ -62,7 +62,7 @@ echo "" |
|
|
|
for TYPE in "1" "2" |
|
do |
|
- for HALG in ${ITERATE_ALGS} |
|
+ for HALG in ${ITERATE_ALGS_WITH_SHA1} |
|
do |
|
|
|
echo "Power cycle to reset IMA PCR" |
|
diff --git a/utils/rsadecrypt.c b/utils/rsadecrypt.c |
|
index e2846af..a521edf 100644 |
|
--- a/utils/rsadecrypt.c |
|
+++ b/utils/rsadecrypt.c |
|
@@ -130,10 +130,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-oid") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -391,7 +388,6 @@ static TPM_RC padData(uint8_t **buffer, |
|
uint16_t digestSize; |
|
const uint8_t *oid; |
|
uint16_t oidSize; |
|
- const uint8_t sha1Oid[] = {SHA1_DER}; |
|
const uint8_t sha256Oid[] = {SHA256_DER}; |
|
const uint8_t sha384Oid[] = {SHA384_DER}; |
|
const uint8_t sha512Oid[] = {SHA512_DER}; |
|
@@ -419,10 +415,6 @@ static TPM_RC padData(uint8_t **buffer, |
|
/* determine the OID */ |
|
if (rc == 0) { |
|
switch (halg) { |
|
- case TPM_ALG_SHA1: |
|
- oid = sha1Oid; |
|
- oidSize = SHA1_DER_SIZE; |
|
- break; |
|
case TPM_ALG_SHA256: |
|
oid = sha256Oid; |
|
oidSize = SHA256_DER_SIZE; |
|
@@ -499,7 +491,7 @@ static void printUsage(void) |
|
printf("\t[-ipwdk\tpassword file for key, nul terminated (default empty)]\n"); |
|
printf("\t-ie\tencrypt file name\n"); |
|
printf("\t-od\tdecrypt file name (default do not save)\n"); |
|
- printf("\t[-oid\t(sha1, sha256, sha384 sha512)]\n"); |
|
+ printf("\t[-oid\t(sha256, sha384 sha512)]\n"); |
|
printf("\t\toptionally add OID and PKCS1 padding to the\n"); |
|
printf("\t\tencrypt data (demo of signing with arbitrary OID)\n"); |
|
printf("\n"); |
|
diff --git a/utils/setcommandcodeauditstatus.c b/utils/setcommandcodeauditstatus.c |
|
index 7a880ae..7a95a59 100644 |
|
--- a/utils/setcommandcodeauditstatus.c |
|
+++ b/utils/setcommandcodeauditstatus.c |
|
@@ -125,10 +125,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- in.auditAlg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
in.auditAlg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -287,7 +284,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("\t[-hi\tauthhandle hierarchy (o, p) (default platform)]\n"); |
|
printf("\t[-pwda\tauthorization password (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default null)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512, null) (default null)]\n"); |
|
printf("\t[-set\tcommand code to set (may be specified more than once (default none)]\n"); |
|
printf("\t[-clr\tcommand code to clear (may be specified more than once (default none)]\n"); |
|
printf("\n"); |
|
diff --git a/utils/setprimarypolicy.c b/utils/setprimarypolicy.c |
|
index 619937f..100e265 100644 |
|
--- a/utils/setprimarypolicy.c |
|
+++ b/utils/setprimarypolicy.c |
|
@@ -113,9 +113,6 @@ int main(int argc, char *argv[]) |
|
if (strcmp(argv[i],"sha256") == 0) { |
|
in.hashAlg = TPM_ALG_SHA256; |
|
} |
|
- else if (strcmp(argv[i],"sha1") == 0) { |
|
- in.hashAlg = TPM_ALG_SHA1; |
|
- } |
|
else { |
|
printf("Bad parameter %s for -halg\n", argv[i]); |
|
printUsage(); |
|
@@ -291,7 +288,7 @@ static void printUsage(void) |
|
printf("\t[-hi\tauthhandle hierarchy (l, e, o, p) (default platform)]\n"); |
|
printf("\t[-pwda\tauthorization password (default empty)]\n"); |
|
printf("\t[-pol\tpolicy file (default empty policy)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256) (default null)]\n"); |
|
+ printf("\t[-halg\t(sha256) (default null)]\n"); |
|
printf("\n"); |
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); |
|
printf("\t01\tcontinue\n"); |
|
diff --git a/utils/sign.c b/utils/sign.c |
|
index ba2be27..d37f786 100644 |
|
--- a/utils/sign.c |
|
+++ b/utils/sign.c |
|
@@ -123,10 +123,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -474,7 +471,7 @@ static void printUsage(void) |
|
printf("\t-hk\tkey handle\n"); |
|
printf("\t-if\tinput message to hash and sign\n"); |
|
printf("\t[-pwdk\tpassword for key (default empty)]\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); |
|
printf("\t[-scheme signing scheme (rsassa, rsapss, ecdsa, ecdaa, hmac)]\n"); |
|
printf("\t\t(default rsassa, ecdsa, hmac)]\n"); |
|
diff --git a/utils/startauthsession.c b/utils/startauthsession.c |
|
index d47c731..93dc511 100644 |
|
--- a/utils/startauthsession.c |
|
+++ b/utils/startauthsession.c |
|
@@ -88,10 +88,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -291,7 +288,7 @@ static void printUsage(void) |
|
printf("\t\tp Policy session\n"); |
|
printf("\t\tt Trial policy session\n"); |
|
printf("\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384, sha512) (default sha256)]\n"); |
|
printf("\t[-hs\tsalt handle (default TPM_RH_NULL)]\n"); |
|
printf("\t[-bi\tbind handle (default TPM_RH_NULL)]\n"); |
|
printf("\t[-pwdb\tbind password for bind handle (default empty)]\n"); |
|
diff --git a/utils/verifysignature.c b/utils/verifysignature.c |
|
index 57978d5..7603a1f 100644 |
|
--- a/utils/verifysignature.c |
|
+++ b/utils/verifysignature.c |
|
@@ -133,10 +133,7 @@ int main(int argc, char *argv[]) |
|
else if (strcmp(argv[i],"-halg") == 0) { |
|
i++; |
|
if (i < argc) { |
|
- if (strcmp(argv[i],"sha1") == 0) { |
|
- halg = TPM_ALG_SHA1; |
|
- } |
|
- else if (strcmp(argv[i],"sha256") == 0) { |
|
+ if (strcmp(argv[i],"sha256") == 0) { |
|
halg = TPM_ALG_SHA256; |
|
} |
|
else if (strcmp(argv[i],"sha384") == 0) { |
|
@@ -473,7 +470,7 @@ static void printUsage(void) |
|
printf("\n"); |
|
printf("\t[-tk\tticket file name (requires -hk)]\n"); |
|
printf("\n"); |
|
- printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n"); |
|
+ printf("\t[-halg\t(sha256, sha384 sha512) (default sha256)]\n"); |
|
printf("\n"); |
|
printf("\t[Asymmetric Key Algorithm]\n"); |
|
printf("\n"); |
|
-- |
|
2.34.1 |
|
|
|
|