|
|
ec8dc5 |
From 2e7839b905f7a493f739d36e3e550e0cee30049e Mon Sep 17 00:00:00 2001
|
|
|
ec8dc5 |
From: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
|
ec8dc5 |
Date: Thu, 7 May 2020 19:12:36 +0200
|
|
|
ec8dc5 |
Subject: [PATCH] Refactor fix_esys_hierarchies()
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
Refactor fix_esys_hierarchies() to return an actual TSS2_RC return code
|
|
|
ec8dc5 |
and have an output parameter.
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
Signed-off-by: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
|
ec8dc5 |
---
|
|
|
ec8dc5 |
lib/tpm2.c | 88 +++++++++++++++++++++++++++++----------
|
|
|
ec8dc5 |
lib/tpm2.h | 2 +-
|
|
|
ec8dc5 |
tools/tpm2_loadexternal.c | 9 +++-
|
|
|
ec8dc5 |
3 files changed, 75 insertions(+), 24 deletions(-)
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
diff --git a/lib/tpm2.c b/lib/tpm2.c
|
|
|
ec8dc5 |
index 909a4422339d..744fed8c529f 100644
|
|
|
ec8dc5 |
--- a/lib/tpm2.c
|
|
|
ec8dc5 |
+++ b/lib/tpm2.c
|
|
|
ec8dc5 |
@@ -645,39 +645,51 @@ tool_rc tpm2_evictcontrol(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
}
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
/* This function addresses ESAPI change that changes parameter type from
|
|
|
ec8dc5 |
- * Esys_TR to TPMI_RH_HIERARCHY and breaks backwards compatibility.
|
|
|
ec8dc5 |
+ * Esys_TR to TPMI_RH_HIERARCHY or TPMI_RH_ENABLES and breaks backwards
|
|
|
ec8dc5 |
+ * compatibility.
|
|
|
ec8dc5 |
* To keep the tools parameters consistent after v4.0 release we need to
|
|
|
ec8dc5 |
* map the values to appropriate type based on the version of the ESYS API.
|
|
|
ec8dc5 |
* Note: the mapping is based on the ESYS version recognized at compile time.
|
|
|
ec8dc5 |
* The TSS change can be found here:
|
|
|
ec8dc5 |
* https://github.com/tpm2-software/tpm2-tss/pull/1531
|
|
|
ec8dc5 |
*/
|
|
|
ec8dc5 |
-uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy)
|
|
|
ec8dc5 |
+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out)
|
|
|
ec8dc5 |
{
|
|
|
ec8dc5 |
#if defined(ESYS_3_0)
|
|
|
ec8dc5 |
- switch (hierarchy) {
|
|
|
ec8dc5 |
+ switch (in) {
|
|
|
ec8dc5 |
case ESYS_TR_RH_NULL:
|
|
|
ec8dc5 |
+ /* FALLTHRU */
|
|
|
ec8dc5 |
case ESYS_TR_RH_OWNER:
|
|
|
ec8dc5 |
+ /* FALLTHRU */
|
|
|
ec8dc5 |
case ESYS_TR_RH_ENDORSEMENT:
|
|
|
ec8dc5 |
+ /* FALLTHRU */
|
|
|
ec8dc5 |
case ESYS_TR_RH_PLATFORM:
|
|
|
ec8dc5 |
+ /* FALLTHRU */
|
|
|
ec8dc5 |
case ESYS_TR_RH_PLATFORM_NV:
|
|
|
ec8dc5 |
- return hierarchy;
|
|
|
ec8dc5 |
+ *out = in;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
case TPM2_RH_NULL:
|
|
|
ec8dc5 |
- return ESYS_TR_RH_NULL;
|
|
|
ec8dc5 |
+ *out = ESYS_TR_RH_NULL;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
case TPM2_RH_OWNER:
|
|
|
ec8dc5 |
- return ESYS_TR_RH_OWNER;
|
|
|
ec8dc5 |
+ *out = ESYS_TR_RH_OWNER;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
case TPM2_RH_ENDORSEMENT:
|
|
|
ec8dc5 |
- return ESYS_TR_RH_ENDORSEMENT;
|
|
|
ec8dc5 |
+ *out = ESYS_TR_RH_ENDORSEMENT;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
case TPM2_RH_PLATFORM:
|
|
|
ec8dc5 |
- return ESYS_TR_RH_PLATFORM;
|
|
|
ec8dc5 |
+ *out = ESYS_TR_RH_PLATFORM;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
case TPM2_RH_PLATFORM_NV:
|
|
|
ec8dc5 |
- return ESYS_TR_RH_PLATFORM_NV;
|
|
|
ec8dc5 |
+ *out = ESYS_TR_RH_PLATFORM_NV;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
default:
|
|
|
ec8dc5 |
- LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", hierarchy);
|
|
|
ec8dc5 |
- return 0xffffffff;
|
|
|
ec8dc5 |
+ LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", in);
|
|
|
ec8dc5 |
+ return TSS2_ESYS_RC_BAD_VALUE;
|
|
|
ec8dc5 |
}
|
|
|
ec8dc5 |
#elif defined(ESYS_2_3)
|
|
|
ec8dc5 |
- return hierarchy;
|
|
|
ec8dc5 |
+ *out = in;
|
|
|
ec8dc5 |
+ return TSS2_RC_SUCCESS;
|
|
|
ec8dc5 |
#else
|
|
|
ec8dc5 |
#error "Need to define either ESYS_3_0 or ESYS_2_3"
|
|
|
ec8dc5 |
#endif
|
|
|
ec8dc5 |
@@ -688,8 +700,14 @@ tool_rc tpm2_hash(ESYS_CONTEXT *esys_context, ESYS_TR shandle1, ESYS_TR shandle2
|
|
|
ec8dc5 |
TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **out_hash,
|
|
|
ec8dc5 |
TPMT_TK_HASHCHECK **validation) {
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
- TSS2_RC rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data,
|
|
|
ec8dc5 |
- hash_alg, fix_esys_hierarchy(hierarchy), out_hash, validation);
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data,
|
|
|
ec8dc5 |
+ hash_alg, hierarchy, out_hash, validation);
|
|
|
ec8dc5 |
if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
LOG_PERR(Esys_Hash, rval);
|
|
|
ec8dc5 |
return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
@@ -729,9 +747,15 @@ tool_rc tpm2_sequence_complete(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **result,
|
|
|
ec8dc5 |
TPMT_TK_HASHCHECK **validation) {
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
- TSS2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
|
ec8dc5 |
ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, buffer,
|
|
|
ec8dc5 |
- fix_esys_hierarchy(hierarchy), result, validation);
|
|
|
ec8dc5 |
+ hierarchy, result, validation);
|
|
|
ec8dc5 |
if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
LOG_PERR(Esys_SequenceComplete, rval);
|
|
|
ec8dc5 |
return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
@@ -1161,8 +1185,14 @@ tool_rc tpm2_hierarchycontrol(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
return rc;
|
|
|
ec8dc5 |
}
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
- TSS2_RC rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle,
|
|
|
ec8dc5 |
- shandle, ESYS_TR_NONE, ESYS_TR_NONE, fix_esys_hierarchy(enable), state);
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(enable, &enable);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle,
|
|
|
ec8dc5 |
+ shandle, ESYS_TR_NONE, ESYS_TR_NONE, enable, state);
|
|
|
ec8dc5 |
if (rval != TPM2_RC_SUCCESS && rval != TPM2_RC_INITIALIZE) {
|
|
|
ec8dc5 |
LOG_PERR(Esys_HierarchyControl, rval);
|
|
|
ec8dc5 |
return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
@@ -1257,9 +1287,17 @@ tool_rc tpm2_hmac_sequencecomplete(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
return rc;
|
|
|
ec8dc5 |
}
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
- TPM2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
|
ec8dc5 |
+ uint32_t hierarchy;
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(TPM2_RH_NULL, &hierarchy);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
|
ec8dc5 |
hmac_key_obj_shandle, ESYS_TR_NONE, ESYS_TR_NONE, input_buffer,
|
|
|
ec8dc5 |
- fix_esys_hierarchy(TPM2_RH_NULL), result, validation);
|
|
|
ec8dc5 |
+ hierarchy, result, validation);
|
|
|
ec8dc5 |
if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
LOG_PERR(Esys_HMAC, rval);
|
|
|
ec8dc5 |
return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
@@ -1913,9 +1951,15 @@ tool_rc tpm2_loadexternal(ESYS_CONTEXT *ectx, const TPM2B_SENSITIVE *private,
|
|
|
ec8dc5 |
const TPM2B_PUBLIC *public, TPMI_RH_HIERARCHY hierarchy,
|
|
|
ec8dc5 |
ESYS_TR *object_handle) {
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
- TSS2_RC rval = Esys_LoadExternal(ectx,
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
+ rval = Esys_LoadExternal(ectx,
|
|
|
ec8dc5 |
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
|
|
|
ec8dc5 |
- private, public, fix_esys_hierarchy(hierarchy),
|
|
|
ec8dc5 |
+ private, public, hierarchy,
|
|
|
ec8dc5 |
object_handle);
|
|
|
ec8dc5 |
if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
LOG_PERR(Esys_LoadExternal, rval);
|
|
|
ec8dc5 |
diff --git a/lib/tpm2.h b/lib/tpm2.h
|
|
|
ec8dc5 |
index a37e05606c7a..2e4ae5e7dddc 100644
|
|
|
ec8dc5 |
--- a/lib/tpm2.h
|
|
|
ec8dc5 |
+++ b/lib/tpm2.h
|
|
|
ec8dc5 |
@@ -389,7 +389,7 @@ tool_rc tpm2_policy_nv_written(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
ESYS_TR policy_session, ESYS_TR shandle1, ESYS_TR shandle2,
|
|
|
ec8dc5 |
ESYS_TR shandle3, TPMI_YES_NO written_set);
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
-uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy);
|
|
|
ec8dc5 |
+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out);
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
tool_rc tpm2_certifycreation(ESYS_CONTEXT *esys_context,
|
|
|
ec8dc5 |
tpm2_loaded_object *signingkey_obj, tpm2_loaded_object *certifiedkey_obj,
|
|
|
ec8dc5 |
diff --git a/tools/tpm2_loadexternal.c b/tools/tpm2_loadexternal.c
|
|
|
ec8dc5 |
index 70fb72877aae..4127ca1b524b 100644
|
|
|
ec8dc5 |
--- a/tools/tpm2_loadexternal.c
|
|
|
ec8dc5 |
+++ b/tools/tpm2_loadexternal.c
|
|
|
ec8dc5 |
@@ -48,9 +48,16 @@ static tpm_loadexternal_ctx ctx = {
|
|
|
ec8dc5 |
static tool_rc load_external(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *pub,
|
|
|
ec8dc5 |
TPM2B_SENSITIVE *priv, bool has_priv, TPM2B_NAME **name) {
|
|
|
ec8dc5 |
|
|
|
ec8dc5 |
+ uint32_t hierarchy;
|
|
|
ec8dc5 |
+ TSS2_RC rval = fix_esys_hierarchy(ctx.hierarchy_value, &hierarchy);
|
|
|
ec8dc5 |
+ if (rval != TSS2_RC_SUCCESS) {
|
|
|
ec8dc5 |
+ LOG_ERR("Unknown hierarchy");
|
|
|
ec8dc5 |
+ return tool_rc_from_tpm(rval);
|
|
|
ec8dc5 |
+ }
|
|
|
ec8dc5 |
+
|
|
|
ec8dc5 |
tool_rc rc = tpm2_loadexternal(ectx,
|
|
|
ec8dc5 |
has_priv ? priv : NULL, pub,
|
|
|
ec8dc5 |
- fix_esys_hierarchy(ctx.hierarchy_value), &ctx.handle);
|
|
|
ec8dc5 |
+ hierarchy, &ctx.handle);
|
|
|
ec8dc5 |
if (rc != tool_rc_success) {
|
|
|
ec8dc5 |
return rc;
|
|
|
ec8dc5 |
}
|
|
|
ec8dc5 |
--
|
|
|
ec8dc5 |
2.27.0
|
|
|
ec8dc5 |
|