joshuagl/enforcenonce.diff

## enforcenonce.diff
diff -rub ibmtpm1119-orig/src/SessionProcess.c ibmtpm1119/src/SessionProcess.c
--- ibmtpm1119-orig/src/SessionProcess.c	2017-07-20 18:27:34.000000000 +0000
+++ ibmtpm1119/src/SessionProcess.c	2019-03-11 17:02:25.412991681 +0000
@@ -1451,6 +1451,10 @@
 		    // be used for authorization, audit or encrypt/decrypt.
 		    if(session->attributes.isTrialPolicy == SET)
 			return TPM_RCS_ATTRIBUTES + errorIndex;
+
+		    if (s_nonceCaller[sessionIndex].t.size > session->nonceTPM.b.size)
+		        return TPM_RC_NONCE;
+
 		    // See if the session is bound to a DA protected entity
 		    // NOTE: Since a policy session is never bound, a policy is still
 		    // usable even if the object is DA protected and the TPM is in
	diff -rub ibmtpm1119-orig/src/SessionProcess.c ibmtpm1119/src/SessionProcess.c
	--- ibmtpm1119-orig/src/SessionProcess.c 2017-07-20 18:27:34.000000000 +0000
	+++ ibmtpm1119/src/SessionProcess.c 2019-03-11 17:02:25.412991681 +0000
	@@ -1451,6 +1451,10 @@
	// be used for authorization, audit or encrypt/decrypt.
	if(session->attributes.isTrialPolicy == SET)
	return TPM_RCS_ATTRIBUTES + errorIndex;
	+
	+ if (s_nonceCaller[sessionIndex].t.size > session->nonceTPM.b.size)
	+ return TPM_RC_NONCE;
	+
	// See if the session is bound to a DA protected entity
	// NOTE: Since a policy session is never bound, a policy is still
	// usable even if the object is DA protected and the TPM is in