Projects
openEuler:Mainline
tpm2-tss
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:tpm2-tss.spec
Changed
@@ -1,12 +1,15 @@ Name: tpm2-tss -Version: 3.1.0 -Release: 1 +Version: 3.2.1 +Release: 2 Summary: TPM2.0 Software Stack -License: BSD and TCGL +License: BSD URL: https://github.com/tpm2-software/tpm2-tss Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz +Patch1: backport-CVE-2023-22745.patch + BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen json-c-devel libcurl-devel +BuildRequires: curl >= 7.80.0 %description tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system @@ -69,6 +72,18 @@ %{_mandir}/man*/* %changelog +* Tue Jan 31 2023 huangzq6 <huangzhenqiang2@huawei.com> - 3.2.1-2 +- Type:CVE +- ID:NA +- SUG:NA +- DESC:fix CVE-2023-22745 + +* Fri Dec 23 2022 jinlun <jinlun@huawei.com> - 3.2.1-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update version to 3.2.1 + * Sat Jan 29 2022 panxiaohe <panxh.life@foxmail.com> - 3.1.0-1 - Type:enhancement - ID:NA
View file
_service:tar_scm:backport-CVE-2023-22745.patch
Added
@@ -0,0 +1,139 @@ +From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001 +From: William Roberts <william.c.roberts@intel.com> +Date: Thu, 19 Jan 2023 11:53:06 -0600 +Subject: PATCH tss2_rc: ensure layer number is in bounds + +The layer handler array was defined as 255, the max number of uint8, +which is the size of the layer field, however valid values are 0-255 +allowing for 256 possibilities and thus the array was off by one and +needed to be sized to 256 entries. Update the size and add tests. + +Note: previous implementations incorrectly dropped bits on unknown error +output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF, +but earlier implementations returned 255:0xFFFF, dropping the middle +bits, this patch fixes that. + +Fixes: CVE-2023-22745 + +Signed-off-by: William Roberts <william.c.roberts@intel.com> +--- + src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++---------- + test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++- + 2 files changed, 41 insertions(+), 11 deletions(-) + +diff --git a/src/tss2-rc/tss2_rc.c b/src/tss2-rc/tss2_rc.c +index 15ced56..4e14659 100644 +--- a/src/tss2-rc/tss2_rc.c ++++ b/src/tss2-rc/tss2_rc.c +@@ -1,5 +1,8 @@ + /* SPDX-License-Identifier: BSD-2-Clause */ +- ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++#include <assert.h> + #include <stdarg.h> + #include <stdbool.h> + #include <stdio.h> +@@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc) + static struct { + char nameTSS2_ERR_LAYER_NAME_MAX; + TSS2_RC_HANDLER handler; +-} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT = { ++} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT + 1 = { + ADD_HANDLER("tpm" , tpm2_ehandler), + ADD_NULL_HANDLER, /* layer 1 is unused */ + ADD_NULL_HANDLER, /* layer 2 is unused */ +@@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc) + static __thread char buf32; + + clearbuf(buf); +- catbuf(buf, "0x%X", tpm2_error_get(rc)); ++ catbuf(buf, "0x%X", rc); + + return buf; + } +@@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc) + catbuf(buf, "%u:", layer); + } + +- handler = !handler ? unknown_layer_handler : handler; +- + /* + * Handlers only need the error bits. This way they don't + * need to concern themselves with masking off the layer + * bits or anything else. + */ +- UINT16 err_bits = tpm2_error_get(rc); +- const char *e = err_bits ? handler(err_bits) : "success"; +- if (e) { +- catbuf(buf, "%s", e); ++ if (handler) { ++ UINT16 err_bits = tpm2_error_get(rc); ++ const char *e = err_bits ? handler(err_bits) : "success"; ++ if (e) { ++ catbuf(buf, "%s", e); ++ } else { ++ catbuf(buf, "0x%X", err_bits); ++ } + } else { +- catbuf(buf, "0x%X", err_bits); ++ /* ++ * we don't want to drop any bits if we don't know what to do with it ++ * so drop the layer byte since we we already have that. ++ */ ++ const char *e = unknown_layer_handler(rc >> 8); ++ assert(e); ++ catbuf(buf, "%s", e); + } + + return buf; +diff --git a/test/unit/test_tss2_rc.c b/test/unit/test_tss2_rc.c +index f4249b7..6d8428b 100644 +--- a/test/unit/test_tss2_rc.c ++++ b/test/unit/test_tss2_rc.c +@@ -199,7 +199,7 @@ test_custom_handler(void **state) + * Test an unknown layer + */ + e = Tss2_RC_Decode(rc); +- assert_string_equal(e, "1:0x2A"); ++ assert_string_equal(e, "1:0x100"); + } + + static void +@@ -282,6 +282,23 @@ test_tcti(void **state) + assert_string_equal(e, "tcti:Fails to connect to next lower layer"); + } + ++static void ++test_all_FFs(void **state) ++{ ++ (void) state; ++ ++ const char *e = Tss2_RC_Decode(0xFFFFFFFF); ++ assert_string_equal(e, "255:0xFFFFFF"); ++} ++ ++static void ++test_all_FFs_set_handler(void **state) ++{ ++ (void) state; ++ Tss2_RC_SetHandler(0xFF, "garbage", custom_err_handler); ++ Tss2_RC_SetHandler(0xFF, NULL, NULL); ++} ++ + /* link required symbol, but tpm2_tool.c declares it AND main, which + * we have a main below for cmocka tests. + */ +@@ -313,6 +330,8 @@ main(int argc, char* argv) + cmocka_unit_test(test_esys), + cmocka_unit_test(test_mu), + cmocka_unit_test(test_tcti), ++ cmocka_unit_test(test_all_FFs), ++ cmocka_unit_test(test_all_FFs_set_handler) + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +-- +2.27.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/tpm2-tss.git</param> - <param name="revision">ed18ca5b9e716729dcb60faacfe7c2e1e0f57034</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/tss2-esys.vcxproj.filters
Deleted
@@ -1,411 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> - <ItemGroup> - <Filter Include="Source Files"> - <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> - <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> - </Filter> - <Filter Include="Header Files"> - <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> - <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions> - </Filter> - <Filter Include="Resource Files"> - <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> - <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> - </Filter> - </ItemGroup> - <ItemGroup> - <ClCompile Include="esys_context.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="esys_crypto.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="esys_iutil.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="esys_mu.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="esys_tr.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ActivateCredential.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Certify.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_CertifyCreation.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ChangeEPS.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ChangePPS.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Clear.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ClearControl.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ClockRateAdjust.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ClockSet.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Commit.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ContextLoad.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ContextSave.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Create.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_CreateLoaded.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_CreatePrimary.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_DictionaryAttackLockReset.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_DictionaryAttackParameters.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Duplicate.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ECC_Parameters.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ECDH_KeyGen.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_ECDH_ZGen.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_EC_Ephemeral.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_EncryptDecrypt.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_EncryptDecrypt2.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_EventSequenceComplete.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_EvictControl.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_FieldUpgradeData.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_FieldUpgradeStart.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_FirmwareRead.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_FlushContext.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetCapability.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetCommandAuditDigest.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetRandom.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetSessionAuditDigest.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetTestResult.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_GetTime.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Hash.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_HashSequenceStart.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_HierarchyChangeAuth.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_HierarchyControl.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_HMAC.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_HMAC_Start.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Import.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_IncrementalSelfTest.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_Load.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_LoadExternal.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_MakeCredential.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_Certify.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_ChangeAuth.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_DefineSpace.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_Extend.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_GlobalWriteLock.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_Increment.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_Read.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_ReadLock.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="api\Esys_NV_ReadPublic.c"> - <Filter>Source Files</Filter>
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tss2-tcti-mssim.vcxproj.filters
Deleted
@@ -1,51 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> - <ItemGroup> - <Filter Include="Source Files"> - <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> - <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> - </Filter> - <Filter Include="Header Files"> - <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> - <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions> - </Filter> - <Filter Include="Resource Files"> - <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> - <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> - </Filter> - </ItemGroup> - <ItemGroup> - <ClCompile Include="tcti-common.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="tcti-mssim.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\util\io.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\util\log.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\util\key-value-parse.c"> - <Filter>Source Files</Filter> - </ClCompile> - </ItemGroup> - <ItemGroup> - <ClInclude Include="tcti-common.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="tcti-mssim.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="..\util\io.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="..\util\log.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="..\util\key-value-parse.h"> - <Filter>Header Files</Filter> - </ClInclude> - </ItemGroup> -</Project> \ No newline at end of file
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tss2-tcti-tbs.vcxproj.filters
Deleted
@@ -1,39 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> - <ItemGroup> - <Filter Include="Source Files"> - <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> - <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> - </Filter> - <Filter Include="Header Files"> - <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> - <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions> - </Filter> - <Filter Include="Resource Files"> - <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> - <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> - </Filter> - </ItemGroup> - <ItemGroup> - <ClCompile Include="tcti-common.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="tcti-tbs.c"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\util\log.c"> - <Filter>Source Files</Filter> - </ClCompile> - </ItemGroup> - <ItemGroup> - <ClInclude Include="tcti-common.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="tcti-tbs.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="..\util\log.h"> - <Filter>Header Files</Filter> - </ClInclude> - </ItemGroup> -</Project> \ No newline at end of file
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/AUTHORS -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/AUTHORS
Changed
@@ -11,12 +11,14 @@ Gang Wei <gang.wei@intel.com> Дилян Палаузов <git-dpa@aegee.org> John Andersen <john.s.andersen@intel.com> +Johannes Holland <johannes.holland@infineon.com> +Petr Gotthard <petr.gotthard@centrum.cz> Peter Huewe <peterhuewe@gmx.de> Will-nuc <will.c.arthur@intel.com> dantpm <daniel.anderson@intel.com> +Juergen Repp <juergen_repp@web.de> unknown <wcarthur@wcarthur-MOBL4.amr.corp.intel.com> Will Arthur <will.c.arthur@intel.com> -Johannes Holland <johannes.holland@infineon.com> Gang(Jimmy) Wei <gang.wei@intel.com> hp <hui.pheng.teh@intel.com> Christian Plappert <christian.plappert@sit.fraunhofer.de> @@ -32,11 +34,17 @@ Javier Martinez Canillas <javierm@redhat.com> manuknz <jmmg01@hotmail.com> Kristen Carlson Accardi <kristen@linux.intel.com> +Erik Larsson <who+github@cnackers.org> danintel <daniel.anderson@intel.com> Pieter Agten <pieter.agten@gmail.com> Philip Tricca <flihp@twobit.org> +malikabhi05 <abhishek.malik@intel.com> Lukas Jäger <lukas.jaeger@sit.fraunhofer.de> +Jonas Witschel <git@diabonas.de> joholl <joh.ho@gmx.de> +JerryDevis <857869045@qq.com> +Imran Desai <imran.desai@intel.com> +ihsinme <ihsinme@gmail.com> Dominic Grauvogl <dominicmanuel.grauvogl@infineon.com> Davide Guerri <dguerri@fb.com> AntiCat <github@anticat.ch> @@ -53,10 +61,11 @@ Juergen Repp <repp@pc-repp.sit.fraunhofer.de> John Andersen <johnandersenpdx@gmail.com> Joe Richey <joerichey@google.com> +Jesper Brynolf <jesper.brynolf@gmail.com> Jerry Snitselaar <jsnitsel@redhat.com> -Imran Desai <imran.desai@intel.com> +JerryDevis <seclab@huawei.com> +Geoff Thorpe <geoffrey@twosigma.com> Fabrice Fontaine <fontaine.fabrice@gmail.com> -Erik Larsson <who+github@cnackers.org> Erez Geva <ErezGeva2@gmail.com> Dan Robertson <daniel.robertson@starlab.io> 刘群 <qunliu@zyhx-group.com> @@ -64,13 +73,16 @@ yfeng <yu.feng@windriver.com> wcarthur <willarthur1@gmail.com> Torben Woltjen <torben_w.dev@gmx.de> +Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Thomas Furtner <t.furtner@gmail.com> Stefan Thom <mail@LordOfDorks.com> Seunghun Han <kkamagui@gmail.com> Safayet Ahmed <Safayet.Ahmed@ge.com> root <will.c.arthur@intel.com> Richard Yoo <ryoo@google.com> +Peter Huewe <Peter.Huewe@infineon.com> Patrick McCarty <patrick.mccarty@intel.com> +orbea <orbea@riseup.net> Michael Nix <mchl.nix@googlemail.com> Matthias Gerstner <matthias.gerstner@suse.de> Matthew Dempsky <matthew@dempsky.org> @@ -85,12 +97,13 @@ joselacour11@hotmail.com <joselacour11@hotmail.com> Jia Zhang <zhang.jia@linux.alibaba.com> Jian-Ding Chen (timchen119) <tim.chen119@canonical.com> -ihsinme <ihsinme@gmail.com> +Issam E. Maghni <issam.e.maghni@mailbox.org> genofire <geno+dev@fireorbit.de> Doug Goldstein <cardoe@cardoe.com> Dominic Manuel Grauvogl <dominicmanuel.grauvogl@infineon.com> Dimitar Tomov <dimi@tpm.dev> Diego Santa Cruz <Diego.SantaCruz@spinetix.com> +David Korczynski <david@adalogics.com> Davide Guerri <davide.guerri@gmail.com> Dan Anderson <daniel.anderson@intel.com> Bryon Nevis <bryon.nevis@intel.com> @@ -98,3 +111,5 @@ Bastian <bastian.fraune@hs-bremen.de> Armin Kuster <akuster@mvista.com> Alexander Kjäll <alexander.kjall@gmail.com> +Abdulmajeed <abdulmajeed1922@gmail.com> +aaronUniontech <zhangya@uniontech.com>
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/CHANGELOG.md -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/CHANGELOG.md
Changed
@@ -3,6 +3,85 @@ The format is based on Keep a Changelog(http://keepachangelog.com/) +## 3.2.1 - 2022-12-12 +### Fixed +- Makefile.am: make all EXTRA_DIST includes unconditional to fix pristine tars +- Fix usage of NULL pointer if Esys_TR_SetAuth is calles with ESYS_TR_NONE. +- Store VERSION into the release tarball. +- fapi: fix usage of policy_nv with a TPM nv index. +- Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea handle and not as parameter one, this affected the contents of cpHash. +- linking tcti for libtpms against tss2-tctildr. It should be linked against tss2-mu. +- build: Remove erroneous trailing comma in linker option. Bug #2391. +- esys: fix allow usage of HMAC sessions for Esys_TR_FromTPMPublic. +- test: build with opaque FILE structure like in musl libc. +- Usage of a second profile in a path was not possible because the default profile was always used. +- FAPI: Fix provisioning if auth value for storage hierarchy was set. +- FAPI: Fix recreation of EK. +- FAPI: Fix usage of lockout auth value in Fapi_Provison. +- FAPI: Fix loading of key in policy execution. +- FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being reflected across profiles. +- Esys_PCR_SetAuthValue: remembers the auth like other SetAutg ESAPI functions. +- tests: esys-pcr-auth-value.int moved to destructive tests. +- FAPI: Fix double free if keystore is corrupted. +- Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. + This is API breaking but considered a bug since it deviated from the FAPI spec. + +## 3.2.0 - 2022-02-18 +### Fixed +- FAPI: fix curl_url_set call +- FAPI: Fix usage of curl url (Should fix Ubuntu 22.04) +- Fix buffer upcast leading to misalignment +- Fix check whether SM3 is available +- Update git.mk to support R/O src-dir +- Fixed file descriptor leak when tcti initialization failed. +- 32 Bit builds of the integration tests. +- Primary key creation, in some cases the unique field was not cleared before calling create primary. +- Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. +- Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. +- The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. +- An infinite loop when parsing erroneous JSON was fixed in FAPI. +- A buffer overflow in ESAPI xor parameter obfuscation was fixed. +- Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. +- A double free when executing policy action was fixed. +- A leak in Fapi_Quote was fixed. +- The wrong file locking in FAPI IO was fixed. +- Enable creation of tss group and user on systems with busybox for fapi. +- One fapi integration test did change the auth value of the storage hierarchy. +- A leak in fapi crypto with ossl3 was fixed. +- Add initial camelia support to FAPI +- Fix tests of fapi PCR +- Fix tests of ACT functionality if not supported by pTPM +- Fix compiler (unused) warning when building without debug logging +- Fix leaks in error cases of integration tests +- Fix memory leak after ifapi_init_primary_finish failed +- Fix double-close of stream in FAPI +- Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName +- Fix the authorization of hierarchy objects used in policy secret. +- Fix check of qualifying data in Fapi_VerifyQuote. +- Fix some leaks in FAPI error cases. +- Make scripts compatible with non-posix shells where `test` does not know `-a` and `-o`. +- Fix usage of variable not initialized when fapi keystore is empty. + +### Added +- Add additional IFX root CAs +- Added support for SM2, SM3 and SM4. +- Added support for OpenSSL 3.0.0. +- Added authPolicy field to the TPMU_CAPABILITIES union. +- Added actData field to the TPMU_CAPABILITIES union. +- Added TPM2_CAP_AUTH_POLICIES +- Added TPM2_CAP_ACT constants. +- Added updates to the marshalling and unmarshalling of the TPMU_CAPABILITIES union. +- Added updated to the FAPI serializations and deserializations of the TPMU_CAPABILITIES union and associated types. +- Add CODE_OF_CONDUCT +- tcti-mssim and tcti-swtpm gained support for UDX communication +- Missing constant for TPM2_RH_PW + +### Removed +- Removed support for OpenSSL < 1.1.0. +- Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines as deprecated. + Those were errorous typedefs that are not use and not useful. So we will remove this with 3.3 +- Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead. + ## 3.1.0 - 2021-05-17 ### Fixed - Fixed possible access outside the array in ifapi_calculate_tree.
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/CONTRIBUTING.md -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/CONTRIBUTING.md
Changed
@@ -18,21 +18,39 @@ consider this the window for comments. ## Patch requirements -* All tests must pass on Travis CI for the merge to occur. +* All tests must pass on the CI system for the merge to occur with the exception of + Cirrus. Cirrus failures should be manually evaluated by the maintainer to determine + if it's a blocking failure or intermittent CI issues with Cirrus. * All changes must not introduce superfluous changes or whitespace errors. * All commits should adhere to the git commit message guidelines described here: https://chris.beams.io/posts/git-commit/ with the following exceptions. * We allow commit subject lines up to 80 characters. * Commit subject lines should be prefixed with a string identifying the effected subsystem. If the change is spread over a number of -subsystems then the prefix may be omitted. Recommended prefix for changes to -files in src/tss2-sys is "sys: ", and for changes to files in src/tss2-esys -is "esys: ". +subsystems then the prefix may be omitted. The general guidelines for prefix is to use the +top level directory name, a colon and space. For example, a change to `doc/logging.md` +would be "doc: ". Additional, more specific recommended prefixes are below for files in: + - src/tss2-sys use prefix "sys: " + - src/tss2-esys use prefix "esys: " + - src/tss2-fapi use prefix "fapi: " + - src/tss2-mu use prefix "mu: " + - src/tss2-rc use prefix "rc: " + - src/tss2-tcti use prefix "tcti: ". + - However, "tcti-<subtcti>" should be used to indicate + changes to a specific tcti vs the generic tcti layer. + - to src/util is "util: " + * All contributions must adhere to the Developers Certificate of Origin. The full text of the DCO is here: https://developercertificate.org/. Contributors must add a 'Signed-off-by' line to their commits. This indicates the submitters acceptance of the DCO. ## Guideline for merging changes + +Pull Requests MUST be assigned to an upcoming release tag. If a release milestone does +not exist, the maintainer SHALL create it per the RELEASE.md(RELEASE.md) instructions. +When accepting and merging a change, the maintainer MUST edit the description field for +the release milestone to add the CHANGELOG entry. + Changes must be merged with the "rebase" option on github to avoid merge commits. This provides for a clear linear history.
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/INSTALL.md -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/INSTALL.md
Changed
@@ -14,9 +14,10 @@ * C library development libraries and header files * pkg-config * doxygen -* OpenSSL development libraries and header files +* OpenSSL development libraries and header files, version >= 1.1.0 * libcurl development libraries * Access Control List utility (acl) +* JSON C Development library The following are dependencies only required when building test suites. * Integration test suite (see ./configure option --enable-integration): @@ -52,7 +53,8 @@ doxygen \ libjson-c-dev \ libini-config-dev \ - libcurl-dev + libcurl4-openssl-dev \ + libltdl-dev ``` Note: In some Ubuntu versions, the lcov and autoconf-archive packages are incompatible with each other. It is recommended to download autoconf-archive directly from upstream and copy `ax_code_coverage.m4` and `ax_prog_doxygen.m4` to the `m4/` subdirectory of your tpm2-tss directory. @@ -72,7 +74,6 @@ (tss2-mu.dll) and the system API (tss2-sapi.dll) should be as simple as loading the tpm2-tss solution (tpm2-tss.sln) with a compatible and properly configured version of Visual Studio 2017 and pressing the 'build' button. -Windows build setup requires OpenSSL >= v1.0.2 crypto library. ### References Visual Studio 2017 with "Clang for Windows": https://blogs.msdn.microsoft.com/vcblog/2017/03/07/use-any-c-compiler-with-visual-studio/
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/MAINTAINERS -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/MAINTAINERS
Changed
@@ -1,2 +1,3 @@ Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de> Bill Roberts <william.c.roberts@intel.com> +Juergen Repp <juergen.repp@sit.fraunhofer.de>
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/Makefile-test.am -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/Makefile-test.am
Changed
@@ -3,11 +3,11 @@ # Copyright (c) 2018 Fraunhofer SIT sponsored by Infineon Technologies AG # All rights reserved. -TESTS_CFLAGS = $(AM_CFLAGS) $(LIBCRYPTO_CFLAGS) -I$(srcdir)/src/tss2-mu \ +TESTS_CFLAGS = $(AM_CFLAGS) $(CRYPTO_CFLAGS) -I$(srcdir)/include -I$(srcdir)/src/tss2-mu \ -I$(srcdir)/src/tss2-sys -I$(srcdir)/src/tss2-esys -I$(srcdir)/src/tss2-fapi \ -Wno-unused-parameter -Wno-missing-field-initializers TESTS_LDADD = $(check_LTLIBRARIES) $(lib_LTLIBRARIES) \ - $(LIBCRYPTO_LIBS) $(libutil) + $(CRYPTO_LIBS) $(libutil) check_LTLIBRARIES = # test harness configuration @@ -87,6 +87,10 @@ test/unit/tctildr-nodl \ test/unit/tctildr-tcti \ test/unit/tctildr-getinfo \ + test/unit/dlopen-fail \ + test/unit/dlopen-UINT8-marshal \ + test/unit/dlopen-TPM2B-marshal \ + test/unit/dlopen-TPMU-marshal \ test/unit/UINT8-marshal \ test/unit/UINT16-marshal \ test/unit/UINT32-marshal \ @@ -98,6 +102,7 @@ test/unit/TPMT-marshal \ test/unit/TPMU-marshal \ test/unit/sys-execute \ + test/unit/dlopen_tss2_rc \ test/unit/tss2_rc if ENABLE_TCTI_MSSIM TESTS_UNIT += test/unit/tcti-mssim @@ -105,6 +110,9 @@ if ENABLE_TCTI_SWTPM TESTS_UNIT += test/unit/tcti-swtpm endif +if ENABLE_TCTI_LIBTPMS +TESTS_UNIT += test/unit/tcti-libtpms +endif if ENABLE_TCTI_DEVICE TESTS_UNIT += test/unit/tcti-device endif @@ -181,9 +189,11 @@ test/integration/esys-field-upgrade.int \ test/integration/esys-firmware-read.int \ test/integration/esys-lock.int \ + test/integration/esys-pcr-auth-value.int \ test/integration/esys-set-algorithm-set.int ESYS_TESTS_INTEGRATION_MANDATORY = \ + test/integration/dlopen-esys-get-random.int \ test/integration/esys-act-set-timeout.int \ test/integration/esys-certify-creation.int \ test/integration/esys-certifyX509.int \ @@ -209,6 +219,7 @@ test/integration/esys-event-sequence-complete.int \ test/integration/esys-evict-control-serialization.int \ test/integration/esys-get-capability.int \ + test/integration/esys-get-capability-act.int \ test/integration/esys-get-random.int \ test/integration/esys-hash.int \ test/integration/esys-hashsequencestart.int \ @@ -265,7 +276,6 @@ test/integration/esys-get-time.int \ test/integration/esys-hierarchy-control.int \ test/integration/esys-nv-certify.int \ - test/integration/esys-pcr-auth-value.int \ test/integration/esys-pcr-basic.int \ test/integration/esys-policy-authorize-nv-opt.int \ test/integration/esys-policy-physical-presence-opt.int \ @@ -299,6 +309,7 @@ TESTS_LDADD += $(JSONC_LIBS) TESTS_CFLAGS += -DTOP_SOURCEDIR"=\"$(top_srcdir)\"" FAPI_TESTS_INTEGRATION = \ + test/integration/dlopen-fapi-get-random.fint \ test/integration/fapi-check-wrong-paths.fint \ test/integration/fapi-data-crypt.fint \ test/integration/fapi-data-crypt-persistent.fint \ @@ -311,6 +322,8 @@ test/integration/fapi-get-random.fint \ test/integration/fapi-platform-certificates.fint \ test/integration/fapi-key-create-sign.fint \ + test/integration/fapi-key-create-he-sign.fint \ + test/integration/fapi-key-create-primary-sign.fint \ test/integration/fapi-key-create2-sign.fint \ test/integration/fapi-key-create-null-key-sign.fint \ test/integration/fapi-key-create-sign-persistent-key.fint \ @@ -349,6 +362,7 @@ test/integration/fapi-nv-set-bits.fint \ test/integration/fapi-pcr-test.fint \ test/integration/fapi-quote.fint \ + test/integration/fapi-quote-with-primary.fint \ test/integration/fapi-quote-rsa.fint \ test/integration/fapi-policy-or-nv-read-write.fint \ test/integration/fapi-second-provisioning.fint \ @@ -397,7 +411,7 @@ if ENABLE_TCTI_DEVICE test_unit_tcti_device_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) test_unit_tcti_device_LDADD = $(CMOCKA_LIBS) $(libtss2_mu) $(libutil) -test_unit_tcti_device_LDFLAGS = -Wl,--wrap=read -Wl,--wrap=write, -Wl,--wrap=poll \ +test_unit_tcti_device_LDFLAGS = -Wl,--wrap=read -Wl,--wrap=write -Wl,--wrap=poll \ -Wl,--wrap=open test_unit_tcti_device_SOURCES = test/unit/tcti-device.c \ src/tss2-tcti/tcti-common.c \ @@ -422,11 +436,23 @@ src/tss2-tcti/tcti-swtpm.c src/tss2-tcti/tcti-swtpm.h endif +if ENABLE_TCTI_LIBTPMS +test_unit_tcti_libtpms_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_tcti_libtpms_LDADD = $(CMOCKA_LIBS) $(libtss2_mu) $(libutil) $(LIBADD_DL) +test_unit_tcti_libtpms_LDFLAGS = -Wl,--wrap=dlopen,--wrap=dlclose,--wrap=dlsym \ + -Wl,--wrap=open,--wrap=close,--wrap=mmap,--wrap=mremap,--wrap=munmap \ + -Wl,--wrap=lseek,--wrap=posix_fallocate,--wrap=truncate +test_unit_tcti_libtpms_SOURCES = test/unit/tcti-libtpms.c \ + src/tss2-tcti/tcti-common.c \ + src/tss2-tcti/tcti-libtpms.c src/tss2-tcti/tcti-libtpms.h +endif + if ENABLE_TCTI_PCAP test_unit_tcti_pcap_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) test_unit_tcti_pcap_LDADD = $(CMOCKA_LIBS) $(libtss2_mu) $(libutil) test_unit_tcti_pcap_LDFLAGS = -Wl,--wrap=getenv -Wl,--wrap=rand -Wl,--wrap=clock_gettime \ - -Wl,--wrap=open -Wl,--wrap=read -Wl,--wrap=write -Wl,--wrap=close + -Wl,--wrap=open -Wl,--wrap=read -Wl,--wrap=write -Wl,--wrap=close \ + -Wl,--wrap=__clock_gettime64 test_unit_tcti_pcap_SOURCES = test/unit/tcti-pcap.c \ src/tss2-tcti/tcti-common.c \ src/tss2-tcti/tcti-pcap.c src/tss2-tcti/tcti-pcap.h \ @@ -453,7 +479,7 @@ -UESYS_TCTI_DEFAULT_MODULE -UESYS_TCTI_DEFAUT_CONFIG test_unit_tctildr_dl_LDADD = $(CMOCKA_LIBS) $(TESTS_LDADD) $(LIBADD_DL) test_unit_tctildr_dl_LDFLAGS = -Wl,--wrap=dlopen,--wrap=dlclose,--wrap=dlsym \ - -Wl,--wrap=tcti_from_init,--wrap=tcti_from_info + -Wl,--wrap=tcti_from_init,--wrap=tcti_from_info,--wrap=__dlsym_time64 test_unit_tctildr_dl_SOURCES = test/unit/tctildr-dl.c \ src/tss2-tcti/tctildr-dl.c @@ -502,6 +528,31 @@ test_unit_CopyCommandHeader_SOURCES = test/unit/CopyCommandHeader.c \ src/tss2-sys/sysapi_util.c +test_unit_dlopen_fail_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_dlopen_fail_LDADD = $(CMOCKA_LIBS) +test_unit_dlopen_fail_LDFLAGS = -Wl,--wrap=dlopen,--wrap=dlclose,--wrap=dlsym +test_unit_dlopen_fail_SOURCES = test/unit/dlopen-fail.c \ + tss2-dlopen/tss2-dlopen-tctildr.c \ + tss2-dlopen/tss2-dlopen-rc.c \ + tss2-dlopen/tss2-dlopen-mu.c \ + tss2-dlopen/tss2-dlopen-esys.c \ + tss2-dlopen/tss2-dlopen-fapi.c + +test_unit_dlopen_UINT8_marshal_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_dlopen_UINT8_marshal_LDADD = $(CMOCKA_LIBS) $(LIBADD_DL) $(libtss2_mu) +test_unit_dlopen_UINT8_marshal_SOURCES = test/unit/UINT8-marshal.c \ + tss2-dlopen/tss2-dlopen-mu.c + +test_unit_dlopen_TPM2B_marshal_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_dlopen_TPM2B_marshal_LDADD = $(CMOCKA_LIBS) $(LIBADD_DL) $(libtss2_mu) +test_unit_dlopen_TPM2B_marshal_SOURCES = test/unit/TPM2B-marshal.c \ + tss2-dlopen/tss2-dlopen-mu.c + +test_unit_dlopen_TPMU_marshal_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_dlopen_TPMU_marshal_LDADD = $(CMOCKA_LIBS) $(LIBADD_DL) $(libtss2_mu) +test_unit_dlopen_TPMU_marshal_SOURCES = test/unit/TPMU-marshal.c \ + tss2-dlopen/tss2-dlopen-mu.c + test_unit_UINT8_marshal_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) test_unit_UINT8_marshal_LDADD = $(CMOCKA_LIBS) $(libtss2_mu) @@ -541,6 +592,11 @@ test_unit_tss2_rc_LDADD = $(CMOCKA_LIBS) $(libtss2_rc) $(libtss2_sys) test_unit_tss2_rc_SOURCES = test/unit/test_tss2_rc.c +test_unit_dlopen_tss2_rc_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) +test_unit_dlopen_tss2_rc_LDADD = $(CMOCKA_LIBS) $(LIBADD_DL) $(libtss2_rc) $(libtss2_sys) +test_unit_dlopen_tss2_rc_SOURCES = test/unit/test_tss2_rc.c \ + tss2-dlopen/tss2-dlopen-rc.c + if ESYS test_unit_esys_context_null_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) $(TSS2_ESYS_CFLAGS_CRYPTO) test_unit_esys_context_null_LDADD = $(CMOCKA_LIBS) $(TESTS_LDADD) @@ -608,14 +664,19 @@ test_unit_fapi_json_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) test_unit_fapi_json_LDADD = $(CMOCKA_LIBS) $(TESTS_LDADD) -test_unit_fapi_json_LDFLAGS = $(TESTS_LDFLAGS) -ljson-c +test_unit_fapi_json_LDFLAGS = $(TESTS_LDFLAGS) $(CURL_LIBS) -ljson-c test_unit_fapi_json_SOURCES = test/unit/fapi-json.c \ src/tss2-fapi/ifapi_json_deserialize.c \ src/tss2-fapi/ifapi_json_serialize.c \ src/tss2-fapi/ifapi_policy_json_deserialize.c \ src/tss2-fapi/ifapi_policy_json_serialize.c \ src/tss2-fapi/tpm_json_deserialize.c \ - src/tss2-fapi/tpm_json_serialize.c + src/tss2-fapi/tpm_json_serialize.c \ + src/tss2-fapi/ifapi_helpers.c \ + src/tss2-fapi/fapi_crypto.c \ + src/tss2-fapi/ifapi_eventlog.c \
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/Makefile.am -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/Makefile.am
Changed
@@ -9,7 +9,7 @@ INCLUDE_DIRS = -I$(srcdir)/src -I$(srcdir)/include/tss2 ACLOCAL_AMFLAGS = -I m4 --install AM_CFLAGS = $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(CODE_COVERAGE_CFLAGS) \ - $(SANITIZER_CFLAGS) + $(SANITIZER_CFLAGS) -DINTERNALBUILD=1 AM_LDFLAGS = $(EXTRA_LDFLAGS) $(CODE_COVERAGE_LIBS) $(SANITIZER_LDFLAGS) # Initialize empty variables to be extended throughout @@ -207,7 +207,8 @@ LICENSE \ MAINTAINERS \ README.md \ - RELEASE.md + RELEASE.md \ + VERSION # Windows code / core build files EXTRA_DIST += \ @@ -216,9 +217,16 @@ src/tss2-tcti/tcti-tbs.c \ src/tss2-tcti/tcti-tbs.h \ src/tss2-tcti/tss2-tcti-tbs.vcxproj \ - src/tss2-tcti/tss2-tcti-tbs.vcxproj.filters \ tpm2-tss.sln +# tss2-dlopen wrappers +EXTRA_DIST += \ + tss2-dlopen/tss2-dlopen-rc.c \ + tss2-dlopen/tss2-dlopen-tctildr.c \ + tss2-dlopen/tss2-dlopen-mu.c \ + tss2-dlopen/tss2-dlopen-esys.c \ + tss2-dlopen/tss2-dlopen-fapi.c + # Generate the AUTHORS file from git log AUTHORS : $(AM_V_GEN)git log --format='%aN <%aE>' | grep -v 'users.noreply.github.com' | sort | \ @@ -285,7 +293,6 @@ tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_device.h lib_LTLIBRARIES += $(libtss2_tcti_device) pkgconfig_DATA += lib/tss2-tcti-device.pc -EXTRA_DIST += lib/tss2-tcti-device.map if HAVE_LD_VERSION_SCRIPT src_tss2_tcti_libtss2_tcti_device_la_LDFLAGS = -Wl,--version-script=$(srcdir)/lib/tss2-tcti-device.map @@ -295,6 +302,7 @@ src/tss2-tcti/tcti-common.c \ src/tss2-tcti/tcti-device.c endif # ENABLE_TCTI_DEVICE +EXTRA_DIST += lib/tss2-tcti-device.map # tcti library for swtpm if ENABLE_TCTI_SWTPM @@ -302,7 +310,6 @@ tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_swtpm.h lib_LTLIBRARIES += $(libtss2_tcti_swtpm) pkgconfig_DATA += lib/tss2-tcti-swtpm.pc -EXTRA_DIST += lib/tss2-tcti-swtpm.map lib/tss2-tcti-swtpm.def src/tss2-tcti/tss2-tcti-swtpm.vcxproj if HAVE_LD_VERSION_SCRIPT src_tss2_tcti_libtss2_tcti_swtpm_la_LDFLAGS = -Wl,--version-script=$(srcdir)/lib/tss2-tcti-swtpm.map @@ -313,6 +320,7 @@ src/tss2-tcti/tcti-swtpm.c \ src/tss2-tcti/tcti-swtpm.h endif # ENABLE_TCTI_SWTPM +EXTRA_DIST += lib/tss2-tcti-swtpm.map lib/tss2-tcti-swtpm.def src/tss2-tcti/tss2-tcti-swtpm.vcxproj # tcti library for Microsoft TPM2 simulator if ENABLE_TCTI_MSSIM @@ -320,10 +328,6 @@ tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_mssim.h lib_LTLIBRARIES += $(libtss2_tcti_mssim) pkgconfig_DATA += lib/tss2-tcti-mssim.pc -EXTRA_DIST += lib/tss2-tcti-mssim.map \ - lib/tss2-tcti-mssim.def \ - src/tss2-tcti/tss2-tcti-mssim.vcxproj \ - src/tss2-tcti/tss2-tcti-mssim.vcxproj.filters if HAVE_LD_VERSION_SCRIPT src_tss2_tcti_libtss2_tcti_mssim_la_LDFLAGS = -Wl,--version-script=$(srcdir)/lib/tss2-tcti-mssim.map @@ -333,6 +337,9 @@ src/tss2-tcti/tcti-common.c \ src/tss2-tcti/tcti-mssim.c endif # ENABLE_TCTI_MSSIM +EXTRA_DIST += lib/tss2-tcti-mssim.map \ + lib/tss2-tcti-mssim.def \ + src/tss2-tcti/tss2-tcti-mssim.vcxproj # tcti pcap library if ENABLE_TCTI_PCAP @@ -340,7 +347,6 @@ tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_pcap.h lib_LTLIBRARIES += $(libtss2_tcti_pcap) pkgconfig_DATA += lib/tss2-tcti-pcap.pc -EXTRA_DIST += lib/tss2-tcti-pcap.map # joho TODO enable tcti-pcap for Win (.def, visual studio files if HAVE_LD_VERSION_SCRIPT src_tss2_tcti_libtss2_tcti_pcap_la_LDFLAGS = -Wl,--version-script=$(srcdir)/lib/tss2-tcti-pcap.map @@ -351,6 +357,25 @@ src/tss2-tcti/tcti-pcap-builder.c \ src/tss2-tcti/tcti-pcap.c endif # ENABLE_TCTI_PCAP +EXTRA_DIST += lib/tss2-tcti-pcap.map + +# tcti libtpms library +if ENABLE_TCTI_LIBTPMS +libtss2_tcti_libtpms = src/tss2-tcti/libtss2-tcti-libtpms.la +tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_libtpms.h +lib_LTLIBRARIES += $(libtss2_tcti_libtpms) +pkgconfig_DATA += lib/tss2-tcti-libtpms.pc + +if HAVE_LD_VERSION_SCRIPT +src_tss2_tcti_libtss2_tcti_libtpms_la_LDFLAGS = -Wl,--version-script=$(srcdir)/lib/tss2-tcti-libtpms.map +endif # HAVE_LD_VERSION_SCRIPT +src_tss2_tcti_libtss2_tcti_libtpms_la_LIBADD = $(libtss2_mu) $(libutil) +src_tss2_tcti_libtss2_tcti_libtpms_la_SOURCES = \ + src/tss2-tcti/tcti-common.c \ + src/tss2-tcti/tcti-libtpms.c \ + src/tss2-tcti/tcti-libtpms.h +endif # ENABLE_TCTI_LIBTPMS +EXTRA_DIST += lib/tss2-tcti-libtpms.map # tcti library for sub-process commands if ENABLE_TCTI_CMD @@ -358,8 +383,6 @@ tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_cmd.h lib_LTLIBRARIES += $(libtss2_tcti_cmd) pkgconfig_DATA += lib/tss2-tcti-cmd.pc -EXTRA_DIST += lib/tss2-tcti-cmd.map \ - lib/tss2-tcti-cmd.def if HAVE_LD_VERSION_SCRIPT if !UNIT @@ -372,6 +395,8 @@ src/tss2-tcti/tcti-cmd.c \ src/tss2-tcti/tcti-cmd.h endif # ENABLE_TCTI_CMD +EXTRA_DIST += lib/tss2-tcti-cmd.map \ + lib/tss2-tcti-cmd.def ### TCG TSS SYS spec library ### libtss2_sys = src/tss2-sys/libtss2-sys.la @@ -429,8 +454,7 @@ endif EXTRA_DIST += lib/tss2-esys.map \ lib/tss2-esys.def \ - src/tss2-esys/tss2-esys.vcxproj \ - src/tss2-esys/tss2-esys.vcxproj.filters + src/tss2-esys/tss2-esys.vcxproj endif #ESYS ### TCG TSS error decoding spec library ### @@ -451,17 +475,10 @@ fapiconfdir = @sysconfdir@/tpm2-tss fapiconf_DATA = fapi-config.json -EXTRA_DIST += dist/fapi-config.json.in CLEANFILES += fapi-config.json \ man/man5/fapi-config.5 \ man/man5/fapi-profile.5 -EXTRA_DIST += man/fapi-config.5.in \ - man/fapi-profile.5.in \ - man/man-postlude-fapi.troff \ - doc/fapi-config.md \ - doc/fapi-profile.md - # We have to do this ourselves, in order to get absolute paths fapi-config.json: dist/fapi-config.json.in $(AM_V_GEN) $(SED) \ @@ -478,7 +495,6 @@ sysusers_DATA = dist/sysusers.d/tpm2-tss.conf tmpfiles_DATA = tpm2-tss-fapi.conf -EXTRA_DIST += dist/sysusers.d/tpm2-tss.conf dist/tmpfiles.d/tpm2-tss-fapi.conf.in CLEANFILES += tpm2-tss-fapi.conf # We have to do this ourselves, in order to get absolute paths @@ -488,9 +504,6 @@ -e 's|@runstatedir@|$(runstatedir)|g' \ < "$<" > "$@" -EXTRA_DIST += dist/fapi-profiles/P_RSA2048SHA256.json \ - dist/fapi-profiles/P_ECCP256SHA256.json - fapiprofilesdir = @sysconfdir@/tpm2-tss/fapi-profiles fapiprofiles_DATA = dist/fapi-profiles/P_RSA2048SHA256.json \ dist/fapi-profiles/P_ECCP256SHA256.json @@ -500,8 +513,18 @@ lib_LTLIBRARIES += $(libtss2_fapi) pkgconfig_DATA += lib/tss2-fapi.pc EXTRA_DIST += \ + dist/fapi-config.json.in \ + dist/fapi-profiles/P_RSA2048SHA256.json \ + dist/fapi-profiles/P_ECCP256SHA256.json \ + dist/sysusers.d/tpm2-tss.conf \ + dist/tmpfiles.d/tpm2-tss-fapi.conf.in \ + doc/fapi-config.md \ + doc/fapi-profile.md \ lib/tss2-fapi.map \
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/Makefile.in -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/Makefile.in
Changed
@@ -20,7 +20,7 @@ # All rights reserved. # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Mon May 17 13:43:14 CDT 2021 +# from AX_AM_MACROS_STATIC on Mon Dec 12 11:26:12 CST 2022 # SPDX-License-Identifier: BSD-2-Clause # Copyright (c) 2015 - 2018 Intel Corporation @@ -109,9 +109,9 @@ build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = -check_PROGRAMS = $(am__EXEEXT_8) $(am__EXEEXT_21) $(am__EXEEXT_22) \ - $(am__EXEEXT_23) $(am__EXEEXT_24) -TESTS = $(am__EXEEXT_8) $(am__EXEEXT_21) $(am__EXEEXT_24) +check_PROGRAMS = $(am__EXEEXT_9) $(am__EXEEXT_22) $(am__EXEEXT_23) \ + $(am__EXEEXT_24) $(am__EXEEXT_25) +TESTS = $(am__EXEEXT_9) $(am__EXEEXT_22) $(am__EXEEXT_25) @UNIT_TRUE@am__append_1 = test/helper/tpm_cmd_tcti_dummy @ENABLE_INTEGRATION_TRUE@am__append_2 = test/helper/tpm_startup \ @ENABLE_INTEGRATION_TRUE@ test/helper/tpm_transientempty \ @@ -121,10 +121,11 @@ @ENABLE_INTEGRATION_TRUE@ test/helper/tpm_writeekcert @ENABLE_TCTI_MSSIM_TRUE@@UNIT_TRUE@am__append_3 = test/unit/tcti-mssim @ENABLE_TCTI_SWTPM_TRUE@@UNIT_TRUE@am__append_4 = test/unit/tcti-swtpm -@ENABLE_TCTI_DEVICE_TRUE@@UNIT_TRUE@am__append_5 = test/unit/tcti-device -@ENABLE_TCTI_PCAP_TRUE@@UNIT_TRUE@am__append_6 = test/unit/tcti-pcap -@ENABLE_TCTI_CMD_TRUE@@UNIT_TRUE@am__append_7 = test/unit/tcti-cmd -@ESYS_TRUE@@UNIT_TRUE@am__append_8 = \ +@ENABLE_TCTI_LIBTPMS_TRUE@@UNIT_TRUE@am__append_5 = test/unit/tcti-libtpms +@ENABLE_TCTI_DEVICE_TRUE@@UNIT_TRUE@am__append_6 = test/unit/tcti-device +@ENABLE_TCTI_PCAP_TRUE@@UNIT_TRUE@am__append_7 = test/unit/tcti-pcap +@ENABLE_TCTI_CMD_TRUE@@UNIT_TRUE@am__append_8 = test/unit/tcti-cmd +@ESYS_TRUE@@UNIT_TRUE@am__append_9 = \ @ESYS_TRUE@@UNIT_TRUE@ test/unit/esys-context-null \ @ESYS_TRUE@@UNIT_TRUE@ test/unit/esys-resubmissions \ @ESYS_TRUE@@UNIT_TRUE@ test/unit/esys-sequence-finish \ @@ -134,8 +135,8 @@ @ESYS_TRUE@@UNIT_TRUE@ test/unit/esys-nulltcti \ @ESYS_TRUE@@UNIT_TRUE@ test/unit/esys-crypto -@FAPI_TRUE@@UNIT_TRUE@am__append_9 = -DTOP_SOURCEDIR"=\"$(top_srcdir)\"" -@FAPI_TRUE@@UNIT_TRUE@am__append_10 = \ +@FAPI_TRUE@@UNIT_TRUE@am__append_10 = -DTOP_SOURCEDIR"=\"$(top_srcdir)\"" +@FAPI_TRUE@@UNIT_TRUE@am__append_11 = \ @FAPI_TRUE@@UNIT_TRUE@ test/unit/fapi-json \ @FAPI_TRUE@@UNIT_TRUE@ test/unit/fapi-helpers \ @FAPI_TRUE@@UNIT_TRUE@ test/unit/fapi-io \ @@ -143,8 +144,8 @@ @FAPI_TRUE@@UNIT_TRUE@ test/unit/fapi-config \ @FAPI_TRUE@@UNIT_TRUE@ test/unit/fapi-get-intl-cert -@ENABLE_INTEGRATION_TRUE@am__append_11 = test/integration/libtest_utils.la -@ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@am__append_12 = \ +@ENABLE_INTEGRATION_TRUE@am__append_12 = test/integration/libtest_utils.la +@ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@am__append_13 = \ @ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@ test/integration/sys-asymmetric-encrypt-decrypt.int \ @ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@ test/integration/sys-nv-policy-locality.int \ @ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@ test/integration/sys-nv-readwrite.int \ @@ -171,17 +172,17 @@ @ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@ test/integration/sys-read-clock.int \ @ENABLE_INTEGRATION_TRUE@@TESTDEVICE_FALSE@ test/tpmclient/tpmclient.int -@DEVICEMANDATORY_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_13 = $(ESYS_TESTS_INTEGRATION_MANDATORY) -@DEVICEOPTIONAL_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_14 = $(ESYS_TESTS_INTEGRATION_OPTIONAL) -@DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_15 = $(ESYS_TESTS_INTEGRATION_DESTRUCTIVE) -@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_FALSE@am__append_16 = $(ESYS_TESTS_INTEGRATION_MANDATORY) $(ESYS_TESTS_INTEGRATION_OPTIONAL) $(ESYS_TESTS_INTEGRATION_DESTRUCTIVE) -@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_17 = $(JSONC_LIBS) -@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_18 = -DTOP_SOURCEDIR"=\"$(top_srcdir)\"" -@DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_TRUE@am__append_19 = \ +@DEVICEMANDATORY_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_14 = $(ESYS_TESTS_INTEGRATION_MANDATORY) +@DEVICEOPTIONAL_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_15 = $(ESYS_TESTS_INTEGRATION_OPTIONAL) +@DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_TRUE@am__append_16 = $(ESYS_TESTS_INTEGRATION_DESTRUCTIVE) +@ENABLE_INTEGRATION_TRUE@@ESYS_TRUE@@TESTDEVICE_FALSE@am__append_17 = $(ESYS_TESTS_INTEGRATION_MANDATORY) $(ESYS_TESTS_INTEGRATION_OPTIONAL) $(ESYS_TESTS_INTEGRATION_DESTRUCTIVE) +@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_18 = $(JSONC_LIBS) +@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_19 = -DTOP_SOURCEDIR"=\"$(top_srcdir)\"" +@DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_TRUE@am__append_20 = \ @DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_TRUE@ test/integration/fapi-key-create-sign-policy-provision.fint \ @DEVICEDESTRUCTIVE_TRUE@@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_TRUE@ test/integration/fapi-quote-destructive.fint -@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@am__append_20 = \ +@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@am__append_21 = \ @ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@ test/integration/fapi-key-create-sign-policy-provision.fint \ @ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@ test/integration/fapi-provision-fingerprint.fint \ @ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@ test/integration/fapi-provision-certificate.fint \ @@ -189,112 +190,109 @@ @ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@ test/integration/fapi-provision-certificate_ecc.fint \ @ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@@TESTDEVICE_FALSE@ test/integration/fapi-quote-destructive.fint -@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_21 = $(FAPI_TESTS_INTEGRATION) -@ENABLE_TCTI_FUZZING_TRUE@am__append_22 = $(libtss2_tcti_fuzzing) -@ENABLE_FUZZING_TRUE@am__append_23 = $(libtss2_utils_fuzzing) +@ENABLE_INTEGRATION_TRUE@@FAPI_TRUE@am__append_22 = $(FAPI_TESTS_INTEGRATION) +@ENABLE_TCTI_FUZZING_TRUE@am__append_23 = $(libtss2_tcti_fuzzing) @ENABLE_FUZZING_TRUE@am__append_24 = $(libtss2_utils_fuzzing) -@ENABLE_FUZZING_TRUE@am__append_25 = $(TESTS_FUZZ) +@ENABLE_FUZZING_TRUE@am__append_25 = $(libtss2_utils_fuzzing) @ENABLE_FUZZING_TRUE@am__append_26 = $(TESTS_FUZZ) +@ENABLE_FUZZING_TRUE@am__append_27 = $(TESTS_FUZZ) fuzz_PROGRAMS = -@ENABLE_FUZZING_TRUE@am__append_27 = Makefile-fuzz-generated.am -@NO_DL_TRUE@am__append_28 = $(libtss2_tcti_device) $(libtss2_tcti_mssim) -@NO_DL_TRUE@am__append_29 = src/tss2-tcti/tctildr-nodl.c src/tss2-tcti/tctildr-nodl.h -@NO_DL_FALSE@am__append_30 = $(LIBADD_DL) -@NO_DL_FALSE@am__append_31 = src/tss2-tcti/tctildr-dl.c src/tss2-tcti/tctildr-dl.h -@ENABLE_TCTI_DEVICE_TRUE@am__append_32 = $(srcdir)/include/tss2/tss2_tcti_device.h -@ENABLE_TCTI_DEVICE_TRUE@am__append_33 = $(libtss2_tcti_device) -@ENABLE_TCTI_DEVICE_TRUE@am__append_34 = lib/tss2-tcti-device.pc -@ENABLE_TCTI_DEVICE_TRUE@am__append_35 = lib/tss2-tcti-device.map +@ENABLE_FUZZING_TRUE@am__append_28 = Makefile-fuzz-generated.am +@NO_DL_TRUE@am__append_29 = $(libtss2_tcti_device) $(libtss2_tcti_mssim) +@NO_DL_TRUE@am__append_30 = src/tss2-tcti/tctildr-nodl.c src/tss2-tcti/tctildr-nodl.h +@NO_DL_FALSE@am__append_31 = $(LIBADD_DL) +@NO_DL_FALSE@am__append_32 = src/tss2-tcti/tctildr-dl.c src/tss2-tcti/tctildr-dl.h +@ENABLE_TCTI_DEVICE_TRUE@am__append_33 = $(srcdir)/include/tss2/tss2_tcti_device.h +@ENABLE_TCTI_DEVICE_TRUE@am__append_34 = $(libtss2_tcti_device) +@ENABLE_TCTI_DEVICE_TRUE@am__append_35 = lib/tss2-tcti-device.pc @ENABLE_TCTI_SWTPM_TRUE@am__append_36 = $(srcdir)/include/tss2/tss2_tcti_swtpm.h @ENABLE_TCTI_SWTPM_TRUE@am__append_37 = $(libtss2_tcti_swtpm) @ENABLE_TCTI_SWTPM_TRUE@am__append_38 = lib/tss2-tcti-swtpm.pc -@ENABLE_TCTI_SWTPM_TRUE@am__append_39 = lib/tss2-tcti-swtpm.map lib/tss2-tcti-swtpm.def src/tss2-tcti/tss2-tcti-swtpm.vcxproj -@ENABLE_TCTI_MSSIM_TRUE@am__append_40 = $(srcdir)/include/tss2/tss2_tcti_mssim.h -@ENABLE_TCTI_MSSIM_TRUE@am__append_41 = $(libtss2_tcti_mssim) -@ENABLE_TCTI_MSSIM_TRUE@am__append_42 = lib/tss2-tcti-mssim.pc -@ENABLE_TCTI_MSSIM_TRUE@am__append_43 = lib/tss2-tcti-mssim.map \ -@ENABLE_TCTI_MSSIM_TRUE@ lib/tss2-tcti-mssim.def \ -@ENABLE_TCTI_MSSIM_TRUE@ src/tss2-tcti/tss2-tcti-mssim.vcxproj \ -@ENABLE_TCTI_MSSIM_TRUE@ src/tss2-tcti/tss2-tcti-mssim.vcxproj.filters - -@ENABLE_TCTI_PCAP_TRUE@am__append_44 = $(srcdir)/include/tss2/tss2_tcti_pcap.h -@ENABLE_TCTI_PCAP_TRUE@am__append_45 = $(libtss2_tcti_pcap) -@ENABLE_TCTI_PCAP_TRUE@am__append_46 = lib/tss2-tcti-pcap.pc -@ENABLE_TCTI_PCAP_TRUE@am__append_47 = lib/tss2-tcti-pcap.map # joho TODO enable tcti-pcap for Win (.def, visual studio files +@ENABLE_TCTI_MSSIM_TRUE@am__append_39 = $(srcdir)/include/tss2/tss2_tcti_mssim.h +@ENABLE_TCTI_MSSIM_TRUE@am__append_40 = $(libtss2_tcti_mssim) +@ENABLE_TCTI_MSSIM_TRUE@am__append_41 = lib/tss2-tcti-mssim.pc +@ENABLE_TCTI_PCAP_TRUE@am__append_42 = $(srcdir)/include/tss2/tss2_tcti_pcap.h +@ENABLE_TCTI_PCAP_TRUE@am__append_43 = $(libtss2_tcti_pcap) +@ENABLE_TCTI_PCAP_TRUE@am__append_44 = lib/tss2-tcti-pcap.pc +@ENABLE_TCTI_LIBTPMS_TRUE@am__append_45 = $(srcdir)/include/tss2/tss2_tcti_libtpms.h +@ENABLE_TCTI_LIBTPMS_TRUE@am__append_46 = $(libtss2_tcti_libtpms) +@ENABLE_TCTI_LIBTPMS_TRUE@am__append_47 = lib/tss2-tcti-libtpms.pc @ENABLE_TCTI_CMD_TRUE@am__append_48 = $(srcdir)/include/tss2/tss2_tcti_cmd.h @ENABLE_TCTI_CMD_TRUE@am__append_49 = $(libtss2_tcti_cmd) @ENABLE_TCTI_CMD_TRUE@am__append_50 = lib/tss2-tcti-cmd.pc -@ENABLE_TCTI_CMD_TRUE@am__append_51 = lib/tss2-tcti-cmd.map \ -@ENABLE_TCTI_CMD_TRUE@ lib/tss2-tcti-cmd.def - -@HAVE_LD_VERSION_SCRIPT_TRUE@am__append_52 = -Wl,--version-script=$(srcdir)/lib/tss2-sys.map -@ESYS_TRUE@am__append_53 = $(srcdir)/include/tss2/tss2_esys.h -@ESYS_TRUE@am__append_54 = $(libtss2_esys) -@ESYS_TRUE@am__append_55 = lib/tss2-esys.pc -@ESYS_TRUE@@HAVE_LD_VERSION_SCRIPT_TRUE@am__append_56 = -Wl,--version-script=$(srcdir)/lib/tss2-esys.map -@ESYS_TRUE@@NO_DL_TRUE@am__append_57 = $(libtss2_tcti_device) $(libtss2_tcti_mssim) $(libtss2_tcti_cmd) -@ESYS_TRUE@@NO_DL_TRUE@am__append_58 = src/tss2-tcti/tctildr-nodl.c src/tss2-tcti/tctildr-nodl.h -@ESYS_TRUE@@NO_DL_FALSE@am__append_59 = $(LIBADD_DL) -@ESYS_TRUE@@NO_DL_FALSE@am__append_60 = src/tss2-tcti/tctildr-dl.c src/tss2-tcti/tctildr-dl.h -@ESYS_TRUE@am__append_61 = lib/tss2-esys.map \ +@HAVE_LD_VERSION_SCRIPT_TRUE@am__append_51 = -Wl,--version-script=$(srcdir)/lib/tss2-sys.map +@ESYS_TRUE@am__append_52 = $(srcdir)/include/tss2/tss2_esys.h +@ESYS_TRUE@am__append_53 = $(libtss2_esys) +@ESYS_TRUE@am__append_54 = lib/tss2-esys.pc +@ESYS_TRUE@@HAVE_LD_VERSION_SCRIPT_TRUE@am__append_55 = -Wl,--version-script=$(srcdir)/lib/tss2-esys.map +@ESYS_TRUE@@NO_DL_TRUE@am__append_56 = $(libtss2_tcti_device) $(libtss2_tcti_mssim) $(libtss2_tcti_cmd) +@ESYS_TRUE@@NO_DL_TRUE@am__append_57 = src/tss2-tcti/tctildr-nodl.c src/tss2-tcti/tctildr-nodl.h +@ESYS_TRUE@@NO_DL_FALSE@am__append_58 = $(LIBADD_DL) +@ESYS_TRUE@@NO_DL_FALSE@am__append_59 = src/tss2-tcti/tctildr-dl.c src/tss2-tcti/tctildr-dl.h +@ESYS_TRUE@am__append_60 = lib/tss2-esys.map \ @ESYS_TRUE@ lib/tss2-esys.def \ -@ESYS_TRUE@ src/tss2-esys/tss2-esys.vcxproj \ -@ESYS_TRUE@ src/tss2-esys/tss2-esys.vcxproj.filters +@ESYS_TRUE@ src/tss2-esys/tss2-esys.vcxproj -@FAPI_TRUE@am__append_62 = dist/fapi-config.json.in \ -@FAPI_TRUE@ man/fapi-config.5.in man/fapi-profile.5.in \ -@FAPI_TRUE@ man/man-postlude-fapi.troff doc/fapi-config.md \ -@FAPI_TRUE@ doc/fapi-profile.md dist/sysusers.d/tpm2-tss.conf \ -@FAPI_TRUE@ dist/tmpfiles.d/tpm2-tss-fapi.conf.in \ -@FAPI_TRUE@ dist/fapi-profiles/P_RSA2048SHA256.json \ -@FAPI_TRUE@ dist/fapi-profiles/P_ECCP256SHA256.json \ -@FAPI_TRUE@ lib/tss2-fapi.map lib/tss2-fapi.def \ -@FAPI_TRUE@ test/data/fapi/P_RSA_EK_persistent.json \ -@FAPI_TRUE@ test/data/fapi/P_RSA.json \ -@FAPI_TRUE@ test/data/fapi/P_RSA2.json \ -@FAPI_TRUE@ test/data/fapi/P_RSA_nameAlg_sha1.json \ -@FAPI_TRUE@ test/data/fapi/P_ECC_sh_eh_policy.json \ -@FAPI_TRUE@ test/data/fapi/P_ECC_error.json \ -@FAPI_TRUE@ test/data/fapi/P_RSA_sh_policy.json \ -@FAPI_TRUE@ test/data/fapi/P_RSA256.json \ -@FAPI_TRUE@ test/data/fapi/P_ECC.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr16_0.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr16_0_rsa_authorized.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr16_0_ecc_authorized.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr16_0_fail.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr16_0_or.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_pcr8_0.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_nv.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_nv_counter.json \ -@FAPI_TRUE@ test/data/fapi/policy/pol_nv_written.json \
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/README.md -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/README.md
Changed
@@ -44,7 +44,9 @@ Instructions to build and install tpm2-tss are available in the INSTALL(INSTALL.md) file. # Getting in Touch: -If you're looking to discuss the source code in this project or get some questions answered you should join the 01.org TPM2 mailing list: https://lists.01.org/postorius/lists/tpm2.lists.01.org/. +If you're looking to discuss the source code in this project or get some questions answered you should join the 01.org TPM2 mailing list: + - https://lists.linuxfoundation.org/mailman/listinfo/tpm2 + We also have an IRC channel set up on FreeNode(https://freenode.net/) called \#tpm2.0-tss. You can also try Gitter !Gitter(https://badges.gitter.im/tpm2-software/community.svg)(https://gitter.im/tpm2-software/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/RELEASE.md -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/RELEASE.md
Changed
@@ -1,6 +1,11 @@ # Release Process: This document describes the general process that maintainers must follow when making a release of the `tpm2-tss` libraries. +# Milestones +All releases should have a milestone used to track the release. If the release version is not known, as covered in Version Numbers(#Version Numbers), +then an "x" may be used for the unknown number, or the generic term "next" may be used. The description field of the milestone will be used to record +the CHANGELOG for that release. See CHANGELOG Update(#CHANGELOG Update) for details. + # Version Numbers Our releases will follow the semantic versioning scheme. You can find a thorough description of this scheme here: http://semver.org/(http://semver.org/) @@ -28,6 +33,10 @@ This branch must be pushed to github which will cause the CI infrastructure to run an automated coverity scan. The results of this scan must be dispositioned by the maintainers before the release is made. +# CHANGELOG Update +Before tagging the repository with the release version, the maintainer MUST update the CHANGELOG file with the contents from the description field +from the corresponding release milestone and update any missing version string details in the CHANGELOG and milestone entry. + # Git Tags When a release is made a tag is created in the git repo identifying the release by the version string(#Version String). The tag should be pushed to upstream git repo as the last step in the release process. @@ -76,10 +85,12 @@ * be associated with the maintainers github account (https://help.github.com/articles/adding-a-new-gpg-key-to-your-github-account/) # Announcements -Release candidates and proper releases should be announced on the 01.org TPM2 mailing list: https://lists.01.org/postorius/lists/tpm2.lists.01.org/. +Release candidates and proper releases should be announced on the 01.org TPM2 mailing list: + - https://lists.linuxfoundation.org/mailman/listinfo/tpm2 + This announcement should be accompanied by a link to the release page on Github as well as a link to the CHANGELOG.md accompanying the release. -# Maintainance +# Maintenance The most recent minor releases will receive bug fixes and bug fix releases. Additionally the latest major release will receive bug fixes for another year after release.
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/VERSION
Added
@@ -0,0 +1,1 @@ +3.2.1
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/aminclude_static.am -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/aminclude_static.am
Changed
@@ -1,6 +1,6 @@ # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Mon May 17 13:43:14 CDT 2021 +# from AX_AM_MACROS_STATIC on Mon Dec 12 11:26:12 CST 2022 # Code coverage
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/config.h.in -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/config.h.in
Changed
@@ -28,6 +28,9 @@ /* Define if you have the _dyld_func_lookup function. */ #undef HAVE_DYLD +/* Support EVP_sm3 in openssl */ +#undef HAVE_EVP_SM3 + /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/configure -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tpm2-tss 3.1.0. +# Generated by GNU Autoconf 2.69 for tpm2-tss 3.2.1. # # Report bugs to <https://github.com/tpm2-software/tpm2-tss/issues>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='tpm2-tss' PACKAGE_TARNAME='tpm2-tss' -PACKAGE_VERSION='3.1.0' -PACKAGE_STRING='tpm2-tss 3.1.0' +PACKAGE_VERSION='3.2.1' +PACKAGE_STRING='tpm2-tss 3.2.1' PACKAGE_BUGREPORT='https://github.com/tpm2-software/tpm2-tss/issues' PACKAGE_URL='https://github.com/tpm2-software/tpm2-tss' @@ -692,13 +692,10 @@ DX_CONFIG DX_PROJECT PATH -result_setfacl -result_mkdir -result_chmod -result_chown -result_id -result_useradd -result_groupadd +addgroup +adduser +groupadd +useradd SYSD_TMPFILES_FALSE SYSD_TMPFILES_TRUE systemd_tmpfiles @@ -766,6 +763,8 @@ ENABLE_TCTI_FUZZING_TRUE ENABLE_TCTI_CMD_FALSE ENABLE_TCTI_CMD_TRUE +ENABLE_TCTI_LIBTPMS_FALSE +ENABLE_TCTI_LIBTPMS_TRUE ENABLE_TCTI_PCAP_FALSE ENABLE_TCTI_PCAP_TRUE ENABLE_TCTI_SWTPM_FALSE @@ -780,8 +779,8 @@ JSONC_CFLAGS TSS2_ESYS_LDFLAGS_CRYPTO TSS2_ESYS_CFLAGS_CRYPTO -LIBCRYPTO_LIBS -LIBCRYPTO_CFLAGS +CRYPTO_LIBS +CRYPTO_CFLAGS ESYS_MBED_FALSE ESYS_MBED_TRUE ESYS_OSSL_FALSE @@ -964,6 +963,7 @@ enable_tcti_mssim enable_tcti_swtpm enable_tcti_pcap +enable_tcti_libtpms enable_tcti_cmd enable_tcti_fuzzing enable_nodl @@ -1017,8 +1017,8 @@ PKG_CONFIG_LIBDIR CMOCKA_CFLAGS CMOCKA_LIBS -LIBCRYPTO_CFLAGS -LIBCRYPTO_LIBS +CRYPTO_CFLAGS +CRYPTO_LIBS JSONC_CFLAGS JSONC_LIBS CURL_CFLAGS @@ -1574,7 +1574,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tpm2-tss 3.1.0 to adapt to many kinds of systems. +\`configure' configures tpm2-tss 3.2.1 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1645,7 +1645,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tpm2-tss 3.1.0:";; + short | recursive ) echo "Configuration of tpm2-tss 3.2.1:";; esac cat <<\_ACEOF @@ -1676,6 +1676,7 @@ --disable-tcti-mssim don't build the tcti-mssim module --disable-tcti-swtpm don't build the tcti-swtpm module --disable-tcti-pcap don't build the tcti-pcap module + --disable-tcti-libtpms don't build the tcti-libtpms module --disable-tcti-cmd don't build the tcti-cmd module --enable-tcti-fuzzing build the tcti-fuzzing module --enable-nodl link against TCTIs directly, do not use dlopen @@ -1778,10 +1779,9 @@ CMOCKA_CFLAGS C compiler flags for CMOCKA, overriding pkg-config CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config - LIBCRYPTO_CFLAGS - C compiler flags for LIBCRYPTO, overriding pkg-config - LIBCRYPTO_LIBS - linker flags for LIBCRYPTO, overriding pkg-config + CRYPTO_CFLAGS + C compiler flags for CRYPTO, overriding pkg-config + CRYPTO_LIBS linker flags for CRYPTO, overriding pkg-config JSONC_CFLAGS C compiler flags for JSONC, overriding pkg-config JSONC_LIBS linker flags for JSONC, overriding pkg-config @@ -1857,7 +1857,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tpm2-tss configure 3.1.0 +tpm2-tss configure 3.2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2393,7 +2393,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tpm2-tss $as_me 3.1.0, which was +It was created by tpm2-tss $as_me 3.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3257,7 +3257,7 @@ # Define the identity of the package. PACKAGE='tpm2-tss' - VERSION='3.1.0' + VERSION='3.2.1' cat >>confdefs.h <<_ACEOF @@ -3393,7 +3393,7 @@ ac_config_headers="$ac_config_headers config.h" -ac_config_files="$ac_config_files Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-pcap.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc" +ac_config_files="$ac_config_files Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-libtpms.pc lib/tss2-tcti-pcap.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc" # propagate configure arguments to distcheck @@ -17199,24 +17199,26 @@ fi + + if test "x$enable_esys" = xyes; then : if test "x$with_crypto" = xossl; then : pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBCRYPTO" >&5 -$as_echo_n "checking for LIBCRYPTO... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO" >&5 +$as_echo_n "checking for CRYPTO... " >&6; } -if test -n "$LIBCRYPTO_CFLAGS"; then - pkg_cv_LIBCRYPTO_CFLAGS="$LIBCRYPTO_CFLAGS" +if test -n "$CRYPTO_CFLAGS"; then + pkg_cv_CRYPTO_CFLAGS="$CRYPTO_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libcrypto") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.1.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBCRYPTO_CFLAGS=`$PKG_CONFIG --cflags "libcrypto" 2>/dev/null` + pkg_cv_CRYPTO_CFLAGS=`$PKG_CONFIG --cflags "libcrypto >= 1.1.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17224,16 +17226,16 @@ else pkg_failed=untried fi -if test -n "$LIBCRYPTO_LIBS"; then - pkg_cv_LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS" +if test -n "$CRYPTO_LIBS"; then + pkg_cv_CRYPTO_LIBS="$CRYPTO_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libcrypto") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.1.0") 2>&5
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/configure.ac -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/configure.ac
Changed
@@ -4,7 +4,7 @@ # All rights reserved. AC_INIT(tpm2-tss, - 3.1.0, + m4_esyscmd_s(cat ./VERSION), https://github.com/tpm2-software/tpm2-tss/issues, , https://github.com/tpm2-software/tpm2-tss) @@ -15,7 +15,7 @@ AC_CONFIG_HEADERS(config.h) -AC_CONFIG_FILES(Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-pcap.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc) +AC_CONFIG_FILES(Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-libtpms.pc lib/tss2-tcti-pcap.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc) # propagate configure arguments to distcheck AC_SUBST(DISTCHECK_CONFIGURE_FLAGS,$ac_configure_args) @@ -132,12 +132,19 @@ AM_CONDITIONAL(ESYS_OSSL, test "x$with_crypto" = "xossl") AM_CONDITIONAL(ESYS_MBED, test "x$with_crypto" = "xmbed") +m4_define(ossl_min_version, 1.1.0) +m4_define(ossl_err, OpenSSL libcrypto is missing or version requirements not met. OpenSSL version must be >= ossl_min_version) AS_IF(test "x$enable_esys" = xyes, AS_IF(test "x$with_crypto" = xossl, - PKG_CHECK_MODULES(LIBCRYPTO, libcrypto) + PKG_CHECK_MODULES(CRYPTO, + libcrypto >= ossl_min_version,, + AC_MSG_ERROR(ossl_err)) AC_DEFINE(OSSL, 1, OpenSSL cryptographic backend) - TSS2_ESYS_CFLAGS_CRYPTO="$LIBCRYPTO_CFLAGS" - TSS2_ESYS_LDFLAGS_CRYPTO="$LIBCRYPTO_LIBS" + AC_CHECK_LIB(crypto,EVP_sm3, + AC_DEFINE(HAVE_EVP_SM3, 1, Support EVP_sm3 in openssl), + ) + TSS2_ESYS_CFLAGS_CRYPTO="$CRYPTO_CFLAGS" + TSS2_ESYS_LDFLAGS_CRYPTO="$CRYPTO_LIBS" , test "x$with_crypto" = xmbed, AC_CHECK_HEADER(mbedtls/md.h, , AC_MSG_ERROR(Missing required mbedTLS library)) AC_DEFINE(MBED, 1, mbedTLS cryptographic backend) @@ -147,10 +154,10 @@ AC_SUBST(TSS2_ESYS_CFLAGS_CRYPTO) AC_SUBST(TSS2_ESYS_LDFLAGS_CRYPTO) -AS_IF(test "x$enable_fapi" != xno -a "x$enable_esys" = "xno", +AS_IF(test "x$enable_fapi" != xno && test "x$enable_esys" = "xno", AC_MSG_ERROR(ESYS has to be enabled to compile FAPI.)) -AS_IF(test "x$enable_fapi" != xno -a "x$with_crypto" != "xossl", +AS_IF(test "x$enable_fapi" != xno && test "x$with_crypto" != "xossl", AC_MSG_ERROR(FAPI has to be compiled with OpenSSL)) AS_IF(test "x$enable_fapi" = xyes , @@ -203,6 +210,16 @@ enable_tcti_pcap=yes) AM_CONDITIONAL(ENABLE_TCTI_PCAP, test "x$enable_tcti_pcap" != xno) +AC_ARG_ENABLE(tcti-libtpms, + AS_HELP_STRING(--disable-tcti-libtpms, + don't build the tcti-libtpms module), + AS_IF(test "x$enable_tcti_libtpms" = "xyes", + AC_CHECK_HEADER(libtpms/tpm_library.h, , AC_MSG_ERROR(library libtpms missing))), + AC_CHECK_HEADER(libtpms/tpm_library.h, enable_tcti_libtpms=yes, + enable_tcti_libtpms=no + AC_MSG_WARN(library libtpms missing))) +AM_CONDITIONAL(ENABLE_TCTI_LIBTPMS, test "x$enable_tcti_libtpms" != xno) + AC_ARG_ENABLE(tcti-cmd, AS_HELP_STRING(--disable-tcti-cmd, don't build the tcti-cmd module),, @@ -246,7 +263,7 @@ AC_ARG_WITH(device, AS_HELP_STRING(--with-device=<device>,TPM device for testing), - AS_IF(test \( -w "$with_device" \) -a \( -r "$with_device" \), + AS_IF(test -w "$with_device" && test -r "$with_device", AC_MSG_RESULT(success) AX_NORMALIZE_PATH(with_device) with_device_set=yes, @@ -303,8 +320,8 @@ ERROR_IF_NO_PROG(grep) ERROR_IF_NO_PROG(env) ERROR_IF_NO_PROG(rm) - AS_IF(test "x$with_crypto" != xossl -o "x$enable_esys" != xyes, - PKG_CHECK_MODULES(LIBCRYPTO,libcrypto)) + AS_IF(test "x$with_crypto" != xossl || test "x$enable_esys" != xyes, + PKG_CHECK_MODULES(CRYPTO,libcrypto)) AC_CHECK_HEADER(uthash.h, , AC_MSG_ERROR(Can not find uthash.h. Please install uthash-dev)) # choose tcti for testing and look for TPM simulator binary @@ -470,15 +487,17 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") + # Check all tools used by make install AS_IF(test "$HOSTOS" = "Linux", - ERROR_IF_NO_PROG(groupadd) - ERROR_IF_NO_PROG(useradd) - ERROR_IF_NO_PROG(id) - ERROR_IF_NO_PROG(chown) - ERROR_IF_NO_PROG(chmod) - ERROR_IF_NO_PROG(mkdir) - ERROR_IF_NO_PROG(setfacl)) + AC_CHECK_PROG(useradd, useradd, yes) + AC_CHECK_PROG(groupadd, groupadd, yes) + AC_CHECK_PROG(adduser, adduser, yes) + AC_CHECK_PROG(addgroup, addgroup, yes) + AS_IF(test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" , + AC_MSG_ERROR(addgroup or groupadd are needed.)) + AS_IF(test "x$adduser" != "xyes" && test "x$useradd" != "xyes" , + AC_MSG_ERROR(adduser or useradd are needed.))) AC_SUBST(PATH)
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/include/tss2/tss2_mu.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/include/tss2/tss2_mu.h
Changed
@@ -753,14 +753,16 @@ TPMS_ALGORITHM_DESCRIPTION const *src, uint8_t buffer, size_t buffer_size, - size_t *offset); + size_t *offset) + __attribute__((deprecated)); TSS2_RC Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal( uint8_t const buffer, size_t buffer_size, size_t *offset, - TPMS_ALGORITHM_DESCRIPTION *dest); + TPMS_ALGORITHM_DESCRIPTION *dest) + __attribute__((deprecated)); TSS2_RC Tss2_MU_TPMS_TAGGED_PROPERTY_Marshal(
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/include/tss2/tss2_tcti_libtpms.h
Added
@@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* + * Copyright (c) 2015 - 2021, Intel Corporation + * All rights reserved. + */ +#ifndef TSS2_TCTI_LIBTPMS_H +#define TSS2_TCTI_LIBTPMS_H + +#include "tss2_tcti.h" + +#ifdef __cplusplus +extern "C" { +#endif + +TSS2_RC Tss2_Tcti_Libtpms_Init ( + TSS2_TCTI_CONTEXT *tctiContext, + size_t *size, + const char *conf); + +#ifdef __cplusplus +} +#endif + +#endif /* TSS2_TCTI_LIBTPMS_H */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/include/tss2/tss2_tpm2_types.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/include/tss2/tss2_tpm2_types.h
Changed
@@ -262,9 +262,9 @@ typedef UINT32 TPM2_SPEC; #define TPM2_SPEC_FAMILY ((TPM2_SPEC) 0x322E3000) /* ASCII 2.0 with null terminator */ #define TPM2_SPEC_LEVEL ((TPM2_SPEC) 00) /* the level number for the specification */ -#define TPM2_SPEC_VERSION ((TPM2_SPEC) 126) /* the version number of the spec 001.26 * 100 */ -#define TPM2_SPEC_YEAR ((TPM2_SPEC) 2015) /* the year of the version */ -#define TPM2_SPEC_DAY_OF_YEAR ((TPM2_SPEC) 233) /* the day of the year August 21 2015 */ +#define TPM2_SPEC_VERSION ((TPM2_SPEC) 138) /* the version number of the spec 001.38 * 100 */ +#define TPM2_SPEC_YEAR ((TPM2_SPEC) 2016) /* the year of the version */ +#define TPM2_SPEC_DAY_OF_YEAR ((TPM2_SPEC) 260) /* the day of the year September 16 2016 */ /* Definition of UINT32 TPM2_GENERATED Constants <O> */ typedef UINT32 TPM2_GENERATED; @@ -465,7 +465,9 @@ #define TPM2_CAP_TPM_PROPERTIES ((TPM2_CAP) 0x00000006) /* TPM2_PT */ #define TPM2_CAP_PCR_PROPERTIES ((TPM2_CAP) 0x00000007) /* TPM2_PT_PCR */ #define TPM2_CAP_ECC_CURVES ((TPM2_CAP) 0x00000008) /* TPM2_ECC_CURVE1 */ -#define TPM2_CAP_LAST ((TPM2_CAP) 0x00000008) +#define TPM2_CAP_AUTH_POLICIES ((TPM2_CAP) 0x00000009) /* TPM2_HANDLE */ +#define TPM2_CAP_ACT ((TPM2_CAP) 0x0000000A) /* TPM2_HANDLE */ +#define TPM2_CAP_LAST ((TPM2_CAP) 0x0000000A) #define TPM2_CAP_VENDOR_PROPERTY ((TPM2_CAP) 0x00000100) /* manufacturer specific */ /* Definition of UINT32 TPM2_PT Constants <INOUT S> */ @@ -622,7 +624,8 @@ #define TPM2_RH_EK ((TPM2_RH) 0x40000006) /* R */ #define TPM2_RH_NULL ((TPM2_RH) 0x40000007) /* K A P */ #define TPM2_RH_UNASSIGNED ((TPM2_RH) 0x40000008) /* R */ -#define TPM2_RS_PW ((TPM2_RH) 0x40000009) /* S */ +#define TPM2_RH_PW ((TPM2_RH) 0x40000009) /* S */ +#define TPM2_RS_PW ((TPM2_RH) 0x40000009) /* S; This was a bug; to be deprecated*/ #define TPM2_RH_LOCKOUT ((TPM2_RH) 0x4000000A) /* A */ #define TPM2_RH_ENDORSEMENT ((TPM2_RH) 0x4000000B) /* K A P */ #define TPM2_RH_PLATFORM ((TPM2_RH) 0x4000000C) /* K A P */ @@ -790,8 +793,8 @@ /* Definition of UINT32 TPMA_ACT Bits */ typedef uint32_t TPMA_ACT; -#define TPMA_ACT_SIGNALED ((TPMA_ACT) 0x00000000) /* SET 1 The ACT has signaled. CLEAR 0 The ACT has not signaled */ -#define TPMA_ACT_PRESERVESIGNALED ((TPMA_ACT) 0x00000001) /* SET 1 The ACT signaled bit is preserved over a power cycle. CLEAR 0 The ACT signaled bit is not preserved over a power cycle */ +#define TPMA_ACT_SIGNALED ((TPMA_ACT) 0x00000001) /* SET 1 The ACT has signaled. CLEAR 0 The ACT has not signaled */ +#define TPMA_ACT_PRESERVESIGNALED ((TPMA_ACT) 0x00000002) /* SET 1 The ACT signaled bit is preserved over a power cycle. CLEAR 0 The ACT signaled bit is not preserved over a power cycle */ #define TPMA_ACT_RESERVED_MASK ((TPMA_ACT) 0xFFFFFFFC) /* shall be zero */ /* Definition of BYTE TPMI_YES_NO Type */ @@ -910,12 +913,21 @@ BYTE empty1; /* a structure with no member */ }; -/* Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> */ -typedef struct TPMS_ALGORITHM_DESCRIPTION TPMS_ALGORITHM_DESCRIPTION; +/* This is DEPRECATED as it's an unused structure included by accident and never used + * by a TPM 2.0 device as either an input or output structure. + * Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> + */ +#if defined(INTERNALBUILD) + #define DEPRECATED +#else + #define DEPRECATED __attribute__((deprecated)) +#endif + +typedef struct TPMS_ALGORITHM_DESCRIPTION TPMS_ALGORITHM_DESCRIPTION DEPRECATED; struct TPMS_ALGORITHM_DESCRIPTION { TPM2_ALG_ID alg; /* an algorithm */ TPMA_ALGORITHM attributes; /* the attributes of the algorithm */ -}; +} DEPRECATED; /* Definition of TPMU_HA Union <INOUT S> */ typedef union TPMU_HA TPMU_HA; @@ -1196,6 +1208,8 @@ TPML_TAGGED_TPM_PROPERTY tpmProperties; TPML_TAGGED_PCR_PROPERTY pcrProperties; TPML_ECC_CURVE eccCurves; + TPML_TAGGED_POLICY authPolicies; + TPML_ACT_DATA actData; TPML_INTEL_PTT_PROPERTY intelPttProperty; };
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/lib/tss2-tcti-libtpms.map
Added
@@ -0,0 +1,7 @@ +{ + global: + Tss2_Tcti_Info; + Tss2_Tcti_Libtpms_Init; + local: + *; +};
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/lib/tss2-tcti-libtpms.pc.in
Added
@@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: tss2-tcti-libtpms +Description: TCTI library for communicating with the libtpms library. +URL: https://github.com/tpm2-software/tpm2-tss +Version: @VERSION@ +Cflags: -I${includedir} +Libs: -ltss2-tcti-libtpms -L${libdir}
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/man/man7/tss2-tcti-swtpm.7 -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/man/man7/tss2-tcti-swtpm.7
Changed
@@ -13,6 +13,13 @@ reference implementation. The interface exposed by this library is defined in the \*(lqTSS System Level API and TPM Command Transmission Interface Specification\*(rq specification. +.SH NOTES +It is best not to use the CUSE interface when setting up swtpm, but rather +to use the vtpm module proxy: +.EX +modprobe tpm_vtpm_proxy +swtpm chardev --vtpm-proxy --tpmstate dir=... --tpm2 ... +.EE .SH AUTHOR Philip Tricca <philip.b.tricca@intel.com> .SH "SEE ALSO" @@ -25,7 +32,7 @@ .BR tcti-tabrmd (7), .BR tpm2-abrmd (8) .SH COLOPHON -This page is part of release 3.1.0 of Open Source implementation of the +This page is part of release 3.2.1 of Open Source implementation of the TCG TPM2 Software Stack (TSS2). A description of the project, information about reporting bugs, and the latest version of this page can be found at \%https://github.com/tpm2-software/tpm2-tss/.
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/script/ekca/create_ca.sh -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/script/ekca/create_ca.sh
Changed
@@ -94,11 +94,6 @@ openssl req -new -out intermed-ca.req.pem -passout file:pass.txt -openssl req -new \ - -key private/intermed-ca.key.pem \ - -out intermed-ca.req.pem \ - -passin file:pass.txt - openssl rsa -inform PEM -in private/intermed-ca.key.pem \ -outform DER -out private/intermed-ca.key.der -passin file:pass.txt
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/script/ekca/intermed-ca.cnf -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/script/ekca/intermed-ca.cnf
Changed
@@ -6,13 +6,6 @@ # This definition doesn't work if HOME isn't defined. CA_HOME = . RANDFILE = $ENV::CA_HOME/private/.rnd -oid_section = new_oids - -# -# XMPP address Support - new_oids -xmppAddr = 1.3.6.1.5.5.7.8.5 -dnsSRV = 1.3.6.1.5.5.7.8.7 # # Default Certification Authority @@ -64,7 +57,6 @@ organizationalUnitName = optional commonName = supplied emailAddress = supplied -#xmppAddr = optional # Added to SubjAltName by req # # Intermediate CA request options
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/script/int-log-compiler-common.sh -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/script/int-log-compiler-common.sh
Changed
@@ -237,7 +237,7 @@ ret_data=$? ${sock_tool} ${sock_tool_params} 2> /dev/null | grep "${PID}" | grep "${SIM_PORT_CMD}" ret_cmd=$? - if \( $ret_data -eq 0 \) -a \( $ret_cmd -eq 0 \) ; then + if test $ret_data -eq 0 && test $ret_cmd -eq 0; then echo "Simulator with PID ${PID} bound to port ${SIM_PORT_DATA} and " \ "${SIM_PORT_CMD} successfully."; break
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/api/Esys_PCR_SetAuthValue.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/api/Esys_PCR_SetAuthValue.c
Changed
@@ -19,6 +19,21 @@ #include "util/log.h" #include "util/aux_util.h" +/** Store command parameters inside the ESYS_CONTEXT for use during _Finish */ +static void store_input_parameters ( + ESYS_CONTEXT *esysContext, + const ESYS_TR pcrHandle, + const TPM2B_AUTH *auth) +{ + if (auth == NULL) + memset(&esysContext->in.PCR.authData, 0, + sizeof(esysContext->in.PCR.authData)); + else + esysContext->in.PCR.authData = *auth; + + esysContext->in.PCR.pcrHandle = pcrHandle; +} + /** One-Call function for TPM2_PCR_SetAuthValue * * This function invokes the TPM2_PCR_SetAuthValue command in a one-call @@ -162,6 +177,8 @@ r = check_session_feasibility(shandle1, shandle2, shandle3, 1); return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage"); + store_input_parameters(esysContext, pcrHandle, auth); + /* Retrieve the metadata objects for provided handles */ r = esys_GetResourceObject(esysContext, pcrHandle, &pcrHandleNode); return_state_if_error(r, _ESYS_STATE_INIT, "pcrHandle unknown."); @@ -236,6 +253,9 @@ Esys_PCR_SetAuthValue_Finish( ESYS_CONTEXT *esysContext) { + ESYS_TR pcrHandle; + RSRC_NODE_T *pcrHandleNode; + TSS2_RC r; LOG_TRACE("context=%p", esysContext); @@ -294,6 +314,19 @@ } /* + * Session value has to be updated before checking the response to ensure + * correct computation of hmac with new auth value. + */ + pcrHandle = esysContext->in.PCR.pcrHandle; + r = esys_GetResourceObject(esysContext, pcrHandle, &pcrHandleNode); + return_if_error(r, "get resource"); + + pcrHandleNode->auth = esysContext->in.PCR.authData; + + iesys_compute_session_value(esysContext->session_tab0, + &pcrHandleNode->rsrc.name, &pcrHandleNode->auth); + + /* * Now the verification of the response (hmac check) and if necessary the * parameter decryption have to be done. */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/esys_crypto.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/esys_crypto.c
Changed
@@ -499,6 +499,7 @@ size_t data_size_bits = data_size * 8; size_t rest_size = data_size; BYTE *kdfa_byte_ptr; + BYTE *data_start MAYBE_UNUSED = data; if (key == NULL || data == NULL) { LOG_ERROR("Bad reference"); @@ -514,11 +515,11 @@ return_if_error(r, "iesys_crypto_KDFa failed"); /* XOR next data sub block with KDFa result */ kdfa_byte_ptr = kdfa_result; - LOGBLOB_TRACE(data, data_size, "Parameter data before XOR"); + LOGBLOB_TRACE(data_start, data_size, "Parameter data before XOR"); for(size_t i = digest_size < rest_size ? digest_size : rest_size; i > 0; i--) *data++ ^= *kdfa_byte_ptr++; - LOGBLOB_TRACE(data, data_size, "Parameter data after XOR"); + LOGBLOB_TRACE(data_start, data_size, "Parameter data after XOR"); rest_size = rest_size < digest_size ? 0 : rest_size - digest_size; } return TSS2_RC_SUCCESS;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/esys_crypto_ossl.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/esys_crypto_ossl.c
Changed
@@ -8,9 +8,17 @@ #include <config.h> #endif +#include <openssl/rand.h> #include <openssl/evp.h> -#include <openssl/aes.h> #include <openssl/rsa.h> +#include <openssl/ec.h> +#if OPENSSL_VERSION_NUMBER < 0x30000000L +#include <openssl/aes.h> +#else +#include <openssl/core_names.h> +#include <openssl/params.h> +#include <openssl/param_build.h> +#endif #include <openssl/engine.h> #include <stdio.h> @@ -58,38 +66,107 @@ } type; /**< The type of context to hold; hash or hmac */ union { struct { - EVP_MD_CTX *ossl_context; +#if OPENSSL_VERSION_NUMBER < 0x30000000L const EVP_MD *ossl_hash_alg; +#else + OSSL_LIB_CTX *ossl_libctx; + EVP_MD *ossl_hash_alg; +#endif + EVP_MD_CTX *ossl_context; size_t hash_len; - } hash; /**< the state variables for a hash context */ - struct { - EVP_MD_CTX *ossl_context; - const EVP_MD *ossl_hash_alg; - size_t hmac_len; - } hmac; /**< the state variables for an hmac context */ + } hash; /**< the state variables for a HASH or HMAC context */ }; } IESYS_CRYPTOSSL_CONTEXT; -const EVP_MD * +static IESYS_CRYPTOSSL_CONTEXT * +iesys_cryptossl_context_new() { + IESYS_CRYPTOSSL_CONTEXT *ctx; + + if (!(ctx = calloc(1, sizeof(IESYS_CRYPTOSSL_CONTEXT)))) + return NULL; + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + /* The TPM2 provider may be loaded in the global library context. + * As we don't want the TPM to be called for these operations, we have + * to initialize own library context with the default provider. */ + if (!(ctx->hash.ossl_libctx = OSSL_LIB_CTX_new())) { + SAFE_FREE(ctx); + return NULL; + } +#endif + return ctx; +} + +static void +iesys_cryptossl_context_free(IESYS_CRYPTOSSL_CONTEXT *ctx) { + if (!ctx) + return; + + EVP_MD_CTX_free(ctx->hash.ossl_context); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_MD_free(ctx->hash.ossl_hash_alg); + OSSL_LIB_CTX_free(ctx->hash.ossl_libctx); +#endif + SAFE_FREE(ctx); +} + +#if OPENSSL_VERSION_NUMBER < 0x30000000L +static const EVP_MD * get_ossl_hash_md(TPM2_ALG_ID hashAlg) { switch (hashAlg) { case TPM2_ALG_SHA1: return EVP_sha1(); - break; case TPM2_ALG_SHA256: return EVP_sha256(); - break; case TPM2_ALG_SHA384: return EVP_sha384(); - break; case TPM2_ALG_SHA512: return EVP_sha512(); - break; +#if HAVE_EVP_SM3 && !defined(OPENSSL_NO_SM3) + case TPM2_ALG_SM3_256: + return EVP_sm3(); +#endif default: return NULL; } } +#else +static const char * +get_ossl_hash_md(TPM2_ALG_ID hashAlg) +{ + switch (hashAlg) { + case TPM2_ALG_SHA1: + return "SHA1"; + case TPM2_ALG_SHA256: + return "SHA256"; + case TPM2_ALG_SHA384: + return "SHA384"; + case TPM2_ALG_SHA512: + return "SHA512"; + case TPM2_ALG_SM3_256: + return "SM3"; + default: + return NULL; + } +} +#endif + +static int +iesys_cryptossl_context_set_hash_md(IESYS_CRYPTOSSL_CONTEXT *ctx, TPM2_ALG_ID hashAlg) { +#if OPENSSL_VERSION_NUMBER < 0x30000000L + ctx->hash.ossl_hash_alg = get_ossl_hash_md(hashAlg); +#else + const char *alg_name = get_ossl_hash_md(hashAlg); + if (!alg_name) + return 0; + ctx->hash.ossl_hash_alg = EVP_MD_fetch(ctx->hash.ossl_libctx, alg_name, NULL); +#endif + if (!ctx->hash.ossl_hash_alg) + return 0; + + return 1; +} /** Provide the context for the computation of a hash digest. * @@ -109,12 +186,12 @@ LOG_TRACE("call: context=%p hashAlg=%"PRIu16, context, hashAlg); return_if_null(context, "Context is NULL", TSS2_ESYS_RC_BAD_REFERENCE); return_if_null(context, "Null-Pointer passed for context", TSS2_ESYS_RC_BAD_REFERENCE); - IESYS_CRYPTOSSL_CONTEXT *mycontext; - mycontext = calloc(1, sizeof(IESYS_CRYPTOSSL_CONTEXT)); + + IESYS_CRYPTOSSL_CONTEXT *mycontext = iesys_cryptossl_context_new(); return_if_null(mycontext, "Out of Memory", TSS2_ESYS_RC_MEMORY); mycontext->type = IESYS_CRYPTOSSL_TYPE_HASH; - if (!(mycontext->hash.ossl_hash_alg = get_ossl_hash_md(hashAlg))) { + if (!iesys_cryptossl_context_set_hash_md(mycontext, hashAlg)) { goto_error(r, TSS2_ESYS_RC_NOT_IMPLEMENTED, "Unsupported hash algorithm (%"PRIu16")", cleanup, hashAlg); } @@ -124,12 +201,12 @@ "Unsupported hash algorithm (%"PRIu16")", cleanup, hashAlg); } - if (!(mycontext->hash.ossl_context = EVP_MD_CTX_create())) { + if (!(mycontext->hash.ossl_context = EVP_MD_CTX_create())) { goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Error EVP_MD_CTX_create", cleanup); } if (1 != EVP_DigestInit(mycontext->hash.ossl_context, - mycontext->hash.ossl_hash_alg)) { + mycontext->hash.ossl_hash_alg)) { goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Errror EVP_DigestInit", cleanup); } @@ -138,9 +215,7 @@ return TSS2_RC_SUCCESS; cleanup: - if (mycontext->hash.ossl_context) - EVP_MD_CTX_destroy(mycontext->hash.ossl_context); - SAFE_FREE(mycontext); + iesys_cryptossl_context_free(mycontext); return r; } @@ -244,8 +319,8 @@ LOGBLOB_TRACE(buffer, mycontext->hash.hash_len, "read hash result"); *size = mycontext->hash.hash_len; - EVP_MD_CTX_destroy(mycontext->hash.ossl_context); - free(mycontext); + + iesys_cryptossl_context_free(mycontext); *context = NULL; return TSS2_RC_SUCCESS; @@ -271,8 +346,7 @@ return; } - EVP_MD_CTX_destroy(mycontext->hash.ossl_context); - free(mycontext); + iesys_cryptossl_context_free(mycontext); *context = NULL;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/esys_int.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/esys_int.h
Changed
@@ -109,6 +109,11 @@ ESYS_TR flushHandle; } FlushContext_IN; +typedef struct { + ESYS_TR pcrHandle; + TPM2B_AUTH authData; +} PCR_IN; + /** Union for input parameters. * * The input parameters of a command need to be stored if they are needed @@ -130,6 +135,7 @@ Policy_IN Policy; NV_IN NV; FlushContext_IN FlushContext; + PCR_IN PCR; } IESYS_CMD_IN_PARAM; /** The states for the ESAPI's internal state machine */ @@ -182,6 +188,11 @@ automatically loaded. */ IESYS_SESSION *enc_session; /**< Ptr to the enc param session. Used to restore session attributes */ + ESYS_TR sav_session1; /**< Used to store session for cases where call + with ESYS_TR_NONE is needed to determine object + name */ + ESYS_TR sav_session2; + ESYS_TR sav_session3; }; /** The number of authomatic resubmissions.
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/esys_iutil.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/esys_iutil.c
Changed
@@ -1322,7 +1322,7 @@ auths->authsauths->count.hmac.size = 0; auths->count += 1; } else { - auths->authsauths->count.sessionHandle = TPM2_RS_PW; + auths->authsauths->count.sessionHandle = TPM2_RH_PW; auths->authsauths->count.hmac = objectssession_idx->auth; auths->count += 1; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/esys_tr.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/esys_tr.c
Changed
@@ -65,15 +65,14 @@ * * Deserialize the metadata of an ESYS_TR object from a byte buffer that was * stored on disk for later use by a different program or context. - * An object can be serialized suing Esys_TR_Serialize. + * An object can be deserialized using Esys_TR_Deserialize. * @param esys_context in,out The ESYS_CONTEXT. - * @param esys_handle in The ESYS_TR object to serialize. - * @param buffer out The buffer containing the serialized metadata. - * (caller-callocated) Shall be freed using free(). - * @param buffer_size out The size of the buffer parameter. + * @param esys_handle out The ESYS_TR object to deserialize. + * @param buffer in The buffer containing the metadata of the ESYS_TR object. + * @param buffer_size in The size of the buffer parameter. * @retval TSS2_RC_SUCCESS on Success. * @retval TSS2_ESYS_RC_MEMORY if the object can not be allocated. - * @retval TSS2_ESYS_RC_INSUFFICIENT_BUFFER if the buffer for unmarshaling. + * @retval TSS2_ESYS_RC_INSUFFICIENT_BUFFER if the buffer for unmarshalling. * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext is NULL. * @retval TSS2_RCs produced by lower layers of the software stack. */ @@ -134,11 +133,41 @@ _ESYS_ASSERT_NON_NULL(esys_context); ESYS_TR esys_handle = esys_context->esys_handle_cnt++; RSRC_NODE_T *esysHandleNode = NULL; - r = esys_CreateResourceObject(esys_context, esys_handle, &esysHandleNode); - goto_if_error(r, "Error create resource", error_cleanup); + RSRC_NODE_T *node_rsrc = NULL; + RSRC_NODE_T *next_node_rsrc; + + for (node_rsrc = esys_context->rsrc_list; node_rsrc != NULL; + node_rsrc = next_node_rsrc) { + if (node_rsrc->rsrc.handle == tpm_handle) { + esysHandleNode = node_rsrc; + esys_context->esys_handle = node_rsrc->esys_handle; + break; + } + next_node_rsrc = node_rsrc->next; + } - esysHandleNode->rsrc.handle = tpm_handle; - esys_context->esys_handle = esys_handle; + if (!esysHandleNode) { + /* Object was already created */ + esys_handle = esys_context->esys_handle_cnt++; + r = esys_CreateResourceObject(esys_context, esys_handle, &esysHandleNode); + goto_if_error(r, "Error create resource", error_cleanup); + + /* In the first trial no session will be used to determine the object name. */ + esys_context->sav_session1 = shandle1; + esys_context->sav_session2 = shandle2; + esys_context->sav_session3 = shandle3; + esys_context->session_tab0 = NULL; + esys_context->session_tab1 = NULL; + esys_context->session_tab2 = NULL; + esysHandleNode->rsrc.handle = tpm_handle; + esys_context->esys_handle = esys_handle; + shandle1 = ESYS_TR_NONE; + shandle2 = ESYS_TR_NONE; + shandle3 = ESYS_TR_NONE; + } else { + esys_handle = esysHandleNode->esys_handle; + esys_context->esys_handle = esys_handle; + } if (tpm_handle >= TPM2_NV_INDEX_FIRST && tpm_handle <= TPM2_NV_INDEX_LAST) { r = Esys_NV_ReadPublic_Async(esys_context, esys_handle, shandle1, @@ -189,6 +218,7 @@ TSS2_RC r = TSS2_RC_SUCCESS; ESYS_TR objectHandle = ESYS_TR_NONE; RSRC_NODE_T *objectHandleNode; + bool first_call; _ESYS_ASSERT_NON_NULL(esys_context); @@ -197,6 +227,9 @@ r = esys_GetResourceObject(esys_context, objectHandle, &objectHandleNode); goto_if_error(r, "get resource", error_cleanup); + /* Check whether the object was already initialized. */ + first_call = !objectHandleNode->rsrc.rsrcType; + if (objectHandleNode->rsrc.handle >= TPM2_NV_INDEX_FIRST && objectHandleNode->rsrc.handle <= TPM2_NV_INDEX_LAST) { TPM2B_NV_PUBLIC *nvPublic; @@ -209,13 +242,27 @@ } goto_if_error(r, "Error NV_ReadPublic", error_cleanup); - objectHandleNode->rsrc.rsrcType = IESYSC_NV_RSRC; - objectHandleNode->rsrc.name = *nvName; - objectHandleNode->rsrc.misc.rsrc_nv_pub = *nvPublic; + bool is_nvname_mismatch = false; + if (first_call) { + objectHandleNode->rsrc.rsrcType = IESYSC_NV_RSRC; + objectHandleNode->rsrc.name = *nvName; + objectHandleNode->rsrc.misc.rsrc_nv_pub = *nvPublic; + } else { + if (objectHandleNode->rsrc.name.size != nvName->size || + memcmp(&objectHandleNode->rsrc.name.name0, &nvName->name0, nvName->size) != 0) { + is_nvname_mismatch = true; + } + } SAFE_FREE(nvPublic); SAFE_FREE(nvName); - } else if(objectHandleNode->rsrc.handle >> TPM2_HR_SHIFT == TPM2_HT_LOADED_SESSION - || objectHandleNode->rsrc.handle >> TPM2_HR_SHIFT == TPM2_HT_SAVED_SESSION) { + if (is_nvname_mismatch) { + goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, + "Name mismatch between two calls of Esys_TR_FromTPMPublic", + error_cleanup); + } + } + else if(objectHandleNode->rsrc.handle >> TPM2_HR_SHIFT == TPM2_HT_LOADED_SESSION + || objectHandleNode->rsrc.handle >> TPM2_HR_SHIFT == TPM2_HT_SAVED_SESSION) { objectHandleNode->rsrc.rsrcType = IESYSC_DEGRADED_SESSION_RSRC; } else { TPM2B_PUBLIC *public; @@ -230,15 +277,45 @@ } goto_if_error(r, "Error ReadPublic", error_cleanup); - objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC; - objectHandleNode->rsrc.name = *name; - objectHandleNode->rsrc.misc.rsrc_key_pub = *public; + if (first_call) { + objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC; + objectHandleNode->rsrc.name = *name; + objectHandleNode->rsrc.misc.rsrc_key_pub = *public; + } else { + if (objectHandleNode->rsrc.name.size != name->size || + memcmp(&objectHandleNode->rsrc.name.name0, &name->name0, name->size) != 0) { + goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, + "Name mismatch between two calls of Esys_TR_FromTPMPublic", + error_cleanup); + } + } SAFE_FREE(public); SAFE_FREE(name); SAFE_FREE(qualifiedName); } - *object = objectHandle; - return TSS2_RC_SUCCESS; + + if (esys_context->sav_session1 != ESYS_TR_NONE && first_call) { + /* Initialize second call if session is used */ + r = init_session_tab(esys_context, esys_context->sav_session1, + esys_context->sav_session2, esys_context->sav_session3); + return_if_error(r, "Initialize session resources"); + + iesys_compute_session_value(esys_context->session_tab0, + &objectHandleNode->rsrc.name, NULL); + iesys_compute_session_value(esys_context->session_tab1, NULL, NULL); + iesys_compute_session_value(esys_context->session_tab2, NULL, NULL); + r = Esys_TR_FromTPMPublic_Async(esys_context, objectHandleNode->rsrc.handle, + esys_context->session_tab0->esys_handle, + esys_context->session_tab1 ? + esys_context->session_tab1->esys_handle : ESYS_TR_NONE, + esys_context->session_tab2 ? + esys_context->session_tab2->esys_handle : ESYS_TR_NONE); + return_if_error(r, "Error TR FromTPMPublic"); + return TSS2_ESYS_RC_TRY_AGAIN; + } else { + *object = objectHandle; + return TSS2_RC_SUCCESS; + } error_cleanup: Esys_TR_Close(esys_context, &objectHandle); @@ -373,7 +450,7 @@ * @retval TSS2_RC_SUCCESS on Success. * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext is NULL. * @retval TSS2_ESYS_RC_BAD_TR if the ESYS_TR object is unknown to the - * ESYS_CONTEXT. + * ESYS_CONTEXT or it equals ESYS_TR_NONE. */ TSS2_RC Esys_TR_SetAuth(ESYS_CONTEXT * esys_context, ESYS_TR esys_handle, @@ -384,6 +461,9 @@ TPMI_ALG_HASH name_alg = TPM2_ALG_NULL; _ESYS_ASSERT_NON_NULL(esys_context); + if (esys_handle == ESYS_TR_NONE) { + return_error(TSS2_ESYS_RC_BAD_TR, "esys_handle can't be ESYS_TR_NONE."); + } r = esys_GetResourceObject(esys_context, esys_handle, &esys_object); if (r != TPM2_RC_SUCCESS) return r; @@ -421,6 +501,7 @@ * @retval TSS2_ESYS_RC_MEMORY if needed memory can't be allocated. * @retval TSS2_ESYS_RC_GENERAL_FAILURE for errors of the crypto library. * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext is NULL. + * @retval TSS2_ESYS_RC_BAD_TR if the handle is invalid. * @retval TSS2_SYS_RC_* for SAPI errors. */ TSS2_RC @@ -431,6 +512,10 @@ TSS2_RC r; _ESYS_ASSERT_NON_NULL(esys_context);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-esys/tss2-esys.vcxproj -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-esys/tss2-esys.vcxproj
Changed
@@ -69,13 +69,13 @@ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> <WarningLevel>Level3</WarningLevel> <Optimization>Disabled</Optimization> - <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ClCompile> <Link> <TargetMachine>MachineX86</TargetMachine> <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Windows</SubSystem> - <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup> @@ -84,7 +84,7 @@ <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <WarningLevel>Level3</WarningLevel> - <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> </ClCompile> <Link> <TargetMachine>MachineX86</TargetMachine> @@ -92,27 +92,27 @@ <SubSystem>Windows</SubSystem> <EnableCOMDATFolding>true</EnableCOMDATFolding> <OptimizeReferences>true</OptimizeReferences> - <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ClCompile> - <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> </ClCompile> <Link> - <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ClCompile> - <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> </ClCompile> <Link> - <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup>
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_ChangeAuth.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_ChangeAuth.c
Changed
@@ -262,6 +262,8 @@ TSS2_RC r; ESYS_TR auth_session; + size_t n_slash, len_path, len_hierachy; + char *path; /* Check for NULL parameters */ check_not_null(context); @@ -305,6 +307,14 @@ if (command->hierarchy_handle) { /* Set the correct re-entry state for handling hierarchies. */ context->state = ENTITY_CHANGE_AUTH_HIERARCHY_READ; + + /* Compute the list of all objects stored in keystore. */ + r = ifapi_keystore_list_all(&context->keystore, "/", &command->pathlist, + &command->numPaths); + goto_if_error(r, "get entities.", error_cleanup); + + command->numPathsCleanup = command->numPaths; + /* Load the hierarchy's metadata from the keystore. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, command->entityPath); @@ -529,10 +539,49 @@ &command->newAuthValue); return_try_again(r); goto_if_error(r, "Change auth hierarchy.", error_cleanup); + fallthrough; - /* Jump over to the AUTH_WRITE_PREPARE state for storing the - new metadata to the keystore. */ - context->state = ENTITY_CHANGE_AUTH_WRITE_PREPARE; + statecase(context->state, ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_PREPARE) + if (command->numPaths == 0) { + context->state = ENTITY_CHANGE_AUTH_CLEANUP; + return TSS2_FAPI_RC_TRY_AGAIN; + } + command->numPaths += -1; + len_hierachy = strlen(command->entityPath); + len_path = strlen(command->pathlistcommand->numPaths); + while (!(len_hierachy < len_path && + strcmp(command->entityPath, + &command->pathlistcommand->numPathslen_path - len_hierachy) == 0)) { + if (command->numPaths == 0) { + context->state = ENTITY_CHANGE_AUTH_CLEANUP; + return TSS2_FAPI_RC_TRY_AGAIN; + } + command->numPaths += -1; + len_path = strlen(command->pathlistcommand->numPaths); + } + n_slash = 0; + path = &command->pathlistcommand->numPathslen_path - len_hierachy; + while(*path) if (*path++ == '/') ++n_slash; + if (n_slash > 2) { + /* No hierarchy */ + return TSS2_FAPI_RC_TRY_AGAIN; + } + + /* Start writing the hierarchy object to the key store */ + r = ifapi_keystore_store_async(&context->keystore, &context->io, + command->pathlistcommand->numPaths, + object); + goto_if_error_reset_state(r, "Could not open: %sh", error_cleanup, + command->entityPath); + fallthrough; + + statecase(context->state, ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_FINISH) + /* Finish writing the object to the key store */ + r = ifapi_keystore_store_finish(&context->io); + return_try_again(r); + return_if_error_reset_state(r, "write_finish failed"); + + context->state = ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_PREPARE; return TSS2_FAPI_RC_TRY_AGAIN; statecasedefault(context->state); @@ -552,6 +601,12 @@ ifapi_cleanup_ifapi_object(command->key_object); SAFE_FREE(command->entityPath); SAFE_FREE(command->authValue); + if (command->pathlist) { + for (size_t i = 0; i < command->numPathsCleanup; i++) { + SAFE_FREE(command->pathlisti); + } + SAFE_FREE(command->pathlist); + } LOG_TRACE("finished"); return r; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Decrypt.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Decrypt.c
Changed
@@ -159,7 +159,7 @@ size_t cipherTextSize) { LOG_TRACE("called for context:%p", context); - LOG_TRACE("cipherText: %s", cipherText); + LOGBLOB_TRACE(cipherText, cipherTextSize, "cipherText"); TSS2_RC r;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Delete.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Delete.c
Changed
@@ -31,7 +31,7 @@ * is the first element of the path in the file list. * * @paramin path The part of the path without profile to be moved. - * @paramin profile_name The profile_name must be the firt part of + * @paramin profile_name The profile_name must be the first part of * the path to be moved. * @paramin,out file_ary The path array. * @paramin n The size of the array. @@ -73,7 +73,7 @@ /** Search a path for a certain profile in the path list. * - * @paramin profile_name The profile_name must be the firt part of + * @paramin profile_name The profile_name must be the first part of * the path to be moved. * @paramin path The part of the path without profile to be moved. * @paramin,out file_ary The path array. @@ -168,7 +168,7 @@ * @retval TSS2_FAPI_RC_BAD_PATH: if path can't be used for deleting. * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory for * internal operations or return parameters. - * @retval TSS2_FAPI_RC_GENERAL_FAILURE if an internal error occured. + * @retval TSS2_FAPI_RC_GENERAL_FAILURE if an internal error occurred. * @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. * @retval TSS2_FAPI_RC_BAD_VALUE if an invalid value was passed into * the function. @@ -357,7 +357,7 @@ * the function. * @retval TSS2_ESYS_RC_* possible error codes of ESAPI. * @retval TSS2_FAPI_RC_NOT_PROVISIONED FAPI was not provisioned. - * @retval TSS2_FAPI_RC_GENERAL_FAILURE if an internal error occured. + * @retval TSS2_FAPI_RC_GENERAL_FAILURE if an internal error occurred. */ TSS2_RC Fapi_Delete_Async( @@ -419,14 +419,14 @@ /* No session will be needed these files can be deleted without interaction with the TPM */ r = ifapi_non_tpm_mode_init(context); - return_if_error(r, "Initialize Entity_Delete"); + goto_if_error(r, "Initialize Entity_Delete", error_cleanup); context->session1 = ESYS_TR_NONE; context->state = ENTITY_DELETE_GET_FILE; } else { /* Check whether TCTI and ESYS are initialized */ - return_if_null(context->esys, "Command can't be executed in none TPM mode.", - TSS2_FAPI_RC_NO_TPM); + goto_if_null(context->esys, "Command can't be executed in none TPM mode.", + TSS2_FAPI_RC_NO_TPM, error_cleanup); /* If the async state automata of FAPI shall be tested, then we must not set the timeouts of ESYS to blocking mode. @@ -435,12 +435,12 @@ to block until a result is available. */ #ifndef TEST_FAPI_ASYNC r = Esys_SetTimeout(context->esys, TSS2_TCTI_TIMEOUT_BLOCK); - return_if_error_reset_state(r, "Set Timeout to blocking"); + goto_if_error_reset_state(r, "Set Timeout to blocking", error_cleanup); #endif /* TEST_FAPI_ASYNC */ /* A TPM session will be created to enable object authorization */ r = ifapi_session_init(context); - return_if_error(r, "Initialize Entity_Delete"); + goto_if_error(r, "Initialize Entity_Delete", error_cleanup); r = ifapi_get_sessions_async(context, IFAPI_SESSION_GENEK | IFAPI_SESSION1, @@ -642,18 +642,27 @@ fallthrough; statecase(context->state, ENTITY_DELETE_KEY_WAIT_FOR_AUTHORIZATION); + /* Delete persistent object if not prohibited. */ if (object->misc.key.persistent_handle) { - r = ifapi_authorize_object(context, authObject, &auth_session); - FAPI_SYNC(r, "Authorize hierarchy.", error_cleanup); - - /* Delete the persistent handle from the TPM. */ - r = Esys_EvictControl_Async(context->esys, ESYS_TR_RH_OWNER, - object->handle, - auth_session, - ESYS_TR_NONE, ESYS_TR_NONE, + if (object->misc.key.delete_prohibited) { + LOG_ERROR("Failed to delete TPM key (%s) because it was not " + "created by the tss Feature API", + command->pathlistcommand->path_idx); + context->state = ENTITY_DELETE_FILE; + return TSS2_FAPI_RC_TRY_AGAIN; + } else { + r = ifapi_authorize_object(context, authObject, &auth_session); + FAPI_SYNC(r, "Authorize hierarchy.", error_cleanup); + + /* Delete the persistent handle from the TPM. */ + r = Esys_EvictControl_Async(context->esys, ESYS_TR_RH_OWNER, + object->handle, + auth_session, + ESYS_TR_NONE, ESYS_TR_NONE, object->misc.key.persistent_handle); - goto_if_error(r, "Evict Control", error_cleanup); - context->state = ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY; + goto_if_error(r, "Evict Control", error_cleanup); + context->state = ENTITY_DELETE_NULL_AUTH_SENT_FOR_KEY; + } } else { context->state = ENTITY_DELETE_FILE; return TSS2_FAPI_RC_TRY_AGAIN;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Encrypt.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Encrypt.c
Changed
@@ -405,7 +405,6 @@ SAFE_FREE(tpmCipherText); SAFE_FREE(command->keyPath); SAFE_FREE(command->in_data); - SAFE_FREE(command->out_data); ifapi_session_clean(context); LOG_TRACE("finished"); return r;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_GetEsysBlob.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_GetEsysBlob.c
Changed
@@ -157,8 +157,8 @@ authObject->objectType = IFAPI_OBJ_NONE; /* Check whether TCTI and ESYS are initialized */ - return_if_null(context->esys, "Command can't be executed in none TPM mode.", - TSS2_FAPI_RC_NO_TPM); + goto_if_null(context->esys, "Command can't be executed in none TPM mode.", + TSS2_FAPI_RC_NO_TPM, error_cleanup); /* If the async state automata of FAPI shall be tested, then we must not set the timeouts of ESYS to blocking mode. @@ -167,12 +167,12 @@ to block until a result is available. */ #ifndef TEST_FAPI_ASYNC r = Esys_SetTimeout(context->esys, TSS2_TCTI_TIMEOUT_BLOCK); - return_if_error_reset_state(r, "Set Timeout to blocking"); + goto_if_error_reset_state(r, "Set Timeout to blocking", error_cleanup); #endif /* TEST_FAPI_ASYNC */ /* A TPM session will be created to enable object authorization */ r = ifapi_session_init(context); - return_if_error(r, "Initialize GetEsysBlob"); + goto_if_error(r, "Initialize GetEsysBlob", error_cleanup); context->state = GET_ESYS_BLOB_GET_FILE; @@ -395,7 +395,7 @@ ifapi_cleanup_ifapi_object(object); ifapi_cleanup_ifapi_object(key_object); SAFE_FREE(command->path); - SAFE_FREE(*data); + SAFE_FREE(command->data); SAFE_FREE(key_context); ifapi_session_clean(context); ifapi_cleanup_ifapi_object(&context->loadKey.auth_object);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_GetPlatformCertificates.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_GetPlatformCertificates.c
Changed
@@ -156,6 +156,7 @@ /* Initialize the context state for this operation. */ context->state = GET_PLATFORM_CERTIFICATE; + context->get_cert_state = GET_CERT_INIT; LOG_TRACE("finished"); return TSS2_RC_SUCCESS;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Import.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Import.c
Changed
@@ -159,6 +159,8 @@ IFAPI_OBJECT *object = &command->object; IFAPI_EXT_PUB_KEY * extPubKey = &object->misc.ext_pub_key; IFAPI_DUPLICATE * keyTree = &object->misc.key_tree; + command->private = NULL; + command->parent_path = NULL; if (context->state != _FAPI_STATE_INIT) { return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State");
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Provision.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Provision.c
Changed
@@ -354,6 +354,10 @@ TPMA_OBJECT *attributes; char *description, *path; ESYS_TR auth_session; + TPM2B_NAME *srk_name = NULL, *srk_name_persistent = NULL; + ESYS_TR srk_persistent_handle; + ESYS_TR ek_handle = ESYS_TR_NONE; + switch (context->state) { /* Read all hierarchies from keystore. */ @@ -507,6 +511,7 @@ fallthrough; statecase(context->state, PROVISION_WAIT_FOR_GET_CAP0); + command->srk_exists = false; if (command->public_templ.persistent_handle) { r = Esys_GetCapability_Finish(context->esys, &moreData, capabilityData); return_try_again(r); @@ -516,10 +521,9 @@ if ((*capabilityData)->data.handles.count != 0 && (*capabilityData)->data.handles.handle0 == command->public_templ.persistent_handle) { - SAFE_FREE(*capabilityData); - goto_error(r, TSS2_FAPI_RC_BAD_VALUE, - "SRK persistent handle already defined", error_cleanup); + command->srk_exists = true; } + SAFE_FREE(*capabilityData); } @@ -582,16 +586,32 @@ pkey->persistent_handle = command->public_templ.persistent_handle; - /* Prepare making the EK permanent. */ - r = Esys_EvictControl_Async(context->esys, hierarchy_hs->handle, - pkeyObject->handle, ESYS_TR_PASSWORD, ESYS_TR_NONE, - ESYS_TR_NONE, pkey->persistent_handle); - goto_if_error(r, "Error Esys EvictControl", error_cleanup); - context->state = PROVISION_WAIT_FOR_EK_PERSISTENT; + if (hierarchy_hs->misc.hierarchy.with_auth == TPM2_YES || + hierarchy_hs->misc.hierarchy.authPolicy.size) { + context->state = PROVISION_AUTHORIZE_HS_FOR_EK_EVICT; + auth_session = ESYS_TR_PASSWORD; + } else { + context->state = PROVISION_PREPARE_EK_EVICT; + } return TSS2_FAPI_RC_TRY_AGAIN; } + context->state = PROVISION_INIT_GET_CAP2; + return TSS2_FAPI_RC_TRY_AGAIN; + + statecase(context->state, PROVISION_AUTHORIZE_HS_FOR_EK_EVICT); + r = ifapi_authorize_object(context, hierarchy_hs, &auth_session); + FAPI_SYNC(r, "Authorize hierarchy.", error_cleanup); fallthrough; + statecase(context->state, PROVISION_PREPARE_EK_EVICT); + r = Esys_EvictControl_Async(context->esys, hierarchy_hs->handle, + pkeyObject->handle, ESYS_TR_PASSWORD, ESYS_TR_NONE, + ESYS_TR_NONE, pkey->persistent_handle); + + goto_if_error(r, "Error Esys EvictControl", error_cleanup); + context->state = PROVISION_WAIT_FOR_EK_PERSISTENT; + return TSS2_FAPI_RC_TRY_AGAIN; + statecase(context->state, PROVISION_INIT_GET_CAP2); if (context->config.ek_cert_less == TPM2_YES) { /* Skip certificate validation. */ @@ -957,6 +977,53 @@ return_try_again(r); goto_if_error(r, "Init primary finish.", error_cleanup); + if (command->public_templ.persistent_handle & command->srk_exists) { + + /* It has to be checked whether the public data of the existing persistent + SRK is equal to the public data of the generated key. */ + r = Esys_TR_FromTPMPublic_Async(context->esys, + command->public_templ.persistent_handle, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE); + goto_if_error(r, "Read public async", error_cleanup); + + } else { + context->state = PROVISION_CHECK_SRK_EVICT_CONTROL; + return TSS2_FAPI_RC_TRY_AGAIN; + } + fallthrough; + + statecase(context->state, PROVISION_SRK_GET_PERSISTENT_NAME); + + /* Create the esys object for the persistent key. */ + r = Esys_TR_FromTPMPublic_Finish(context->esys, &srk_persistent_handle); + goto_if_error(r, "TR_FromTPMPublic finish", error_cleanup); + + /* Determine the name of the generated key. */ + r = Esys_TR_GetName(context->esys, context->srk_handle, &srk_name); + goto_if_error(r, "Get srk name", error_cleanup); + + /* Determine the name of the persistent key. */ + r = Esys_TR_GetName(context->esys, srk_persistent_handle, + &srk_name_persistent); + goto_if_error(r, "Get srk name", error_cleanup); + + /* Compare the name of the generated key with the name of the + persistent key. */ + if (srk_name->size != srk_name_persistent->size || + memcmp(&srk_name->name0, &srk_name_persistent->name0, + srk_name->size) != 0) { + /* The persistent key cannot be used. */ + goto_error(r, TSS2_FAPI_RC_BAD_VALUE, + "SRK persistent handle already defined", error_cleanup); + } + LOG_INFO("An existing persistent primary (handle %x) key will be used.", + command->public_templ.persistent_handle); + SAFE_FREE(srk_name_persistent); + SAFE_FREE(srk_name); + context->state = PROVISION_SRK_WRITE_PREPARE; + return TSS2_FAPI_RC_TRY_AGAIN; + + statecase(context->state, PROVISION_CHECK_SRK_EVICT_CONTROL); /* Check whether a persistent SRK handle was defined in profile. */ if (command->public_templ.persistent_handle) { /* Assign found handle to object */ @@ -980,6 +1047,11 @@ pkeyObject->objectType = IFAPI_KEY_OBJ; pkeyObject->system = command->public_templ.system; + /* Prohibit deletion of already exiting persistent SRK */ + if (command->public_templ.persistent_handle & command->srk_exists) { + pkeyObject->misc.key.delete_prohibited = TPM2_YES; + } + /* Perform esys serialization if necessary */ r = ifapi_esys_serialize_object(context->esys, pkeyObject); goto_if_error(r, "Prepare serialization", error_cleanup); @@ -1028,8 +1100,7 @@ * Adaption of the lockout hierarchy to the passed parameters * and the current profile. */ - if (!command->authValueLockout || - strcmp(command->authValueLockout, "") == 0) { + if (!command->authValueLockout) { context->state = PROVISION_LOCKOUT_CHANGE_POLICY; /* Auth value of lockout hierarchy will not be changed. */ return TSS2_FAPI_RC_TRY_AGAIN; @@ -1067,22 +1138,16 @@ return TSS2_FAPI_RC_TRY_AGAIN; statecase(context->state, PROVISION_WAIT_FOR_EK_PERSISTENT); + ek_handle = pkeyObject->handle; r = Esys_EvictControl_Finish(context->esys, &pkeyObject->handle); return_try_again(r); - /* Retry with authorization callback after trial with null auth */ - if (number_rc(r) == TPM2_RC_BAD_AUTH && - hierarchy_hs->misc.hierarchy.with_auth == TPM2_NO) { - char* description; - r = ifapi_get_description(hierarchy_hs, &description); - return_if_error(r, "Get description"); - - r = ifapi_set_auth(context, hierarchy_hs, "CreatePrimary"); - SAFE_FREE(description); - goto_if_error_reset_state(r, "Create EK", error_cleanup); - + if (number_rc(r) == TPM2_RC_BAD_AUTH + && hierarchy_hs->misc.hierarchy.with_auth == TPM2_NO) { hierarchy_hs->misc.hierarchy.with_auth = TPM2_YES; - context->state = PROVISION_WAIT_FOR_SRK_PERSISTENT; + /* Public handle was changed to 0xfff in the error case. */ + pkeyObject->handle = ek_handle; + context->state = PROVISION_AUTHORIZE_HS_FOR_EK_EVICT; return TSS2_FAPI_RC_TRY_AGAIN; } goto_if_error(r, "Evict control failed", error_cleanup); @@ -1458,6 +1523,8 @@ SAFE_FREE(command->pem_cert); SAFE_FREE(certData); SAFE_FREE(nvPublic); + SAFE_FREE(srk_name); + SAFE_FREE(srk_name_persistent); if (command->numHierarchyObjects > 0) { for (i = 0; i < command->numHierarchyObjects; i++) { ifapi_cleanup_ifapi_object(&command->hierarchiesi);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Quote.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Quote.c
Changed
@@ -246,6 +246,7 @@ /* Initialize the context state for this operation. */ context->state = PCR_QUOTE_WAIT_FOR_GET_CAP; + command->handle = ESYS_TR_NONE; LOG_TRACE("finished"); return TSS2_RC_SUCCESS; @@ -393,6 +394,7 @@ /* Flush the key used for the quote. */ r = Esys_FlushContext_Async(context->esys, command->handle); goto_if_error(r, "Error: FlushContext", error_cleanup); + command->handle = ESYS_TR_NONE; fallthrough; @@ -472,6 +474,9 @@ ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_cleanup_ifapi_object(command->key_object); ifapi_session_clean(context); + if (command->handle != ESYS_TR_NONE) { + Esys_FlushContext(context->esys, command->handle); + } LOG_TRACE("finished"); return r; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_Sign.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_Sign.c
Changed
@@ -285,7 +285,7 @@ r = ifapi_load_key(context, command->keyPath, &command->key_object); return_try_again(r); - goto_if_error(r, "Fapi load key.", error_cleanup); + goto_if_error(r, "Fapi load key.", cleanup); fallthrough; @@ -296,12 +296,12 @@ &command->publicKey, (certificate) ? &command->certificate : NULL); return_try_again(r); - goto_if_error(r, "Fapi sign.", error_cleanup); + goto_if_error(r, "Fapi sign.", cleanup); /* Convert the TPM datatype signature to something useful for the caller. */ r = ifapi_tpm_to_fapi_signature(command->key_object, command->tpm_signature, &command->ret_signature, &resultSignatureSize); - goto_if_error(r, "Create FAPI signature.", error_cleanup); + goto_if_error(r, "Create FAPI signature.", cleanup); if (signatureSize) command->signatureSize = resultSignatureSize; @@ -310,7 +310,7 @@ statecase(context->state, KEY_SIGN_CLEANUP) /* Cleanup the session used for authorization. */ r = ifapi_cleanup_session(context); - try_again_or_error_goto(r, "Cleanup", error_cleanup); + try_again_or_error_goto(r, "Cleanup", cleanup); if (certificate) *certificate = command->certificate; @@ -325,15 +325,15 @@ statecasedefault(context->state); } -error_cleanup: + cleanup: /* Cleanup any intermediate results and state stored in the context. */ + ifapi_cleanup_ifapi_object(command->key_object); + ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); + ifapi_cleanup_ifapi_object(context->loadKey.key_object); SAFE_FREE(command->tpm_signature); SAFE_FREE(command->keyPath); SAFE_FREE(command->padding); ifapi_session_clean(context); - ifapi_cleanup_ifapi_object(command->key_object); - ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); - ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); LOG_TRACE("finished"); return r;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/api/Fapi_VerifyQuote.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/api/Fapi_VerifyQuote.c
Changed
@@ -202,11 +202,14 @@ strdup_check(command->keyPath, publicKeyPath, r, error_cleanup); strdup_check(command->quoteInfo, quoteInfo, r, error_cleanup); strdup_check(command->logData, pcrLog, r, error_cleanup); + command->event_list = NULL; if (qualifyingData != NULL) { FAPI_COPY_DIGEST(&command->qualifyingData.buffer0, command->qualifyingData.size, qualifyingData, qualifyingDataSize); + } else { + command->qualifyingData.size = 0; } /* Load the key for verification from the keystore. */ @@ -289,6 +292,16 @@ &command->fapi_quote_info.sig_scheme); goto_if_error(r, "Verify signature.", error_cleanup); + /* Check qualifying data */ + if (command->qualifyingData.size != command->fapi_quote_info.attest.extraData.size || + memcmp(&command->qualifyingData.buffer0, + &command->fapi_quote_info.attest.extraData.buffer0, + command->qualifyingData.size) != 0) { + context->state = _FAPI_STATE_INIT; + goto_error(r, TSS2_FAPI_RC_SIGNATURE_VERIFICATION_FAILED, + "Invalid qualifying data for quote", error_cleanup); + } + /* If no logData was provided then the operation is done. */ if (!command->logData) { context->state = _FAPI_STATE_INIT;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/fapi_certificates.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/fapi_certificates.h
Changed
@@ -42,6 +42,76 @@ "6sJa8iBpdRjZrBp5sJBI\n" "-----END CERTIFICATE-----\n", + /* IFX RSA root certificate 2 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIFsTCCA5mgAwIBAgIBWTANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJERTEh\n" + "MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n" + "R0EoVE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgUlNB\n" + "IFJvb3QgQ0EgMjAgFw0xOTExMjIwMDAwMDBaGA8yMDU0MTEyMjIzNTk1OVoweTEL\n" + "MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEb\n" + "MBkGA1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBP\n" + "UFRJR0EoVE0pIFJTQSBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n" + "ggIKAoICAQClvyAQlJNoJwAXwO5AojnaZO3rYqEbnox1r4jVvsjVnbDYSm9qYMIh\n" + "X0lEweLh3GmC/B0VgN0eoVTdfUZ/H9laK+PETmzQnKya8Gsq/XSCq8nWKslTgdoY\n" + "w44ddSBrTKoLWLPb8VW0FU0YIZaQEdXtWCQ2UqP+3Y6HbR8+RPO5DW64VsaGbeDx\n" + "VZgskZauH0oZ4eU7pCa9z6WwhExHMqgTOMHNuCgAWD/OkxqBsS74/2L4nv6zJD9+\n" + "yPLF3PjbVolC5WzR8M3ZUhN2iGp9V80/SEmj8SGS/z5l0cIwqua9DLhj/VCTo2Tl\n" + "qJ1hjQVaKYRnPaLPnxOmjbwPkCBO/Tj4jHVLfjk1XArSR3tjZK2CvRERweLC/XdK\n" + "doJuPPASeR8qmbhaj39wHBT5CTpJ8Hlh3uL1nMpeRJHJ0qM+7enirx/7WPuoI6FZ\n" + "N9xEWh7k6kma8wjjettN8r8qHBJjQN6IeJ8p2dETfRK+Wva718S2TKf3RyrD2aX3\n" + "RUGjFPxZcwDAX+YlqW7p03/77nf1SYnvyX7EyTZ99fRUjghVnM2tnTC4Soi6Sv1Z\n" + "oXxWFSOMUeRb3YN+OlWvqnVIJ1UNiTe5l1qCnEE+P+lj87sSjwSP63ME4xaNFmlT\n" + "v50t3+Gxpj92h8/owOpUBTD1uwLiZNDXhBE3qTtqO5T655ulTBsiZQIDAQABo0Iw\n" + "QDAdBgNVHQ4EFgQU+0/LDx9uXdViIvTFSiU55L1NaigwDgYDVR0PAQH/BAQDAgAG\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFUkfuMp8AubFwcY\n" + "id4j4W5d3vTkSHxLWQ+ILgw8t3goF/Zp1ikDJMPVynEaVEIet5qjT5jZe56j0HkI\n" + "gyrOtjUxXXXvjSYEiUsoghp4ECM6EMj3nUmSqFkP8A9eGLtfpjTDFml0kPsBrK3e\n" + "o0+moWLvRsFRL9wVKKu2OTdA3aUG8hfNocvu/H7yqsLNg1DAwmhBajQl3PtICjPB\n" + "xUmhE1mxq998CVvdId7PqkTrBmUK8mNTNnLsDqFP2API//XxPWI9/LCib4StwM1w\n" + "v0ECNelb/bAw3FDx6HcJqkA8mRqfjg+cngOCPQXa3MWXbod5RM6DzQhwgAaofSlv\n" + "PzZGZvOu84FILJkSxj9ZpPVDy3bgTS2AE9Iy0C6y/1GyeHhDYFYdxg40osoCOBxu\n" + "1WwsEPr0FkYYXX2YSRa3MmrkkWzXrgx1JKzJB6p/mQ14j1R3eMiYWKx5DjtkAmM9\n" + "9qsnIU42jIpbwvQF1YC41GYclP2pX45LmDGTWgBDSBBtjEPnn2gwYH6uaSR3zndx\n" + "nqu/imr4HSyvrsIGNak5RLEed8e02nbjTAehOLAZGdj+TMnvbQBS0AiZZO3qWx9T\n" + "/ABQ8gFSGgorfvS5Lg7ANIiBSsCsVIa28I2eiYrJZatuFAo1Xg4z3n2kvL7S1wZy\n" + "8MZsUVujMk+IInhi81MQZFUR2QbA\n" + "-----END CERTIFICATE-----\n", + + /* IFX RSA root certificate 3 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIFsTCCA5mgAwIBAgIBbDANBgkqhkiG9w0BAQwFADB5MQswCQYDVQQGEwJERTEh\n" + "MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n" + "R0EoVE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgUlNB\n" + "IFJvb3QgQ0EgMzAgFw0yMTAzMTgwMDAwMDBaGA8yMDk5MTIzMTIzNTk1OVoweTEL\n" + "MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEb\n" + "MBkGA1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBP\n" + "UFRJR0EoVE0pIFJTQSBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n" + "ggIKAoICAQC/+dr0NstkJ4CW9dZrln8mzPB/hG+5RoKZTJQrPRH2wdWxEN/T/wu1\n" + "0CEPOIxgXnDB+PaoUNpQ7AUI2SaVhT9/JRvy6XzQLY/ab40lvI1FvpXMyqdxj268\n" + "g6Zdt6zsVd4bLLEMucCoEQhZH3gZHQhJear1PNHF6iCcDqXhFvxSR9A8mat5vgGs\n" + "M1er0RwvYy3kAjdW+GDVHN4ezs4WINLem0M88HTr1HGXWnE9EPbLjHEXNOzRgEjs\n" + "Bv8TLbbJ0HXQAxpVWJH9XbtZjBGqdeJNnsIuOg3mFn8MUitavClVXg6LVOnmRjpx\n" + "LrdvEwmrTH0DtxduQ6pD4GaaNEIsgwZWu0pAAitmw2dRTI+OwTNj3hrjCsO+tkuV\n" + "01WaElAWccNyAPr3jDAFK13mrvgDzlBCCsBrNBUQVUGMZKNbDTkgFk7r4ZJPBcAj\n" + "TRQxKwwMUyMvXMp6pG2sP+V66JooYk7IPgvIE6fFQi+QfN7v8awgAWhSX88xFKse\n" + "aflZ4S1Dp/E+QsZF5p1R4RQio5IsaKjVstvAbd/GzTNNHk30YKOktLPr2qdtXJZD\n" + "3AKwoW2X9zb2VuBPX360HLf9rtX5XL3xQZvhIZbSA1Q9T4/VOIBewCRVKjWSTmha\n" + "x5dymh1xh+27w3UgbD6ivdbwQOm8FX8ntXElnUwy3Uwq6kSUBCKNPQIDAQABo0Iw\n" + "QDAdBgNVHQ4EFgQUYh5hb/65MYZudXjknzpeQ1LRTp8wDgYDVR0PAQH/BAQDAgAG\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAGpa0nrH8mvlpBY1\n" + "W8Ths/Cz0Kd0d5lbo+ax8VwiUgHpOZ1hVu0udI4SDi2sYkIV6xEZqYjl0OV4YI/3\n" + "1tF6Fvbig5iqsgKF77WxIMSRoul2biI7qVp0tfic8L9lQt7VYpZjuEsxl9DPsbiK\n" + "N8nVcCUP6ffOqKNyzPi822bGdBQTlWTv+krFt98MB1ND6QL9L06TOSC6pXyvUalr\n" + "fNCDRdqE5S+h8O3bgib17iVWxX/Xr5vfZLr+o+1gMyBayurUKMwJggoIVc4nyb6n\n" + "vag2YeY0qlbnjai8etJ/KhKzpV9ahWNNxuh12baQ/wFNfovbmrV1JKX6FjaahHsE\n" + "WzTkLyDqZPg29rmD5ImWW6DERi2BPNcPxhFT5vL5iKHphFLU9NgF3uvdnLiiETLK\n" + "cs20D1jjz0kHKWxb3BDmbgVVgsAVvWt4KyvwKuzBT0goNaFafLIvm5w9sB4gJR5z\n" + "EW8lXVDnjdetk1MKZhy0Rt0kG0CBNIh1t1F8PHCMKik3V5zI+TZP7TfJn1Rzg+7F\n" + "dUMbkxmNOzCHBi7luR1eYO0nDSsLsQ/+Kth20RL1VZSETKaTP/GZhjl2OFJwwkmi\n" + "h3K7BFqxU5Uozd5ZIYU+OEPbKajjkIDe6sbSuwCyYaB56Mmc1CjzBdkTKBnyluil\n" + "aJMJqCHSQs0BoOVxi2dwZpQvHB6p\n" + "-----END CERTIFICATE-----\n", + /* IFX ECC root certificate */ "-----BEGIN CERTIFICATE-----\n" "MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G\n" @@ -59,6 +129,44 @@ "+O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA==\n" "-----END CERTIFICATE-----\n", + /* IFX ECC root certificate 2 */ + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAg6gAwIBAgIBWjAKBggqhkjOPQQDBDB5MQswCQYDVQQGEwJERTEhMB8G\n" + "A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo\n" + "VE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgRUNDIFJv\n" + "b3QgQ0EgMjAgFw0xOTExMjIwMDAwMDBaGA8yMDU0MTEyMjIzNTk1OVoweTELMAkG\n" + "A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEbMBkG\n" + "A1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBPUFRJ\n" + "R0EoVE0pIEVDQyBSb290IENBIDIwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABD\n" + "6MnFaakBVM/vveSWg55BTIdxWdxAzGf2+fEUo5b9hMF6kVSWaR0wAAm2p9qeXNAV\n" + "j7tfQkhz1CxvNz4TauSBQQGf94WLcIKyh7d6zC6/AIloqPizTIGb5xl4ogqyz6ZC\n" + "T/D5FiOPA98TYzoThdqM8cpcI74e2xOyNgAffsm/BRiuFKNCMEAwHQYDVR0OBBYE\n" + "FIK4PcxxuD5+9pzWHchNUjJwbMedMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8E\n" + "BTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAOXJYwRt86BtRKSuiN5LNATNX6Nc\n" + "hs4DUiggpQhbgggV3Lf+T39l71KvCIPb8n5ZjSi5AKflmPGzumCjqDAPsgmsAkIA\n" + "vpqNqptg4Sf3hrdAsLAqNPZGnx8gRBnsTvvQzNUOZETuBp+nbmSrKMWZpd5G7HkM\n" + "9uXFb5ctX1cZQUbYFA2qG5g=\n" + "-----END CERTIFICATE-----\n", + + /* IFX ECC root certificate 3 */ + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAg6gAwIBAgIBazAKBggqhkjOPQQDBDB5MQswCQYDVQQGEwJERTEhMB8G\n" + "A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo\n" + "VE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgRUNDIFJv\n" + "b3QgQ0EgMzAgFw0yMTAzMTgwMDAwMDBaGA8yMDk5MTIzMTIzNTk1OVoweTELMAkG\n" + "A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEbMBkG\n" + "A1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBPUFRJ\n" + "R0EoVE0pIEVDQyBSb290IENBIDMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFV\n" + "nmck8P1bISsq2lHszhrjnxOfxvzCCRFgyNw943gjql2PWGbmoXUn/qZ9D/Hy47i/\n" + "hwjr4uGyds/j2Lsbjq3eewDoogmD3EPWk2ta8pCHk5RoTr5e4Hiy9jhAenmzTri4\n" + "QiXnKmtlZYmQqEiLv1vYTLeHb/kDeUqLnx1el1eapVMZa6NCMEAwHQYDVR0OBBYE\n" + "FCwq8GA70CKIkoWj6c41h3JyQiz1MA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8E\n" + "BTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAYBYO5HXrgzE8z5oqTxoPk2KTa+i\n" + "cIZufqCemx6Yj091qqApCIatVLUGPGdQlLYbVGlSkmt2Bm4oFOMF2hUvQ6PqAkIB\n" + "sCwnSqqWfpFgA9xXPqTEwWsmxedt7H4t8/l5NwjICsEXA/doLoR5t+DtV7hQkXUW\n" + "anb6Z0IT1aEi+kQeohpkAlY=\n" + "-----END CERTIFICATE-----\n", + /* Intel root certificate */ "-----BEGIN CERTIFICATE-----\n" "MIICdzCCAh6gAwIBAgIUB+dPf7a3IyJGO923z34oQLRP7pwwCgYIKoZIzj0EAwIw\n"
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/fapi_crypto.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/fapi_crypto.c
Changed
@@ -11,10 +11,15 @@ #include <string.h> #include <openssl/evp.h> -#include <openssl/aes.h> #include <openssl/rsa.h> -#include <openssl/engine.h> #include <openssl/pem.h> +#if OPENSSL_VERSION_NUMBER < 0x30000000L +#include <openssl/aes.h> +#else +#include <openssl/core_names.h> +#include <openssl/params.h> +#include <openssl/param_build.h> +#endif #include <openssl/x509v3.h> #include <curl/curl.h> #include <openssl/err.h> @@ -43,16 +48,33 @@ /** Context to hold temporary values for ifapi_crypto */ typedef struct _IFAPI_CRYPTO_CONTEXT { - /** The hash engine's context */ - EVP_MD_CTX *osslContext; +#if OPENSSL_VERSION_NUMBER < 0x30000000L /** The currently used hash algorithm */ const EVP_MD *osslHashAlgorithm; +#else + OSSL_LIB_CTX *libctx; + /** The currently used hash algorithm */ + EVP_MD *osslHashAlgorithm; +#endif + /** The hash engine's context */ + EVP_MD_CTX *osslContext; /** The size of the hash's digest */ size_t hashSize; } IFAPI_CRYPTO_CONTEXT; -/** A singleton crypto engine for hash operations */ -static ENGINE *engine = NULL; +static void +ifapi_crypto_context_free(IFAPI_CRYPTO_CONTEXT *ctx) +{ + if (!ctx) + return; + + EVP_MD_CTX_destroy(ctx->osslContext); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_MD_free(ctx->osslHashAlgorithm); + OSSL_LIB_CTX_free(ctx->libctx); +#endif + SAFE_FREE(ctx); +} /** * Returns the signature scheme that is currently used in the FAPI context. @@ -210,23 +232,37 @@ return 1; } +#if OPENSSL_VERSION_NUMBER < 0x30000000L /** - * Returns the singleton hash engine for the use in ifapi_hash operations. If - * it does not yet exist, this function creates it. + * Converts a TSS hash algorithm identifier into an OpenSSL hash algorithm + * identifier object. * - * @retval A singleton hash engine + * @paramin hashAlgorithm The TSS hash algorithm identifier to convert + * + * @retval A suitable OpenSSL identifier object if one could be found + * @retval NULL if no suitable identifier object could be found */ -static ENGINE * -get_engine() +static const EVP_MD * +get_ossl_hash_md(TPM2_ALG_ID hashAlgorithm) { - /* If an engine is present, it is returned */ - if (engine) - return engine; - /* Otherwise, engine is created and returned */ - engine = ENGINE_by_id(NULL); - return engine; + switch (hashAlgorithm) { + case TPM2_ALG_SHA1: + return EVP_sha1(); + case TPM2_ALG_SHA256: + return EVP_sha256(); + case TPM2_ALG_SHA384: + return EVP_sha384(); + case TPM2_ALG_SHA512: + return EVP_sha512(); +#if HAVE_EVP_SM3 && !defined(OPENSSL_NO_SM3) + case TPM2_ALG_SM3_256: + return EVP_sm3(); +#endif + default: + return NULL; + } } - +#else /** * Returns a suitable openSSL hash algorithm identifier for a given TSS hash * algorithm identifier. @@ -237,22 +273,25 @@ * hashAlgorithm could be found * @retval NULL if no suitable hash algorithm identifier could be found */ -static const EVP_MD * +static const char * get_hash_md(TPM2_ALG_ID hashAlgorithm) { switch (hashAlgorithm) { case TPM2_ALG_SHA1: - return EVP_sha1(); + return "SHA1"; case TPM2_ALG_SHA256: - return EVP_sha256(); + return "SHA256"; case TPM2_ALG_SHA384: - return EVP_sha384(); + return "SHA384"; case TPM2_ALG_SHA512: - return EVP_sha512(); + return "SHA512"; + case TPM2_ALG_SM3_256: + return "SM3"; default: return NULL; } } +#endif /** * Returns a suitable openSSL RSA signature scheme identifiver for a given TSS @@ -320,12 +359,7 @@ tpmSignature->signature.ecdsa.signatureR.size, NULL); goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - ecdsaSignature->s = bns; - ecdsaSignature->r = bnr; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ ECDSA_SIG_set0(ecdsaSignature, bnr, bns); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL); if (osslRC == -1) { @@ -372,77 +406,89 @@ * @retval TSS2_FAPI_RC_MEMORY if not enough memory can be allocated. */ static TSS2_RC -ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) +ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey) { +#if OPENSSL_VERSION_NUMBER < 0x30000000L + RSA *rsa = NULL; +#else + OSSL_PARAM_BLD *build = NULL; + OSSL_PARAM *params = NULL; + EVP_PKEY_CTX *ctx = NULL; +#endif + /* Check for NULL parameters */ return_if_null(tpmPublicKey, "tpmPublicKey is NULL", TSS2_FAPI_RC_BAD_REFERENCE); return_if_null(evpPublicKey, "evpPublicKey is NULL", TSS2_FAPI_RC_BAD_REFERENCE); + TSS2_RC r = TSS2_RC_SUCCESS; /* Initialize the RSA parameters */ - TSS2_RC r; - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - BIGNUM *d = BN_new(); - BIGNUM *p = BN_new(); - BIGNUM *q = BN_new(); - BIGNUM *dmp1 = BN_new(); - BIGNUM *dmq1 = BN_new(); - BIGNUM *iqmp = BN_new(); + BIGNUM *e = NULL; BIGNUM *n = BN_bin2bn(tpmPublicKey->publicArea.unique.rsa.buffer, tpmPublicKey->publicArea.unique.rsa.size, NULL); - - if (!n || !e || !d || !p || !q || !dmp1 || !dmq1 || !iqmp || !rsa) { + if (!n) { goto_error(r, TSS2_FAPI_RC_MEMORY, "Out of memory", error_cleanup); } - BN_set_word(d, 0); - BN_set_word(p, 0); - BN_set_word(q, 0); - BN_set_word(dmp1, 0); - BN_set_word(dmq1, 0); - BN_set_word(iqmp, 0); uint32_t exp; if (tpmPublicKey->publicArea.parameters.rsaDetail.exponent == 0) exp = 65537; else exp = tpmPublicKey->publicArea.parameters.rsaDetail.exponent;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/fapi_int.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/fapi_int.h
Changed
@@ -145,6 +145,13 @@ CLEANUP_SRK }; +/** The states for the FAPI's reading nv public*/ +enum IFAPI_READ_NV_PUBLIC_STATE { + READ_NV_PUBLIC_INIT = 0, + READ_NV_PUBLIC_GET_ESYS_TR, + READ_NV_PUBLIC_GET_PUBLIC +}; + #define IFAPI_MAX_CAP_INFO 17 typedef struct { @@ -341,6 +348,7 @@ KEY_CREATE_FLUSH1, KEY_CREATE_FLUSH2, KEY_CREATE_CALCULATE_POLICY, + KEY_CREATE_PRIMARY_CALCULATE_POLICY, KEY_CREATE_WAIT_FOR_AUTHORIZATION, KEY_CREATE_CLEANUP, KEY_CREATE_WAIT_FOR_RANDOM, @@ -386,7 +394,6 @@ uint8_t const *in_data; size_t in_dataSize; IFAPI_OBJECT *key_object; /**< The IPAPI object for the encryption key */ - uint8_t *out_data; /**< The output of symmetric encrypt/decryption */ ESYS_TR key_handle; /**< The ESYS handle of the encryption key */ size_t numBytes; /**< The number of bytes of a ESYS request */ size_t decrypt; /**< Switch whether to encrypt or decrypt */ @@ -475,8 +482,12 @@ TPM2B_AUTH newAuthValue; /**< The new auth value */ TPM2B_PRIVATE *newPrivate; /**< New private data created by parend */ IFAPI_OBJECT object; /**< Deserialized NV object or hierarchy */ + IFAPI_OBJECT hiearchy_object; /**< Used for copying a hierarchy */ ESYS_TR nv_index; /**< NV handle of the object to be changed */ ESYS_TR hierarchy_handle; /**< NV handle of the hierarchy to be changed */ + char **pathlist; /**< The array with all keystore objects */ + size_t numPaths; /**< Size of array with all keystore objects */ + size_t numPathsCleanup; /**< Size of array with all keystore objects */ } IFAPI_Entity_ChangeAuth; /** The data structure holding internal state of Fapi_AuthorizePolicy. @@ -543,6 +554,7 @@ ESYS_TR ek_esys_handle; ESYS_TR srk_tpm_handle; ESYS_TR ek_tpm_handle; + bool srk_exists; } IFAPI_Provision; /** The data structure holding internal state of regenerate primary key. @@ -577,6 +589,7 @@ POLICY_READ_FINISH, POLICY_INSTANTIATE_PREPARE, POLICY_INSTANTIATE, + POLICY_EXECUTE_PREPARE, POLICY_EXECUTE, POLICY_FLUSH }; @@ -632,6 +645,14 @@ char *current_path; } IFAPI_FILE_SEARCH_CTX; +/** The states for the FAPI's prepare key loading */ +enum _FAPI_STATE_PREPARE_LOAD_KEY { + PREPARE_LOAD_KEY_INIT = 0, + PREPARE_LOAD_KEY_WAIT_FOR_SESSION, + PREPARE_LOAD_KEY_INIT_KEY, + PREPARE_LOAD_KEY_WAIT_FOR_KEY +}; + /** The states for the FAPI's key loading */ enum _FAPI_STATE_LOAD_KEY { LOAD_KEY_GET_PATH = 0, @@ -690,6 +711,7 @@ */ typedef struct { enum _FAPI_STATE_LOAD_KEY state; /**< The current state of key loading */ + enum _FAPI_STATE_PREPARE_LOAD_KEY prepare_state; NODE_STR_T *path_list; /**< The current used hierarchy for CreatePrimary */ NODE_OBJECT_T *key_list; IFAPI_OBJECT auth_object; @@ -699,6 +721,7 @@ bool parent_handle_persistent; IFAPI_OBJECT *key_object; char *key_path; + char const *path; } IFAPI_LoadKey; /** The data structure holding internal state of entity delete. @@ -774,6 +797,7 @@ PRIMARY_READ_HIERARCHY, PRIMARY_READ_HIERARCHY_FINISH, PRIMARY_AUTHORIZE_HIERARCHY, + PRIMARY_GET_AUTH_VALUE, PRIMARY_WAIT_FOR_PRIMARY, PRIMARY_HAUTH_SENT, PRIMARY_CREATED, @@ -829,6 +853,8 @@ PROVISION_READ_CERT, PROVISION_PREPARE_READ_ROOT_CERT, PROVISION_READ_ROOT_CERT, + PROVISION_PREPARE_READ_INT_CERT, + PROVISION_READ_INT_CERT, PROVISION_INIT, PROVISION_INIT_SRK, PROVISION_WAIT_FOR_EK_SESSION, @@ -873,6 +899,10 @@ PROVISION_WRITE_HIERARCHIES, PROVISION_WRITE_HIERARCHY, PROVISION_PREPARE_GET_CAP_AUTH_STATE, + PROVISION_SRK_GET_PERSISTENT_NAME, + PROVISION_CHECK_SRK_EVICT_CONTROL, + PROVISION_AUTHORIZE_HS_FOR_EK_EVICT, + PROVISION_PREPARE_EK_EVICT, KEY_CREATE, KEY_CREATE_PRIMARY, @@ -979,6 +1009,8 @@ ENTITY_CHANGE_AUTH_HIERARCHY_CHANGE_AUTH, ENTITY_CHANGE_AUTH_HIERARCHY_READ, ENTITY_CHANGE_AUTH_HIERARCHY_AUTHORIZE, + ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_PREPARE, + ENTITY_CHANGE_AUTH_SAVE_HIERARCHIES_FINISH, ENTITY_CHANGE_AUTH_CLEANUP, DATA_ENCRYPT_WAIT_FOR_PROFILE, @@ -1133,6 +1165,7 @@ enum IFAPI_GET_CERT_STATE get_cert_state; enum _FAPI_FLUSH_STATE flush_object_state; /**< The current state of a flush operation */ enum IFAPI_CLEANUP_STATE cleanup_state; /**< The state of cleanup after command execution */ + enum IFAPI_READ_NV_PUBLIC_STATE read_nv_public_state; IFAPI_CONFIG config; /**< The profile independent configuration data */ UINT32 nv_buffer_max; /**< The maximal size for transfer of nv buffer content */ IFAPI_CMD_STATE cmd; /**< The state information of the currently executed
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/fapi_util.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/fapi_util.c
Changed
@@ -362,6 +362,52 @@ return NULL; } +/** Set authorization value for a primary key to be created. + * + * The callback which provides the auth value must be defined. + * + * @paramin,out context The FAPI_CONTEXT. + * @paramin object The auth value will be assigned to this object. + * @paramin,out inSensitive The sensitive data to store the auth value. + * + * @retval TSS2_RC_SUCCESS on success. + * @retval TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN If the callback for getting + * the auth value is not defined. + */ +TSS2_RC +ifapi_set_auth_primary( + FAPI_CONTEXT *context, + IFAPI_OBJECT *object, + TPMS_SENSITIVE_CREATE *inSensitive) +{ + TSS2_RC r; + const char *auth = NULL; + const char *obj_path; + + memset(inSensitive, 0, sizeof(TPMS_SENSITIVE_CREATE)); + + if (!object->misc.key.with_auth) { + return TSS2_RC_SUCCESS; + } + + obj_path = ifapi_get_object_path(object); + + /* Check whether callback is defined. */ + if (context->callbacks.auth) { + r = context->callbacks.auth(obj_path, object->misc.key.description, + &auth, context->callbacks.authData); + return_if_error(r, "AuthCallback"); + if (auth != NULL) { + inSensitive->userAuth.size = strlen(auth); + memcpy(&inSensitive->userAuth.buffer0, auth, + inSensitive->userAuth.size); + } + return TSS2_RC_SUCCESS; + } + SAFE_FREE(auth); + return_error( TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN, "Authorization callback not defined."); +} + /** Set authorization value for a FAPI object. * * The callback which provides the auth value must be defined. @@ -560,16 +606,26 @@ { TSS2_RC r; TPMS_POLICY *policy; + IFAPI_KEY *pkey = &context->createPrimary.pkey_object.misc.key; r = TSS2_RC_SUCCESS; if (ktype == TSS2_EK) { + pkey->ek_profile = TPM2_YES; /* Values set according to EK credential profile. */ if (context->cmd.Provision.public_templ.public.publicArea.type == TPM2_ALG_RSA) { - context->cmd.Provision.public_templ.public.publicArea.unique.rsa.size = 256; + if ((context->cmd.Provision.public_templ.public.publicArea.objectAttributes & TPMA_OBJECT_USERWITHAUTH)) + context->cmd.Provision.public_templ.public.publicArea.unique.rsa.size = 0; + else + context->cmd.Provision.public_templ.public.publicArea.unique.rsa.size = 256; } else if (context->cmd.Provision.public_templ.public.publicArea.type == TPM2_ALG_ECC) { - context->cmd.Provision.public_templ.public.publicArea.unique.ecc.x.size = 32; - context->cmd.Provision.public_templ.public.publicArea.unique.ecc.y.size = 32; + if ((context->cmd.Provision.public_templ.public.publicArea.objectAttributes & TPMA_OBJECT_USERWITHAUTH)) { + context->cmd.Provision.public_templ.public.publicArea.unique.ecc.x.size = 0; + context->cmd.Provision.public_templ.public.publicArea.unique.ecc.y.size = 0; + } else { + context->cmd.Provision.public_templ.public.publicArea.unique.ecc.x.size = 32; + context->cmd.Provision.public_templ.public.publicArea.unique.ecc.y.size = 32; + } } policy = context->profiles.default_profile.ek_policy; } else if (ktype == TSS2_SRK) { @@ -753,14 +809,16 @@ pkey->signing_scheme = context->profiles.default_profile.ecc_signing_scheme; context->createPrimary.pkey_object.handle = primaryHandle; SAFE_FREE(pkey->serialization.buffer); - ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); return TSS2_RC_SUCCESS; - statecasedefault(context->primary_state); } error_cleanup: + SAFE_FREE(outPublic); + SAFE_FREE(creationData); + SAFE_FREE(creationHash); + SAFE_FREE(creationTicket); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); free_string_list(k_sub_path); SAFE_FREE(pkey->serialization.buffer); @@ -848,7 +906,7 @@ IFAPI_KEY *pkey = &context->createPrimary.pkey_object.misc.key; TPMS_CAPABILITY_DATA **capabilityData = &context->createPrimary.capabilityData; TPMI_YES_NO moreData; - ESYS_TR auth_session; + ESYS_TR auth_session = ESYS_TR_NONE; /* Initialized due to scanbuild */ LOG_TRACE("call"); @@ -885,8 +943,9 @@ fallthrough; statecase(context->primary_state, PRIMARY_READ_HIERARCHY); - /* The hierarchy object ussed for auth_session will be loaded from key store. */ - if (pkey->creationTicket.hierarchy == TPM2_RH_EK) { + /* The hierarchy object used for auth_session will be loaded from key store. */ + if (pkey->creationTicket.hierarchy == TPM2_RH_EK || + (pkey->ek_profile && pkey->creationTicket.hierarchy == TPM2_RH_ENDORSEMENT)) { r = ifapi_keystore_load_async(&context->keystore, &context->io, "/HE"); return_if_error2(r, "Could not open hierarchy /HE"); } else if (pkey->creationTicket.hierarchy == TPM2_RH_NULL) { @@ -908,6 +967,9 @@ if (pkey->creationTicket.hierarchy == TPM2_RH_EK) { hierarchy->handle = ESYS_TR_RH_ENDORSEMENT; + } else if (pkey->creationTicket.hierarchy == TPM2_RH_ENDORSEMENT && + pkey->ek_profile) { + hierarchy->handle = ESYS_TR_RH_ENDORSEMENT; } else if (pkey->creationTicket.hierarchy == TPM2_RH_NULL) { hierarchy->handle = ESYS_TR_RH_NULL; } else { @@ -923,12 +985,42 @@ memset(&context->createPrimary.inSensitive, 0, sizeof(TPM2B_SENSITIVE_CREATE)); memset(&context->createPrimary.outsideInfo, 0, sizeof(TPM2B_DATA)); memset(&context->createPrimary.creationPCR, 0, sizeof(TPML_PCR_SELECTION)); + fallthrough; + + statecase(context->primary_state, PRIMARY_GET_AUTH_VALUE); + /* Get the auth value to be stored in inSensitive */ + r = ifapi_set_auth_primary(context, pkey_object, + &context->createPrimary.inSensitive.sensitive); + return_try_again(r); + goto_if_error_reset_state(r, "Get auth value for primary", error_cleanup); /* Prepare primary creation. */ + TPM2B_PUBLIC public = pkey->public; + memset(&public.publicArea.unique, 0, sizeof(TPMU_PUBLIC_ID)); + + if (hierarchy->handle == ESYS_TR_RH_ENDORSEMENT && + pkey->ek_profile) { + /* Values set according to EK credential profile. */ + if (public.publicArea.type == TPM2_ALG_RSA) { + if ((public.publicArea.objectAttributes & TPMA_OBJECT_USERWITHAUTH)) + public.publicArea.unique.rsa.size = 0; + else + public.publicArea.unique.rsa.size = 256; + } else if (public.publicArea.type == TPM2_ALG_ECC) { + if ((public.publicArea.objectAttributes & TPMA_OBJECT_USERWITHAUTH)) { + public.publicArea.unique.ecc.x.size = 0; + public.publicArea.unique.ecc.y.size = 0; + } else { + public.publicArea.unique.ecc.x.size = 32; + public.publicArea.unique.ecc.y.size = 32; + } + } + } + r = Esys_CreatePrimary_Async(context->esys, hierarchy->handle, auth_session, ESYS_TR_NONE, ESYS_TR_NONE, &context->createPrimary.inSensitive, - &pkey->public, + &public, &context->createPrimary.outsideInfo, &context->createPrimary.creationPCR); return_if_error(r, "CreatePrimary"); @@ -1918,7 +2010,6 @@ } else { LOG_TRACE("success"); ifapi_cleanup_ifapi_object(context->loadKey.key_object); - ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); return TSS2_RC_SUCCESS; } break; @@ -2642,9 +2733,9 @@ return_if_null(keyPath, "Bad reference for key path.", TSS2_FAPI_RC_BAD_REFERENCE); - switch (context->Key_Sign.state) { - statecase(context->Key_Sign.state, SIGN_INIT); - context->Key_Sign.keyPath = keyPath; + switch (context->loadKey.prepare_state) { + statecase(context->loadKey.prepare_state, PREPARE_LOAD_KEY_INIT); + context->loadKey.path = keyPath; /* Prepare the session creation. */ r = ifapi_get_sessions_async(context, @@ -2653,8 +2744,8 @@ goto_if_error_reset_state(r, "Create sessions", error_cleanup);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_config.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_config.c
Changed
@@ -240,7 +240,7 @@ } /* Parse and deserialize the configuration file */ - jso = json_tokener_parse((char *)configFileContent); + jso = ifapi_parse_json((char *)configFileContent); goto_if_null(jso, "Could not parse JSON objects", TSS2_FAPI_RC_GENERAL_FAILURE, error); r = ifapi_json_IFAPI_CONFIG_deserialize(jso, config);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_eventlog.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_eventlog.c
Changed
@@ -12,6 +12,7 @@ #include "ifapi_helpers.h" #include "ifapi_eventlog.h" +#include "tpm_json_deserialize.h" #include "ifapi_json_serialize.h" #define LOGMODULE fapi @@ -171,7 +172,7 @@ return_try_again(r); return_if_error(r, "read_finish failed"); - logpart = json_tokener_parse(logstr); + logpart = ifapi_parse_json(logstr); SAFE_FREE(logstr); return_if_null(log, "JSON parsing error", TSS2_FAPI_RC_BAD_VALUE); @@ -246,7 +247,7 @@ /* If a log was read, we deserialize it to JSON. Otherwise we start a new log. */ if (logstr) { - eventlog->log = json_tokener_parse(logstr); + eventlog->log = ifapi_parse_json(logstr); SAFE_FREE(logstr); return_if_null(eventlog->log, "JSON parsing error", TSS2_FAPI_RC_BAD_VALUE);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_get_intl_cert.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_get_intl_cert.c
Changed
@@ -1,4 +1,4 @@ -/* SPDX-License-Identifier: BSD-3-Clause */ +/* SPDX-License-Identifier: BSD-2-Clause */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -17,6 +17,7 @@ #include "fapi_crypto.h" #include "ifapi_helpers.h" +#include "tpm_json_deserialize.h" #define LOGMODULE fapi #include "util/log.h" @@ -52,21 +53,26 @@ return NULL; } - SHA256_CTX sha256; - int is_success = SHA256_Init(&sha256); + EVP_MD_CTX *sha256ctx = EVP_MD_CTX_new(); + if (!sha256ctx) { + LOG_ERROR("EVP_MD_CTX_new failed"); + goto err; + } + + int is_success = EVP_DigestInit(sha256ctx, EVP_sha256()); if (!is_success) { - LOG_ERROR("SHA256_Init failed"); + LOG_ERROR("EVP_DigestInit failed"); goto err; } switch (ek_public->publicArea.type) { case TPM2_ALG_RSA: /* Add public key to the hash. */ - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.rsa.buffer, - ek_public->publicArea.unique.rsa.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.rsa.buffer, + ek_public->publicArea.unique.rsa.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } @@ -77,28 +83,28 @@ } /* Exponent 65537 will be added. */ BYTE buf3 = { 0x1, 0x00, 0x01 }; - is_success = SHA256_Update(&sha256, buf, sizeof(buf)); + is_success = EVP_DigestUpdate(sha256ctx, buf, sizeof(buf)); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } break; case TPM2_ALG_ECC: - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.ecc.x.buffer, - ek_public->publicArea.unique.ecc.x.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.ecc.x.buffer, + ek_public->publicArea.unique.ecc.x.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } /* Add public key to the hash. */ - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.ecc.y.buffer, - ek_public->publicArea.unique.ecc.y.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.ecc.y.buffer, + ek_public->publicArea.unique.ecc.y.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } break; @@ -108,17 +114,19 @@ goto err; } - is_success = SHA256_Final(hash, &sha256); + is_success = EVP_DigestFinal_ex(sha256ctx, hash, NULL); if (!is_success) { LOG_ERROR("SHA256_Final failed"); goto err; } + EVP_MD_CTX_free(sha256ctx); LOG_TRACE("public-key-hash:"); LOG_TRACE(" sha256: "); LOGBLOB_TRACE(&hash0, SHA256_DIGEST_LENGTH, "Hash"); return hash; err: + EVP_MD_CTX_free(sha256ctx); free(hash); return NULL; } @@ -194,7 +202,8 @@ static char * base64_decode(unsigned char* buffer, size_t len, size_t *new_len) { - size_t i, unescape_len = 0, r; + size_t i, r; + int unescape_len = 0; char *binary_data = NULL, *unescaped_string = NULL; LOG_INFO("Decoding the base64 encoded cert into binary form"); @@ -217,20 +226,28 @@ if (curl) { /* Convert URL encoded string to a "plain string" */ char *output = curl_easy_unescape(curl, (char *)buffer, - len, (int *)&unescape_len); + len, &unescape_len); if (output) { unescaped_string = strdup(output); curl_free(output); + } else { + LOG_ERROR("curl_easy_unescape failed."); } + } else { + LOG_ERROR("curl_easy_init failed."); + return NULL; } curl_easy_cleanup(curl); curl_global_cleanup(); - if (unescaped_string == NULL) + if (unescaped_string == NULL) { + LOG_ERROR("Computation of unescaped string failed."); return NULL; + } binary_data = calloc(1, unescape_len); if (binary_data == NULL) { free (unescaped_string); + LOG_ERROR("Allocation of data for certificate failed."); return NULL; } @@ -330,7 +347,7 @@ LOGBLOB_DEBUG((uint8_t *)cert_ptr, *cert_size, "%s", "Certificate"); /* Parse certificate data out of the json structure */ - struct json_object *jso_cert, *jso = json_tokener_parse(cert_ptr); + struct json_object *jso_cert, *jso = ifapi_parse_json(cert_ptr); if (jso == NULL) goto_error(rc, TSS2_FAPI_RC_GENERAL_FAILURE, "Failed to parse EK cert data", out_free_json); @@ -369,9 +386,6 @@ json_object_put(jso); out: - /* In some case this call was necessary after curl usage */ - OpenSSL_add_all_algorithms(); - free(hash); if (rc == 0) { return TSS2_RC_SUCCESS;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_helpers.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_helpers.c
Changed
@@ -922,12 +922,51 @@ return TSS2_RC_SUCCESS; } +/** Compute the name of a hierarchy object. + * + * The TPM handle will be computed from the esys handle and the name + * will be computed from the TPM handle. + * + * @paramin,out hierarchy The hierarchy object. + */ +static void +set_name_hierarchy_object(IFAPI_OBJECT *object) +{ + TPM2_HANDLE handle = 0; + size_t offset = 0; + switch (object->handle) { + case ESYS_TR_RH_NULL: + handle = TPM2_RH_NULL; + break; + case ESYS_TR_RH_OWNER: + handle = TPM2_RH_OWNER; + break; + case ESYS_TR_RH_ENDORSEMENT: + handle = TPM2_RH_ENDORSEMENT; + break; + case ESYS_TR_RH_LOCKOUT: + handle = TPM2_RH_LOCKOUT; + break; + case ESYS_TR_RH_PLATFORM: + handle = TPM2_RH_PLATFORM; + break; + case ESYS_TR_RH_PLATFORM_NV: + handle = TPM2_RH_PLATFORM_NV; + break; + } + Tss2_MU_TPM2_HANDLE_Marshal(handle, + &object->misc.hierarchy.name.name0, sizeof(TPM2_HANDLE), + &offset); + object->misc.hierarchy.name.size = offset; +} + /** Initialize the internal representation of a FAPI hierarchy object. * * The object will be cleared and the type of the general fapi object will be * set to hierarchy. * - * @paramout hierarchy The caller allocated hierarchy object. + * @paramin,out hierarchy The caller allocated hierarchy object. The name of the + * object will be computed. * @paramin esys_handle The ESAPI handle of the hierarchy which will be added to * to the object. */ @@ -940,6 +979,54 @@ hierarchy->system = TPM2_YES; hierarchy->objectType = IFAPI_HIERARCHY_OBJ; hierarchy->handle = esys_handle; + hierarchy->misc.hierarchy.esysHandle = esys_handle; + set_name_hierarchy_object(hierarchy); +} + +/** Initialize a hierarchy object read from a file. + * + * The esys handles will be set depending on the object path and the + * object name will be computed. + * + * @paramin,out hierarchy The caller allocated hierarchy object. + * @retval TSS2_RC_SUCCESS if the hierarchy could be initialized. + * @retval TSS2_FAPI_RC_GENERAL_FAILURE For an invalid hierarchy path. + */ +TSS2_RC +ifapi_set_name_hierarchy_object(IFAPI_OBJECT *object) +{ + const char *path = object->rel_path; + size_t pos = 0, pos2; + if (path) { + /* Determine esys handle from pathname. */ + if (strncmp("/", &path0, 1) == 0) + pos += 1; + /* Skip profile if it does exist in path */ + if (strncmp("P_", &pathpos, 2) == 0) { + char * start = strchr(&pathpos, IFAPI_FILE_DELIM_CHAR); + if (start) { + pos2 = (int)(start - &pathpos); + pos = pos2 + 2; + } else { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Invalid path."); + } + } + if (strcmp(&pathpos, "HS") == 0) { + object->handle = ESYS_TR_RH_OWNER; + object->misc.hierarchy.esysHandle = ESYS_TR_RH_OWNER; + } else if (strcmp(&pathpos, "HE") == 0) { + object->handle = ESYS_TR_RH_ENDORSEMENT; + object->misc.hierarchy.esysHandle = ESYS_TR_RH_ENDORSEMENT; + } else if (strcmp(&pathpos, "LOCKOUT") == 0) { + object->handle = ESYS_TR_RH_LOCKOUT; + object->misc.hierarchy.esysHandle = ESYS_TR_RH_LOCKOUT; + } else if (strcmp(&pathpos, "HN") == 0) { + object->handle = ESYS_TR_RH_NULL; + object->misc.hierarchy.esysHandle = ESYS_TR_RH_NULL; + } + } + set_name_hierarchy_object(object); + return TSS2_RC_SUCCESS; } /** Create a directory and all sub directories. @@ -1274,6 +1361,10 @@ from_policy->element.PolicyDuplicationSelect.newParentPath, r, error); break; + case POLICYACTION: + strdup_check(to_policy->element.PolicyAction.action, + from_policy->element.PolicyAction.action, r, error); + break; case POLICYNAMEHASH: for (size_t i = 0; i < from_policy->element.PolicyNameHash.count; i++) { strdup_check(to_policy->element.PolicyNameHash.namePathsi, @@ -1512,6 +1603,9 @@ TPM2B_NAME nv_name; switch (object->objectType) { + case IFAPI_HIERARCHY_OBJ: + obj_name = &object->misc.hierarchy.name; + break; case IFAPI_KEY_OBJ: obj_name = &object->misc.key.name; break; @@ -1711,7 +1805,7 @@ TSS2_RC r; size_t offset = 0; - jso = json_tokener_parse(quoteInfo); + jso = ifapi_parse_json(quoteInfo); return_if_null(jso, "Json error.", TSS2_FAPI_RC_BAD_VALUE); memset(&fapi_quote_info->attest.attested.quote.pcrSelect, 0, @@ -2012,6 +2106,9 @@ case TPM2_ALG_ECDSA: pcr_digest_hash_alg = quote_info->sig_scheme.details.ecdsa.hashAlg; break; + case TPM2_ALG_SM2: + pcr_digest_hash_alg = quote_info->sig_scheme.details.sm2.hashAlg; + break; default: LOG_ERROR("Unknown sig scheme"); return TSS2_FAPI_RC_BAD_VALUE; @@ -2407,6 +2504,9 @@ size_t *buffer_size) { int ret = -1; struct CurlBufferStruct curl_buffer = { .size = 0, .buffer = NULL }; +#ifdef CURLU_ALLOW_SPACE + CURLU *urlp = NULL; +#endif CURLcode rc = curl_global_init(CURL_GLOBAL_DEFAULT); if (rc != CURLE_OK) { @@ -2420,7 +2520,24 @@ goto out_global_cleanup; } +#ifdef CURLU_ALLOW_SPACE + urlp = curl_url(); + if (!urlp) { + LOG_ERROR("curl_url failed."); + goto out_easy_cleanup; + } + CURLUcode url_rc; + url_rc = curl_url_set(urlp, CURLUPART_URL, (const char *)url, CURLU_ALLOW_SPACE | CURLU_URLENCODE); + if (url_rc) { + LOG_ERROR("curl_url_set for CURUPART_URL failed: %s", + curl_url_strerror(url_rc)); + goto out_easy_cleanup; + } + rc = curl_easy_setopt(curl, CURLOPT_CURLU, urlp); +#else rc = curl_easy_setopt(curl, CURLOPT_URL, url); +#endif + if (rc != CURLE_OK) { LOG_ERROR("curl_easy_setopt for CURLOPT_URL failed: %s", curl_easy_strerror(rc)); @@ -2443,6 +2560,13 @@ goto out_easy_cleanup; } + rc = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + if (rc != CURLE_OK) { + LOG_ERROR("curl_easy_setopt for CURLOPT_FOLLOWLOCATION failed: %s", + curl_easy_strerror(rc)); + goto out_easy_cleanup; + } + if (LOGMODULE_status == LOGLEVEL_TRACE) { if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L)) { LOG_WARNING("Curl easy setopt verbose failed"); @@ -2461,6 +2585,10 @@ ret = 0;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_helpers.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_helpers.h
Changed
@@ -47,6 +47,10 @@ IFAPI_OBJECT *hierarchy, ESYS_TR esys_handle); +TSS2_RC +ifapi_set_name_hierarchy_object( + IFAPI_OBJECT *hierarchy); + char * get_description(IFAPI_OBJECT *object);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_io.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_io.c
Changed
@@ -45,38 +45,39 @@ const char *filename) { struct stat statbuf; + struct flock flock = { 0 }; - if (stat(filename, &statbuf) == -1) { - LOG_ERROR("File \"%s\" not found.", filename); + if (io->char_rbuffer) { + LOG_ERROR("rbuffer still in use; maybe use of old API."); return TSS2_FAPI_RC_IO_ERROR; } - /* Check whether file is a directory. */ - if (S_ISDIR(statbuf.st_mode)) { - LOG_ERROR("\"%s\" is a directory.", filename); + io->stream = fopen(filename, "rt"); + if (io->stream == NULL) { + LOG_ERROR("Open file \"%s\": %s", filename, strerror(errno)); return TSS2_FAPI_RC_IO_ERROR; } - if (io->char_rbuffer) { - LOG_ERROR("rbuffer still in use; maybe use of old API."); + if (fstat(fileno(io->stream), &statbuf) == -1) { + fclose(io->stream); + LOG_ERROR("Execute fstat for \"%s\".", filename); return TSS2_FAPI_RC_IO_ERROR; } - if (stat(filename, &statbuf) != 0) { - LOG_ERROR("stat failed for \"%s\".", filename); + /* Check whether file is a directory. */ + if (S_ISDIR(statbuf.st_mode)) { fclose(io->stream); + LOG_ERROR("\"%s\" is a directory.", filename); return TSS2_FAPI_RC_IO_ERROR; } - io->stream = fopen(filename, "rt"); - if (io->stream == NULL) { - LOG_ERROR("Open file \"%s\": %s", filename, strerror(errno)); - return TSS2_FAPI_RC_IO_ERROR; - } + /* Locking the file. Lock will be released upon close */ + flock.l_type = F_RDLCK; + flock.l_whence = SEEK_SET; - /* Locking the file. Lock will be release upon close */ - if (lockf(fileno(io->stream), F_TLOCK, 0) == -1 && errno == EAGAIN) { - LOG_ERROR("File %s currently locked.", filename); + if (fcntl(fileno(io->stream), F_SETLK, &flock) == -1) { + LOG_ERROR("File \"%s\" could not be locked: %s", + filename, strerror(errno)); fclose(io->stream); return TSS2_FAPI_RC_IO_ERROR; } @@ -202,6 +203,7 @@ size_t length) { TSS2_RC r; + struct flock flock = { 0 }; if (io->char_rbuffer) { LOG_ERROR("rbuffer still in use; maybe use of old API."); @@ -223,11 +225,15 @@ "Open file \"%s\" for writing: %s", error, filename, strerror(errno)); } - /* Locking the file. Lock will be release upon close */ - if (lockf(fileno(io->stream), F_TLOCK, 0) == -1 && errno == EAGAIN) { + /* Locking the file. Lock will be released upon close */ + flock.l_type = F_WRLCK; + flock.l_whence = SEEK_SET; + + if (fcntl(fileno(io->stream), F_SETLK, &flock) == -1) { fclose(io->stream); goto_error(r, TSS2_FAPI_RC_IO_ERROR, - "File %s currently locked.", error, filename); + "File \"%s\" could not be locked: %s", error, filename, + strerror(errno)); } /* Use non blocking IO, so asynchronous write will be needed */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_json_deserialize.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_json_deserialize.c
Changed
@@ -214,6 +214,23 @@ out->reset_count = 0; } + if (ifapi_get_sub_object(jso, "delete_prohibited", &jso2)) { + r = ifapi_json_TPMI_YES_NO_deserialize(jso2, &out->delete_prohibited); + return_if_error(r, "Bad value for field \"delete_prohibited\"."); + + } else { + out->delete_prohibited = TPM2_NO; + } + + if (ifapi_get_sub_object(jso, "ek_profile", &jso2)) { + r = ifapi_json_TPMI_YES_NO_deserialize(jso2, &out->ek_profile); + return_if_error(r, "Bad value for field \"ek_profile\"."); + + } else { + out->ek_profile = TPM2_NO; + } + + LOG_TRACE("true"); return TSS2_RC_SUCCESS; } @@ -655,8 +672,6 @@ return TSS2_FAPI_RC_BAD_VALUE; } - out->rel_path = NULL; - r = ifapi_json_IFAPI_OBJECT_TYPE_CONSTANT_deserialize(jso2, &out->objectType); return_if_error(r, "Bad value for field \"objectType\"."); @@ -682,6 +697,9 @@ r = ifapi_json_IFAPI_HIERARCHY_deserialize(jso, &out->misc.hierarchy); return_if_error(r, "Bad value for hierarchy."); + r = ifapi_set_name_hierarchy_object(out); + return_if_error(r, "Bad hierarchy."); + break; case IFAPI_KEY_OBJ: r = ifapi_json_IFAPI_KEY_deserialize(jso, &out->misc.key);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_json_serialize.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_json_serialize.c
Changed
@@ -14,8 +14,10 @@ #include "ifapi_json_serialize.h" #include "tpm_json_serialize.h" #include "fapi_policy.h" +#include "tpm_json_deserialize.h" #include "ifapi_policy_json_serialize.h" #include "ifapi_config.h" +#include "ifapi_helpers.h" #define LOGMODULE fapijson #include "util/log.h" @@ -186,6 +188,18 @@ json_object_object_add(*jso, "reset_count", jso2); } + jso2 = NULL; + r = ifapi_json_TPMI_YES_NO_serialize(in->delete_prohibited, &jso2); + return_if_error(r, "Serialize TPMI_YES_NO"); + + json_object_object_add(*jso, "delete_prohibited", jso2); + + jso2 = NULL; + r = ifapi_json_TPMI_YES_NO_serialize(in->ek_profile, &jso2); + return_if_error(r, "Serialize TPMI_YES_NO"); + + json_object_object_add(*jso, "ek_profile", jso2); + return TSS2_RC_SUCCESS; } @@ -710,7 +724,7 @@ object that shall be serialized under the event field. Thus we first have to deserialize the string before we can add it to the data structure. */ - jso2 = json_tokener_parse(in->event); + jso2 = ifapi_parse_json(in->event); return_if_null(jso2, "Event is not valid JSON.", TSS2_FAPI_RC_BAD_VALUE); json_object_object_add(*jso, "event", jso2);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_keystore.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_keystore.c
Changed
@@ -16,6 +16,7 @@ #define LOGMODULE fapi #include "util/log.h" #include "util/aux_util.h" +#include "tpm_json_deserialize.h" #include "ifapi_json_deserialize.h" #include "ifapi_json_serialize.h" @@ -623,15 +624,15 @@ return_if_error(r, "keystore read_finish failed"); /* If json objects can't be parse the object store is corrupted */ - jso = json_tokener_parse((char *)buffer); + jso = ifapi_parse_json((char *)buffer); SAFE_FREE(buffer); goto_if_null2(jso, "Keystore is corrupted (Json error).", r, TSS2_FAPI_RC_GENERAL_FAILURE, error_cleanup); + object->rel_path = keystore->rel_path; r = ifapi_json_IFAPI_OBJECT_deserialize(jso, object); goto_if_error(r, "Deserialize object.", error_cleanup); - object->rel_path = keystore->rel_path; SAFE_FREE(buffer); if (jso) json_object_put(jso); @@ -643,6 +644,7 @@ if (jso) json_object_put(jso); LOG_TRACE("Return %x", r); + object->rel_path = NULL; SAFE_FREE(keystore->rel_path); return r; } @@ -1139,6 +1141,9 @@ IFAPI_OBJECT object; size_t i; + /* Mark object "unread" */ + object.objectType = IFAPI_OBJ_NONE; + switch (keystore->key_search.state) { statecase(keystore->key_search.state, KSEARCH_INIT) r = ifapi_keystore_list_all(keystore, @@ -1205,6 +1210,7 @@ r = TSS2_FAPI_RC_KEY_NOT_FOUND; } keystore->key_search.state = KSEARCH_INIT; + ifapi_cleanup_ifapi_object(&object); return r; } @@ -1481,6 +1487,8 @@ dest->signing_scheme = src->signing_scheme; dest->name = src->name; dest->with_auth = src->with_auth; + dest->delete_prohibited = src->delete_prohibited; + dest->ek_profile = src->ek_profile; return r;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_keystore.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_keystore.h
Changed
@@ -40,6 +40,9 @@ TPM2B_NAME name; /**< Name of the key */ TPMI_YES_NO with_auth; /**< Authorization provided during creation */ UINT32 reset_count; /**< The TPM reset count during key creation */ + TPMI_YES_NO delete_prohibited; /**< Persistent object should not be deleted. */ + TPMI_YES_NO ek_profile; /**< Has to be set if EK is created according + to EK credential profile: */ } IFAPI_KEY; /** Type for representing a external public key @@ -58,6 +61,7 @@ TPM2B_DIGEST authPolicy; ESYS_TR esysHandle; bool authorized; /**< Switch whether hiearchy is authorized. */ + TPM2B_NAME name; /**< Name of the hierarchy */ } IFAPI_HIERARCHY; /** Type for representing a FAPI NV object
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy.h
Changed
@@ -16,7 +16,6 @@ #include "tss2_esys.h" #include "tss2_fapi.h" #include "fapi_int.h" -#include "fapi_policy.h" TSS2_RC get_policy_digest_idx(
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_callbacks.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_callbacks.c
Changed
@@ -210,7 +210,11 @@ /** Get public data of a NV object from keystore. * - * @paramin path The relative path of the NV object. + * @paramin path The relative path of the NV object. The path will + be used to get the public from the keystore if no nv_index is + passed. + * @paramin nv_index The index of the NV object. The index will be used to + * get the public data if nv_index > 0. * @paramout nv_public The caller allocated public structure. * @paramin,out ctx The context to access io and keystore module and to store * the io state. @@ -238,42 +242,79 @@ TSS2_RC ifapi_get_nv_public( const char *path, + TPMI_RH_NV_INDEX nv_index, TPM2B_NV_PUBLIC *nv_public, void *ctx) { TSS2_RC r = TSS2_RC_SUCCESS; IFAPI_OBJECT object; FAPI_CONTEXT *context = ctx; + TPM2B_NV_PUBLIC *nv_public_esys; + ESYS_TR esys_tr; + + if (nv_index) { + switch (context->read_nv_public_state) { + statecase(context->read_nv_public_state, READ_NV_PUBLIC_INIT) + r = Esys_TR_FromTPMPublic_Async(context->esys, nv_index, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE); + goto_if_error(r, "Error: tr from public", cleanup); + fallthrough; + + statecase(context->read_nv_public_state, READ_NV_PUBLIC_GET_ESYS_TR) + r = Esys_TR_FromTPMPublic_Finish(context->esys, &esys_tr); + try_again_or_error_goto(r, "Error: tr from public finish", cleanup); + + r = Esys_NV_ReadPublic_Async(context->esys, esys_tr, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE); + goto_if_error(r, "Error: nv read public async", cleanup); + fallthrough; + + statecase(context->read_nv_public_state, READ_NV_PUBLIC_GET_PUBLIC) + r = Esys_NV_ReadPublic_Finish(context->esys, + &nv_public_esys, + NULL); + try_again_or_error_goto(r, "Error: nv read public finish", cleanup); + + *nv_public = *nv_public_esys; + SAFE_FREE(nv_public_esys); + context->io_state = IO_INIT; + break; - switch (context->io_state) { - statecase(context->io_state, IO_INIT) - /* Prepare the loading of the NV object. */ - r = ifapi_keystore_load_async(&context->keystore, &context->io, path); - return_if_error2(r, "Could not open: %s", path); - fallthrough; - - statecase(context->io_state, IO_ACTIVE) - /* Finalize or retry the reading and check the object type */ - r = ifapi_keystore_load_finish(&context->keystore, &context->io, - &object); - return_try_again(r); - return_if_error(r, "read_finish failed"); - - if (object.objectType != IFAPI_NV_OBJ) { - goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Object %s is not a key.", - cleanup, path); + statecasedefault(context->state); } - *nv_public = object.misc.nv.public; - context->io_state = IO_INIT; - break; + } else { + switch (context->io_state) { + statecase(context->io_state, IO_INIT) + /* Prepare the loading of the NV object. */ + r = ifapi_keystore_load_async(&context->keystore, &context->io, path); + return_if_error2(r, "Could not open: %s", path); + fallthrough; + + statecase(context->io_state, IO_ACTIVE) + /* Finalize or retry the reading and check the object type */ + r = ifapi_keystore_load_finish(&context->keystore, &context->io, + &object); + return_try_again(r); + return_if_error(r, "read_finish failed"); + + if (object.objectType != IFAPI_NV_OBJ) { + goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Object %s is not a key.", + cleanup, path); + } - statecasedefault(context->state); + *nv_public = object.misc.nv.public; + context->io_state = IO_INIT; + break; + + statecasedefault(context->state); + } } cleanup: context->io_state = IO_INIT; - ifapi_cleanup_ifapi_object(&object); + if (!nv_index) { + ifapi_cleanup_ifapi_object(&object); + } return r; } @@ -451,7 +492,6 @@ FAPI_CONTEXT *fapi_ctx = userdata; IFAPI_POLICY_EXEC_CTX *current_policy; IFAPI_POLICY_EXEC_CB_CTX *cb_ctx; - bool next_case; return_if_null(fapi_ctx, "Bad user data.", TSS2_FAPI_RC_BAD_REFERENCE); return_if_null(fapi_ctx->policy.policyutil_stack, "Policy not initialized.", @@ -466,10 +506,9 @@ } cb_ctx = current_policy->app_data; - do { - next_case = false; - switch (cb_ctx->cb_state) { + switch (cb_ctx->cb_state) { statecase(cb_ctx->cb_state, POL_CB_EXECUTE_INIT); + cb_ctx->flush_handle = false; cb_ctx->auth_index = ESYS_TR_NONE; /* Search object with name in keystore. */ r = ifapi_keystore_search_obj(&fapi_ctx->keystore, &fapi_ctx->io, @@ -508,32 +547,70 @@ cb_ctx->cb_state = POL_CB_AUTHORIZE_OBJECT; cb_ctx->auth_object_ptr = &cb_ctx->auth_object; - next_case = true; - break; + return TSS2_FAPI_RC_TRY_AGAIN; } else if (cb_ctx->object.objectType == IFAPI_HIERARCHY_OBJ) { cb_ctx->cb_state = POL_CB_AUTHORIZE_OBJECT; - next_case = true; - break; + cb_ctx->auth_object_ptr = &cb_ctx->object; + return TSS2_FAPI_RC_TRY_AGAIN; } else { cb_ctx->key_handle = cb_ctx->object.handle; - cb_ctx->cb_state = POL_CB_LOAD_KEY; + if (cb_ctx->key_handle == ESYS_TR_NONE) { + cb_ctx->cb_state = POL_CB_LOAD_KEY; + return TSS2_FAPI_RC_TRY_AGAIN; + } } fallthrough; + statecase(cb_ctx->cb_state, POL_CB_AUTHORIZE_OBJECT); + r = ifapi_authorize_object(fapi_ctx, cb_ctx->auth_object_ptr, authSession); + return_try_again(r); + goto_if_error(r, "Authorize object.", cleanup); + + cb_ctx->cb_state = POL_CB_EXECUTE_INIT; + break; + /* FALLTHRU */ + statecase(cb_ctx->cb_state, POL_CB_LOAD_KEY); - /* Key loading and authorization */ - r = ifapi_load_key(fapi_ctx, cb_ctx->object_path, + /* Prepare new context for loadkey in policy and skip session creation. */ + memset(&cb_ctx->load_ctx, 0, sizeof(IFAPI_LoadKey)); + cb_ctx->load_ctx.prepare_state = PREPARE_LOAD_KEY_INIT_KEY; + memset(&cb_ctx->create_primary_ctx, 0, sizeof(IFAPI_CreatePrimary)); + fallthrough; + + statecase(cb_ctx->cb_state, POL_CB_LOAD_KEY_FINISH); + cb_ctx->load_ctx_sav = fapi_ctx->loadKey; + cb_ctx->create_primary_ctx_sav = fapi_ctx->createPrimary; + fapi_ctx->loadKey = cb_ctx->load_ctx; + fapi_ctx->createPrimary = cb_ctx->create_primary_ctx; + cb_ctx->auth_object_ptr = &cb_ctx->load_ctx.auth_object; + r = ifapi_load_key(fapi_ctx, ifapi_get_object_path(&cb_ctx->object), &cb_ctx->auth_object_ptr); + if (r == TSS2_RC_SUCCESS && + !cb_ctx->load_ctx.auth_object.misc.key.persistent_handle) { + current_policy->flush_handle = true; + } + cb_ctx->load_ctx = fapi_ctx->loadKey; + cb_ctx->create_primary_ctx = fapi_ctx->createPrimary; + fapi_ctx->loadKey = cb_ctx->load_ctx_sav; + fapi_ctx->createPrimary = cb_ctx->create_primary_ctx_sav; FAPI_SYNC(r, "Fapi load key.", cleanup); - cb_ctx->object = *cb_ctx->key_object_ptr; - SAFE_FREE(cb_ctx->key_object_ptr); - cb_ctx->auth_object_ptr = &cb_ctx->object; + ifapi_cleanup_ifapi_object(&cb_ctx->object); + cb_ctx->object = *cb_ctx->auth_object_ptr;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_callbacks.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_callbacks.h
Changed
@@ -11,12 +11,14 @@ enum IFAPI_STATE_POL_CB_EXCECUTE { POL_CB_EXECUTE_INIT = 0, POL_CB_LOAD_KEY, + POL_CB_LOAD_KEY_FINISH, POL_CB_SEARCH_POLICY, POL_CB_EXECUTE_SUB_POLICY, POL_CB_NV_READ, POL_CB_READ_NV_POLICY, POL_CB_READ_OBJECT, - POL_CB_AUTHORIZE_OBJECT + POL_CB_AUTHORIZE_OBJECT, + POL_CB_AUTHORIZE_KEY }; /** The context of the policy execution */ @@ -28,7 +30,12 @@ ESYS_TR key_handle; /**< Handle of a used key */ ESYS_TR nv_index; /**< Index of nv object storing a policy */ ESYS_TR auth_index; /**< Index of authorization object */ + ESYS_TR flush_handle; /**< Handle which has to be flushed after policy execution */ IFAPI_OBJECT auth_object; /**< FAPI auth object needed for authorization */ + IFAPI_LoadKey load_ctx_sav; + IFAPI_LoadKey load_ctx; + IFAPI_CreatePrimary create_primary_ctx_sav; + IFAPI_CreatePrimary create_primary_ctx; IFAPI_OBJECT *key_object_ptr; IFAPI_OBJECT *auth_object_ptr; IFAPI_NV_Cmds nv_cmd_state; @@ -53,6 +60,7 @@ TSS2_RC ifapi_get_nv_public( const char *path, + TPMI_RH_NV_INDEX nv_index, TPM2B_NV_PUBLIC *nv_public, void *context);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_execute.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_execute.c
Changed
@@ -887,6 +887,17 @@ NULL); return_try_again(r); goto_if_error(r, "FAPI PolicyAuthorizeNV_Finish", error_cleanup); + if (!current_policy->flush_handle) { + current_policy->state = POLICY_EXECUTE_INIT; + return r; + } + r = Esys_FlushContext_Async(esys_ctx, current_policy->auth_handle); + goto_if_error(r, "FlushContext_Async", cleanup); + fallthrough; + + statecase(current_policy->state, POLICY_FLUSH_KEY); + r = Esys_FlushContext_Finish(esys_ctx); + try_again_or_error(r, "Flush key finish."); current_policy->state = POLICY_EXECUTE_INIT; break; @@ -897,6 +908,9 @@ return r; error_cleanup: + if (current_policy->flush_handle) { + Esys_FlushContext(esys_ctx, current_policy->auth_handle); + } SAFE_FREE(current_policy->nonceTPM); return r; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_execute.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_execute.h
Changed
@@ -120,7 +120,8 @@ POLICY_VERIFY, POLICY_AUTH_CALLBACK, POLICY_AUTH_SENT, - POLICY_EXEC_ESYS + POLICY_EXEC_ESYS, + POLICY_LOAD_SYM_KEY }; typedef struct IFAPI_POLICY_CALLBACK_CTX IFAPI_POLICY_CALLBACK_CTX; @@ -152,6 +153,7 @@ char *pem_key; /**< Pem key recreated during policy execution */ struct POLICY_LIST *policy_list; /**< List of policies for authorization selection */ + bool flush_handle; /**< Handle to be flushed after policy execution */ ifapi_policyeval_EXEC_CB callbacks; /**< callbacks used for execution of sub policies and actions which require access
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_instantiate.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_instantiate.c
Changed
@@ -294,9 +294,9 @@ break; } - CHECK_TEMPLATE_PATH(pol_element->element.PolicyNV.nvPath, "PolicyNv"); /* Object name will be added to policy. */ r = context->callbacks.cbnvpublic(pol_element->element.PolicyNV.nvPath, + pol_element->element.PolicyNV.nvIndex, &pol_element->element.PolicyNV.nvPublic, context->callbacks.cbnvpublic_userdata); return_try_again(r); @@ -346,7 +346,7 @@ CHECK_TEMPLATE_PATH(pol_element->element.PolicyAuthorizeNv.nvPath, "PolicyAuthorizeNv"); /* Object name will be added to policy. */ - r = context->callbacks.cbnvpublic(pol_element->element.PolicyAuthorizeNv.nvPath, + r = context->callbacks.cbnvpublic(pol_element->element.PolicyAuthorizeNv.nvPath, 0, &pol_element->element.PolicyAuthorizeNv.nvPublic, context->callbacks.cbnvpublic_userdata); return_try_again(r);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_instantiate.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_instantiate.h
Changed
@@ -36,6 +36,7 @@ typedef TSS2_RC (*ifapi_policyeval_cbnvpublic) ( const char *path, + TPMI_RH_NV_INDEX nv_index, TPM2B_NV_PUBLIC *nv_public, void *userdata); /* e.g. for FAPI_CONTEXT */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_policy_store.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_policy_store.c
Changed
@@ -17,6 +17,7 @@ #define LOGMODULE fapi #include "util/log.h" #include "util/aux_util.h" +#include "tpm_json_deserialize.h" #include "ifapi_policy_json_deserialize.h" #include "ifapi_policy_json_serialize.h" @@ -199,7 +200,7 @@ return_if_error(r, "keystore read_finish failed"); /* If json objects can't be parse the object store is corrupted */ - jso = json_tokener_parse((char *)buffer); + jso = ifapi_parse_json((char *)buffer); SAFE_FREE(buffer); return_if_null(jso, "Policy store is corrupted (Json error).", TSS2_FAPI_RC_GENERAL_FAILURE);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/ifapi_profiles.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_profiles.c
Changed
@@ -165,7 +165,7 @@ r = ifapi_io_read_finish(io, &buffer, NULL); return_if_error(r, "Reading profile failed"); - jso = json_tokener_parse((char *) buffer); + jso = ifapi_parse_json((char *) buffer); free(buffer); if (jso == NULL) { LOG_ERROR("Failed to parse profile %s", profiles->filenamesprofiles->profiles_idx); @@ -250,7 +250,7 @@ size_t len; /* if no name or nor profile prefix is given, use the default profile */ - if (!name || strncmp(name, "P_", 2) != 0 || strncmp(name, "/P_", 2) != 0) { + if (!name || !(strncmp(name, "P_", 2) == 0 || strncmp(name, "/P_", 3) == 0)) { *profile = &profiles->default_profile; return TSS2_RC_SUCCESS; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/tpm_json_deserialize.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/tpm_json_deserialize.c
Changed
@@ -18,6 +18,50 @@ #include "util/log.h" #include "util/aux_util.h" + +/** Parse JSON data and create JSON object. + * + * The JSON character string will be parsed and a JSON object will + * be created vor valid JSON. For invalid JSON data + * an error message which indicates the error position will be + * displayed. + * + * @paramin jstring The JSON data. + * @retval The JSON object vor valid JSON. + * @retval NULL for invalid JSON. + */ +json_object* +ifapi_parse_json(const char *jstring) { + json_object *jso = NULL; + enum json_tokener_error jerr; + int line = 1; + int line_offset = 0; + int char_pos; + struct json_tokener* tok = json_tokener_new(); + if (!tok) { + LOG_ERROR("Could not allocate json tokener"); + return NULL; + } + jso = json_tokener_parse_ex(tok, jstring, -1); + jerr = json_tokener_get_error(tok); + if (jerr != json_tokener_success) { + for (char_pos = 0; char_pos <= tok->char_offset; char_pos++) { + if (jstringchar_pos == '\n') { + line++; + line_offset = 0; + } else { + line_offset++; + } + } + LOG_ERROR("Invalid JSON at line %i column %i: %s.", line, line_offset, + json_tokener_error_desc(jerr)); + json_tokener_free(tok); + return NULL; + } + json_tokener_free(tok); + return jso; +} + /** Strip a prefix from the input * * Strip the provided prefixes from the provided @@ -380,6 +424,102 @@ &out->pcrSelect0); } +static char *field_TPMS_TAGGED_POLICY_tab = { + "handle", + "policyHash" +}; + +/** Deserialize a TPMS_TAGGED_POLICY variable. + * + * @paramin jso the json object to be deserialized. + * @paramout out the deserialzed binary object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_BAD_VALUE if the json object can't be deserialized. + * @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. + * + */ +TSS2_RC +ifapi_json_TPMS_TAGGED_POLICY_deserialize(json_object *jso, + TPMS_TAGGED_POLICY *out) +{ + json_object *jso2; + TSS2_RC r; + LOG_TRACE("call"); + return_if_null(out, "Bad reference.", TSS2_FAPI_RC_BAD_REFERENCE); + + memset(out, 0, sizeof(TPMS_TAGGED_POLICY)); + ifapi_check_json_object_fields(jso, &field_TPMS_TAGGED_POLICY_tab0, + SIZE_OF_ARY(field_TPMS_TAGGED_POLICY_tab)); + if (!ifapi_get_sub_object(jso, "handle", &jso2)) { + LOG_ERROR("Field \"handle\" not found."); + return TSS2_FAPI_RC_BAD_VALUE; + } + r = ifapi_json_TPM2_HANDLE_deserialize(jso2, &out->handle); + return_if_error(r, "Bad value for field \"handle\"."); + + if (!ifapi_get_sub_object(jso, "policyHash", &jso2)) { + LOG_ERROR("Field \"policyHash\" not found."); + return TSS2_FAPI_RC_BAD_VALUE; + } + r = ifapi_json_TPMT_HA_deserialize(jso2, &out->policyHash); + return_if_error(r, "Bad value for field \"policyHash\"."); + + LOG_TRACE("true"); + return TSS2_RC_SUCCESS; +} + +static char *field_TPMS_ACT_DATA_tab = { + "handle", + "timeout", + "attributes" +}; + +/** Deserialize a TPMS_ACT_DATA variable. + * + * @paramin jso the json object to be deserialized. + * @paramout out the deserialzed binary object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_BAD_VALUE if the json object can't be deserialized. + * @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. + * + */ +TSS2_RC +ifapi_json_TPMS_ACT_DATA_deserialize(json_object *jso, + TPMS_ACT_DATA *out) +{ + json_object *jso2; + TSS2_RC r; + LOG_TRACE("call"); + return_if_null(out, "Bad reference.", TSS2_FAPI_RC_BAD_REFERENCE); + + memset(out, 0, sizeof(TPMS_ACT_DATA)); + ifapi_check_json_object_fields(jso, &field_TPMS_ACT_DATA_tab0, + SIZE_OF_ARY(field_TPMS_ACT_DATA_tab)); + if (!ifapi_get_sub_object(jso, "handle", &jso2)) { + LOG_ERROR("Field \"handle\" not found."); + return TSS2_FAPI_RC_BAD_VALUE; + } + r = ifapi_json_TPM2_HANDLE_deserialize(jso2, &out->handle); + return_if_error(r, "Bad value for field \"handle\"."); + + if (!ifapi_get_sub_object(jso, "timeout", &jso2)) { + LOG_ERROR("Field \"timeout\" not found."); + return TSS2_FAPI_RC_BAD_VALUE; + } + r = ifapi_json_UINT32_deserialize(jso2, &out->timeout); + return_if_error(r, "Bad value for field \"timeout\"."); + + if (!ifapi_get_sub_object(jso, "attributes", &jso2)) { + LOG_ERROR("Field \"attributes\" not found."); + return TSS2_FAPI_RC_BAD_VALUE; + } + r = ifapi_json_TPMA_ACT_deserialize(jso2, &out->attributes); + return_if_error(r, "Bad value for field \"attributes\"."); + + LOG_TRACE("true"); + return TSS2_RC_SUCCESS; +} + /** Deserialize an array of BYTE structures. * * @paramin max the maximal number of bytess to be deserialized. @@ -1181,6 +1321,88 @@ return TSS2_RC_SUCCESS; } +/** Deserialize a TPMA_ACT json object. + * + * @paramin jso the json object to be deserialized. + * @paramout out the deserialzed binary object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_BAD_VALUE if the json object can't be deserialized. + */ +TSS2_RC +ifapi_json_TPMA_ACT_deserialize(json_object *jso, TPMA_ACT *out) { + static const struct {TPMA_ACT in; char *name; } tab = { + {TPMA_ACT_SIGNALED, "signaled"}, + {TPMA_ACT_PRESERVESIGNALED, "preserveSignaled"}, + }; + + size_t n = sizeof(tab) / sizeof(tab0); + size_t i, j; + + TPMI_YES_NO flag; + TSS2_RC r; + + LOG_TRACE("call"); + memset(out, 0, sizeof(TPMA_ACT)); + json_type jso_type = json_object_get_type(jso); + if (jso_type == json_type_array) { + /* Cast (size_t) is necessary to support older version of libjson-c */ + for (i = 0; i < (size_t)json_object_array_length(jso); i++) { + json_object *jso2 = json_object_array_get_idx(jso, i); + const char *token = strip_prefix(json_object_get_string(jso2), + "TPM_", "TPM2_", "TPMA_", "ACT_", NULL); + if (!token) { + LOG_ERROR("Bad object; expected array of strings."); + return TSS2_FAPI_RC_BAD_VALUE; + } + for (j = 0; j < n; j++) { + if (strcasecmp(tabj.name, token) == 0) { + *out |= tabj.in; + break; + } + } + if (j == n) { + LOG_ERROR("Unknown value: %s", json_object_get_string(jso2)); + return TSS2_FAPI_RC_BAD_VALUE;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/tpm_json_deserialize.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/tpm_json_deserialize.h
Changed
@@ -15,6 +15,9 @@ #define YES 1 #define NO 0 +json_object* +ifapi_parse_json(const char *jstring) ; + TSS2_RC ifapi_json_BYTE_array_deserialize(size_t max, json_object *jso, BYTE *out); @@ -67,6 +70,9 @@ ifapi_json_TPMA_LOCALITY_deserialize(json_object *jso, TPMA_LOCALITY *out); TSS2_RC +ifapi_json_TPMA_ACT_deserialize(json_object *jso, TPMA_ACT *out); + +TSS2_RC ifapi_json_TPMI_YES_NO_deserialize(json_object *jso, TPMI_YES_NO *out); TSS2_RC @@ -141,6 +147,14 @@ TPMS_PCR_SELECTION *out); TSS2_RC +ifapi_json_TPMS_TAGGED_POLICY_deserialize(json_object *jso, + TPMS_TAGGED_POLICY *out); + +TSS2_RC +ifapi_json_TPMS_ACT_DATA_deserialize(json_object *jso, + TPMS_ACT_DATA *out); + +TSS2_RC ifapi_json_TPMT_TK_CREATION_deserialize(json_object *jso, TPMT_TK_CREATION *out);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/tpm_json_serialize.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/tpm_json_serialize.c
Changed
@@ -156,6 +156,65 @@ return TSS2_RC_SUCCESS; } +/** Serialize a TPMS_TAGGED_POLICY structure to json. + * + * @paramin in value to be serialized. + * @paramout jso pointer to the json object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory. + * @retval TSS2_FAPI_RC_BAD_VALUE if the value is not of type TPMS_TAGGED_POLICY. + */ +TSS2_RC +ifapi_json_TPMS_TAGGED_POLICY_serialize(const TPMS_TAGGED_POLICY *in, json_object **jso) +{ + TSS2_RC r; + if (*jso == NULL) + *jso = json_object_new_object(); + json_object *jso2 = NULL; + r = ifapi_json_TPM2_HANDLE_serialize(in->handle, &jso2); + return_if_error(r, "Serialize tagged policy"); + + json_object_object_add(*jso, "handle", jso2); + jso2 = NULL; + r = ifapi_json_TPMT_HA_serialize(&in->policyHash, &jso2); + return_if_error(r, "Serialize tagged policy"); + + json_object_object_add(*jso, "policyHash", jso2); + return TSS2_RC_SUCCESS; +} + +/** Serialize a TPMS_ACT_DATA structure to json. + * + * @paramin in value to be serialized. + * @paramout jso pointer to the json object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory. + * @retval TSS2_FAPI_RC_BAD_VALUE if the value is not of type TPMS_ACT_DATA. + */ +TSS2_RC +ifapi_json_TPMS_ACT_DATA_serialize(const TPMS_ACT_DATA *in, json_object **jso) +{ + TSS2_RC r; + if (*jso == NULL) + *jso = json_object_new_object(); + json_object *jso2 = NULL; + r = ifapi_json_TPM2_HANDLE_serialize(in->handle, &jso2); + return_if_error(r, "Serialize act data"); + + json_object_object_add(*jso, "handle", jso2); + jso2 = NULL; + r = ifapi_json_UINT32_serialize(in->timeout, &jso2); + return_if_error(r, "Serialize act data"); + + json_object_object_add(*jso, "timeout", jso2); + jso2 = NULL; + r = ifapi_json_TPMA_ACT_serialize(in->attributes, &jso2); + return_if_error(r, "Serialize act data"); + + json_object_object_add(*jso, "attributes", jso2); + return TSS2_RC_SUCCESS; +} + /** Serialize a base_type UINT16 to json. * * @paramin in value to be serialized. @@ -610,6 +669,8 @@ { TPM2_CAP_TPM_PROPERTIES, "TPM_PROPERTIES" }, { TPM2_CAP_PCR_PROPERTIES, "PCR_PROPERTIES" }, { TPM2_CAP_ECC_CURVES, "ECC_CURVES" }, + { TPM2_CAP_AUTH_POLICIES, "AUTH_POLICIES" }, + { TPM2_CAP_ACT, "ACT"}, { TPM2_CAP_LAST, "LAST" }, { TPM2_CAP_VENDOR_PROPERTY, "VENDOR_PROPERTY" }, }; @@ -965,6 +1026,44 @@ return TSS2_RC_SUCCESS; } +/** Serialize a TPMA_ACT to json. + * + * This function expects the Bitfield to be encoded as unsigned int in host-endianess. + * + * @paramin in value to be serialized. + * @paramout jso pointer to the json object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory. + * @retval TSS2_FAPI_RC_BAD_VALUE if the constant is not of type TPMA_ACT. + */ +TSS2_RC +ifapi_json_TPMA_ACT_serialize(const TPMA_ACT in, json_object **jso) +{ + static const struct {TPMA_ACT in; char *name; } tab = { + {TPMA_ACT_SIGNALED, "signaled"}, + {TPMA_ACT_PRESERVESIGNALED, "preserveSignaled"}, + }; + UINT32 input; + input = (UINT32) in; + json_object *jso_bit; + + if (*jso == NULL) { + *jso = json_object_new_object(); + return_if_null(*jso, "Out of memory.", TSS2_FAPI_RC_MEMORY); + } + + for (size_t i = 0; i < sizeof(tab) / sizeof(tab0); i++) { + if (tabi.in & input) + jso_bit = json_object_new_int(1); + else + jso_bit = json_object_new_int(0); + return_if_null(jso_bit, "Out of memory.", TSS2_FAPI_RC_MEMORY); + + json_object_object_add(*jso, tabi.name, jso_bit); + } + return TSS2_RC_SUCCESS; +} + /** Serialize TPMI_YES_NO to json. * * @paramin in variable to be serialized. @@ -1051,7 +1150,7 @@ ifapi_json_TPMI_ALG_HASH_serialize(const TPMI_ALG_HASH in, json_object **jso) { CHECK_IN_LIST(TPMI_ALG_HASH, in, TPM2_ALG_SHA1, TPM2_ALG_SHA256, TPM2_ALG_SHA384, - TPM2_ALG_SHA512, TPM2_ALG_NULL); + TPM2_ALG_SHA512, TPM2_ALG_SM3_256, TPM2_ALG_NULL); return ifapi_json_TPM2_ALG_ID_serialize(in, jso); } @@ -1067,7 +1166,7 @@ ifapi_json_TPMI_ALG_SYM_OBJECT_serialize(const TPMI_ALG_SYM_OBJECT in, json_object **jso) { - CHECK_IN_LIST(TPMI_ALG_SYM_OBJECT, in, TPM2_ALG_AES, TPM2_ALG_NULL); + CHECK_IN_LIST(TPMI_ALG_SYM_OBJECT, in, TPM2_ALG_AES, TPM2_ALG_CAMELLIA, TPM2_ALG_SM4, TPM2_ALG_NULL); return ifapi_json_TPM2_ALG_ID_serialize(in, jso); } @@ -1173,6 +1272,10 @@ size = TPM2_SHA512_DIGEST_SIZE; buffer = &in->sha5120; break; + case TPM2_ALG_SM3_256: + size = TPM2_SM3_256_DIGEST_SIZE; + buffer = &in->sm3_2560; + break; default: LOG_ERROR("\nSelector %"PRIx32 " did not match", selector); return TSS2_FAPI_RC_BAD_VALUE; @@ -1799,6 +1902,72 @@ return TSS2_RC_SUCCESS; } +/** Serialize value of type TPML_TAGGED_POLICY to json. + * + * @paramin in value to be serialized. + * @paramout jso pointer to the json object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory. + * @retval TSS2_FAPI_RC_BAD_VALUE if the value is not of type TPML_TAGGED_POLICY. + * @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. + */ +TSS2_RC +ifapi_json_TPML_TAGGED_POLICY_serialize(const TPML_TAGGED_POLICY *in, json_object **jso) +{ + return_if_null(in, "Bad reference.", TSS2_FAPI_RC_BAD_REFERENCE); + + TSS2_RC r; + if (in->count > TPM2_MAX_TAGGED_POLICIES) { + LOG_ERROR("Too many bytes for array (%"PRIuPTR" > %"PRIuPTR" = TPM2_MAX_TAGGED_POLICIES)", + (size_t)in->count, (size_t)TPM2_MAX_TAGGED_POLICIES); + return TSS2_FAPI_RC_BAD_VALUE; + } + *jso = json_object_new_array(); + return_if_null(*jso, "Out of memory.", TSS2_FAPI_RC_MEMORY); + + for (size_t i=0; i < in->count; i++) { + json_object *jso2 = NULL; + r = ifapi_json_TPMS_TAGGED_POLICY_serialize (&in->policiesi, &jso2); + return_if_error(r, "Serialize TPMS_TAGGED_POLICY"); + + json_object_array_add(*jso, jso2); + } + return TSS2_RC_SUCCESS; +} + +/** Serialize value of type TPML_ACT_DATA to json. + * + * @paramin in value to be serialized. + * @paramout jso pointer to the json object. + * @retval TSS2_RC_SUCCESS if the function call was a success. + * @retval TSS2_FAPI_RC_MEMORY: if the FAPI cannot allocate enough memory. + * @retval TSS2_FAPI_RC_BAD_VALUE if the value is not of type TPML_ACT_DATA. + * @retval TSS2_FAPI_RC_BAD_REFERENCE a invalid null pointer is passed. + */ +TSS2_RC +ifapi_json_TPML_ACT_DATA_serialize(const TPML_ACT_DATA *in, json_object **jso) +{ + return_if_null(in, "Bad reference.", TSS2_FAPI_RC_BAD_REFERENCE); +
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-fapi/tpm_json_serialize.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/tpm_json_serialize.h
Changed
@@ -71,6 +71,9 @@ ifapi_json_TPMA_CC_serialize(const TPMA_CC in, json_object **jso); TSS2_RC +ifapi_json_TPMA_ACT_serialize(const TPMA_ACT in, json_object **jso); + +TSS2_RC ifapi_json_TPMI_YES_NO_serialize(const TPMI_YES_NO in, json_object **jso); TSS2_RC @@ -160,6 +163,13 @@ json_object **jso); TSS2_RC +ifapi_json_TPMS_TAGGED_POLICY_serialize(const TPMS_TAGGED_POLICY *in, + json_object **jso); + +TSS2_RC +ifapi_json_TPMS_ACT_DATA_serialize(const TPMS_ACT_DATA *in, json_object **jso); + +TSS2_RC ifapi_json_TPML_CC_serialize(const TPML_CC *in, json_object **jso); TSS2_RC @@ -193,6 +203,13 @@ json_object **jso); TSS2_RC +ifapi_json_TPML_TAGGED_POLICY_serialize(const TPML_TAGGED_POLICY *in, + json_object **jso); + +TSS2_RC +ifapi_json_TPML_ACT_DATA_serialize(const TPML_ACT_DATA *in, json_object **jso); + +TSS2_RC ifapi_json_TPMU_CAPABILITIES_serialize(const TPMU_CAPABILITIES *in, UINT32 selector, json_object **jso);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-mu/tpm2b-types.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-mu/tpm2b-types.c
Changed
@@ -208,8 +208,10 @@ return rc; \ \ /* Update the size to the real value */ \ - if (buffer) \ - *(UINT16 *)ptr = HOST_TO_BE_16(buffer + local_offset - ptr - 2); \ + if (buffer) { \ + UINT16 t = HOST_TO_BE_16(buffer + local_offset - ptr - 2); \ + memcpy(ptr, &t, sizeof(t)); \ + } \ \ if (offset != NULL) { \ *offset = local_offset; \
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-mu/tpmu-types.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-mu/tpmu-types.c
Changed
@@ -464,6 +464,8 @@ TPM2_CAP_TPM_PROPERTIES, ADDR, tpmProperties, Tss2_MU_TPML_TAGGED_TPM_PROPERTY_Marshal, TPM2_CAP_PCR_PROPERTIES, ADDR, pcrProperties, Tss2_MU_TPML_TAGGED_PCR_PROPERTY_Marshal, TPM2_CAP_ECC_CURVES, ADDR, eccCurves, Tss2_MU_TPML_ECC_CURVE_Marshal, + TPM2_CAP_AUTH_POLICIES, ADDR, authPolicies, Tss2_MU_TPML_TAGGED_POLICY_Marshal, + TPM2_CAP_ACT, ADDR, actData, Tss2_MU_TPML_ACT_DATA_Marshal, TPM2_CAP_VENDOR_PROPERTY, ADDR, intelPttProperty, Tss2_MU_TPML_INTEL_PTT_PROPERTY_Marshal) TPMU_UNMARSHAL2(TPMU_CAPABILITIES, TPM2_CAP_ALGS, algorithms, Tss2_MU_TPML_ALG_PROPERTY_Unmarshal, @@ -475,6 +477,8 @@ TPM2_CAP_TPM_PROPERTIES, tpmProperties, Tss2_MU_TPML_TAGGED_TPM_PROPERTY_Unmarshal, TPM2_CAP_PCR_PROPERTIES, pcrProperties, Tss2_MU_TPML_TAGGED_PCR_PROPERTY_Unmarshal, TPM2_CAP_ECC_CURVES, eccCurves, Tss2_MU_TPML_ECC_CURVE_Unmarshal, + TPM2_CAP_AUTH_POLICIES, authPolicies, Tss2_MU_TPML_TAGGED_POLICY_Unmarshal, + TPM2_CAP_ACT, actData, Tss2_MU_TPML_ACT_DATA_Unmarshal, TPM2_CAP_VENDOR_PROPERTY, intelPttProperty, Tss2_MU_TPML_INTEL_PTT_PROPERTY_Unmarshal) TPMU_MARSHAL2(TPMU_ATTEST,
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-sys/sysapi_util.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-sys/sysapi_util.c
Changed
@@ -259,7 +259,7 @@ { TPM2_CC_FirmwareRead, 0, 0 }, { TPM2_CC_ContextSave, 1, 0 }, { TPM2_CC_ContextLoad, 0, 1 }, - { TPM2_CC_FlushContext, 1, 0 }, + { TPM2_CC_FlushContext, 0, 0 }, { TPM2_CC_EvictControl, 2, 0 }, { TPM2_CC_ReadClock, 0, 0 }, { TPM2_CC_ClockSet, 1, 0 },
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tcti-device.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-device.c
Changed
@@ -309,6 +309,16 @@ return rc; } +static void close_tpm(int *fd) +{ + if (fd == NULL || *fd < 0) { + return; + } + + close(*fd); + *fd = -1; +} + void tcti_device_finalize ( TSS2_TCTI_CONTEXT *tctiContext) @@ -319,7 +329,7 @@ if (tcti_dev == NULL) { return; } - close (tcti_dev->fd); + close_tpm (&tcti_dev->fd); tcti_common->state = TCTI_STATE_FINAL; } @@ -457,6 +467,7 @@ ssize_t sz = write_all (tcti_dev->fd, cmd, sizeof(cmd)); if (sz < 0 || sz != sizeof(cmd)) { LOG_ERROR ("Could not probe device for partial response read support"); + close_tpm (&tcti_dev->fd); return TSS2_TCTI_RC_IO_ERROR; } LOG_DEBUG ("Command sent, reading header"); @@ -467,12 +478,14 @@ if (rc_poll < 0 || rc_poll == 0) { LOG_ERROR ("Failed to poll for response from fd %d, rc %d, errno %d: %s", tcti_dev->fd, rc_poll, errno, strerror(errno)); + close_tpm (&tcti_dev->fd); return TSS2_TCTI_RC_IO_ERROR; } else if (fds.revents == POLLIN) { TEMP_RETRY (sz, read (tcti_dev->fd, rsp, TPM_HEADER_SIZE)); if (sz < 0 || sz != TPM_HEADER_SIZE) { LOG_ERROR ("Failed to read response header fd %d, got errno %d: %s", tcti_dev->fd, errno, strerror (errno)); + close_tpm (&tcti_dev->fd); return TSS2_TCTI_RC_IO_ERROR; } } @@ -484,6 +497,7 @@ if (rc_poll < 0) { LOG_DEBUG ("Failed to poll for response from fd %d, rc %d, errno %d: %s", tcti_dev->fd, rc_poll, errno, strerror(errno)); + close_tpm (&tcti_dev->fd); return TSS2_TCTI_RC_IO_ERROR; } else if (rc_poll == 0) { LOG_ERROR ("timeout waiting for response from fd %d", tcti_dev->fd); @@ -497,7 +511,7 @@ LOG_DEBUG ("Failed to get response tail fd %d, got errno %d: %s", tcti_dev->fd, errno, strerror (errno)); tcti_common->partial_read_supported = 0; - close(tcti_dev->fd); + close_tpm (&tcti_dev->fd); tcti_dev->fd = open_tpm (used_conf); if (tcti_dev->fd < 0) { LOG_ERROR ("Failed to open specified TCTI device file %s: %s",
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-libtpms.c
Added
@@ -0,0 +1,855 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2019, Fraunhofer SIT, Infineon Technologies AG, Intel Corporation + * All rights reserved. + ******************************************************************************/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <inttypes.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <dlfcn.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/syscall.h> +#include <netinet/in.h> +#include "tss2_tcti_libtpms.h" + +#include "tcti-libtpms.h" +#include "tcti-common.h" +#define LOGMODULE tcti +#include "util/log.h" + +/* + * libtpms API calls need to be wrapped. We set the current active TCTI module + * for this thread. This is needed because libtpms may call callbacks and these + * need to know which TCTI context they have to operate on. + * + * This macro assumes that int ret is declared. Jumps to fail_label on error. In + * this case, rc contains the respective error code. + */ +#define LIBTPMS_API_CALL(fail_label, tcti_libtpms, function, ...) \ + current_tcti_libtpms = tcti_libtpms; \ + ret = tcti_libtpms->function(__VA_ARGS__); \ + if (ret != TPM_SUCCESS) { \ + LOG_ERROR("libtpms function " #function "() failed with return code 0x%" PRIx32, ret); \ + rc = TSS2_TCTI_RC_GENERAL_FAILURE; \ + goto fail_label; \ + } \ + current_tcti_libtpms = NULL; + +static __thread TSS2_TCTI_LIBTPMS_CONTEXT *current_tcti_libtpms = NULL; + +/* + * Map the state file for this context into memory and allocate disk space. The + * file descriptor is closed again. Once this context reaches the end of its + * lifetime, the memory must be unmapped and the file must be truncated to its + * real size (rather than the allocated size). + */ +static TSS2_RC +tcti_libtpms_map_state_file(TSS2_TCTI_LIBTPMS_CONTEXT *tcti_libtpms) +{ + TSS2_RC rc; + int ret; + int state_fd = -1; + ssize_t file_len = 0; + + /* if no/empty state path, skip */ + if (tcti_libtpms->state_path == NULL) { + LOG_DEBUG("No state path. Skip mapping state file."); + return TPM2_RC_SUCCESS; + } + LOG_DEBUG("Mapping state file: %s", tcti_libtpms->state_path); + + tcti_libtpms->state_mmap_len = STATE_MMAP_CHUNK_LEN; + + /* open file */ + state_fd = open(tcti_libtpms->state_path, O_RDWR | O_CREAT, 0644); + if(state_fd == -1){ + LOG_ERROR("open failed on file %s: %s", + tcti_libtpms->state_path, + strerror(errno)); + return TSS2_TCTI_RC_IO_ERROR; + } + + /* get file size (to detect if state does already exist). */ + file_len = lseek(state_fd, 0L, SEEK_END); + if(file_len < 0){ + LOG_ERROR("lseek failed on file %s: %s", + tcti_libtpms->state_path, + strerror(errno)); + rc = TSS2_TCTI_RC_IO_ERROR; + goto cleanup_fd; + } + tcti_libtpms->state_mmap_len = (file_len / STATE_MMAP_CHUNK_LEN + 1) * STATE_MMAP_CHUNK_LEN; + + /* allocate disk space */ + ret = posix_fallocate(state_fd, 0, tcti_libtpms->state_mmap_len); + if (ret != 0) { + LOG_ERROR("fallocate failed on file %s: %d",tcti_libtpms->state_path, ret); + rc = TSS2_TCTI_RC_IO_ERROR; + goto cleanup_fd; + } + + + /* map memory (either backed by file or not) */ + tcti_libtpms->state_mmap = mmap(NULL, + tcti_libtpms->state_mmap_len, + PROT_READ | PROT_WRITE, + MAP_SHARED, + state_fd, + 0); + if (tcti_libtpms->state_mmap == MAP_FAILED){ + tcti_libtpms->state_mmap_len = 0; + LOG_ERROR("mmap failed on file %s: %s", + tcti_libtpms->state_path, + strerror(errno)); + rc = TSS2_TCTI_RC_IO_ERROR; + goto cleanup_fd; + } + + tcti_libtpms->state_len = file_len; + + rc = TPM2_RC_SUCCESS; + +cleanup_fd: + if (state_fd != -1) { + /* file can always be closed, this does not unmap the region */ + close(state_fd); + } + + return rc; +} + +/* + * If the mapped memory for the state file does not suffice, reallocate. + */ +static TSS2_RC +tcti_libtpms_ensure_state_len( + TSS2_TCTI_LIBTPMS_CONTEXT *tcti_libtpms, + size_t state_len) +{ + int ret; + char *new_state_mmap; + size_t new_state_mmap_len; + int state_fd; + + if (state_len > tcti_libtpms->state_mmap_len) + { + new_state_mmap_len = (state_len / STATE_MMAP_CHUNK_LEN + 1) * STATE_MMAP_CHUNK_LEN; + LOG_DEBUG("Mapped memory region is too small: %zu > %zu. Reallocating to %zu...", + state_len, + tcti_libtpms->state_mmap_len, + new_state_mmap_len); + new_state_mmap = mremap(tcti_libtpms->state_mmap, + tcti_libtpms->state_mmap_len, + new_state_mmap_len, + MREMAP_MAYMOVE); + if (new_state_mmap == MAP_FAILED) { + LOG_ERROR("mremap failed on file %s: %s", + tcti_libtpms->state_path, + strerror(errno)); + return TSS2_TCTI_RC_IO_ERROR; + } + tcti_libtpms->state_mmap = new_state_mmap; + tcti_libtpms->state_mmap_len = new_state_mmap_len; + + LOG_DEBUG("Successfully mapped state file to %zu bytes.", + tcti_libtpms->state_mmap_len); + + /* allocate more disk space */ + if (tcti_libtpms->state_path) { + state_fd = open(tcti_libtpms->state_path, O_RDWR | O_CREAT, 0644); + if(state_fd == -1){ + LOG_ERROR("open failed on file %s: %s", + tcti_libtpms->state_path, + strerror(errno)); + return TSS2_TCTI_RC_IO_ERROR; + } + + ret = posix_fallocate(state_fd, 0, tcti_libtpms->state_mmap_len); + if (ret != 0) { + LOG_ERROR("fallocate failed on file %s: %d",tcti_libtpms->state_path, ret); + close(state_fd); + return TSS2_TCTI_RC_IO_ERROR; + } + + close(state_fd); + } + } + + return TSS2_RC_SUCCESS; +} + +/* + * Retrieve libtpms state and save it to the state file. + */ +static TSS2_RC +tcti_libtpms_store_state(TSS2_TCTI_LIBTPMS_CONTEXT *tcti_libtpms) +{ + TSS2_RC rc; + int ret; + unsigned char *permanent_buf, *volatile_buf; + uint32_t permanent_buf_len, volatile_buf_len; + uint32_t permanent_buf_len_be, volatile_buf_len_be; + size_t offset = 0;
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-libtpms.h
Added
@@ -0,0 +1,47 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2019, Fraunhofer SIT, Infineon Technologies AG, Intel Corporation + * All rights reserved. + ******************************************************************************/ + +#ifndef TCTI_LIBTPMS_H +#define TCTI_LIBTPMS_H + +#include <limits.h> + +#include <dlfcn.h> +#include <fcntl.h> +#include <sys/mman.h> + +#include <libtpms/tpm_library.h> +#include <libtpms/tpm_error.h> + +#include "tcti-common.h" +#include "util/io.h" + +#define ARRAY_LEN(x) (sizeof(x)/sizeof(x0)) + +#define TCTI_LIBTPMS_MAGIC 0x49E299A554504D32ULL + +#define STATE_MMAP_CHUNK_LEN 2048 + +typedef struct { + TSS2_TCTI_COMMON_CONTEXT common; + void *libtpms; + TPM_RESULT (*TPMLIB_ChooseTPMVersion)(TPMLIB_TPMVersion); + TPM_RESULT (*TPMLIB_RegisterCallbacks)(struct libtpms_callbacks *); + TPM_RESULT (*TPMLIB_GetState)(enum TPMLIB_StateType, unsigned char **, uint32_t *); + TPM_RESULT (*TPMLIB_MainInit)(void); + TPM_RESULT (*TPMLIB_Process)(unsigned char **, uint32_t *, uint32_t *, unsigned char *, uint32_t); + TPM_RESULT (*TPMLIB_SetState)(enum TPMLIB_StateType, const unsigned char *, uint32_t); + void (*TPMLIB_Terminate)(void); + uint8_t *response_buffer; + size_t response_buffer_len; + size_t response_len; + char *state_path; + char *state_mmap; + size_t state_mmap_len; + size_t state_len; +} TSS2_TCTI_LIBTPMS_CONTEXT; + +#endif /* TCTI_LIBTPMS_H */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tcti-mssim.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-mssim.c
Changed
@@ -513,6 +513,7 @@ LOG_DEBUG ("key: %s / value: %s\n", key_value->key, key_value->value); if (strcmp (key_value->key, "host") == 0) { mssim_conf->host = key_value->value; + mssim_conf->path = NULL; return TSS2_RC_SUCCESS; } else if (strcmp (key_value->key, "port") == 0) { mssim_conf->port = string_to_port (key_value->value); @@ -520,6 +521,10 @@ return TSS2_TCTI_RC_BAD_VALUE; } return TSS2_RC_SUCCESS; + } else if (strcmp (key_value->key, "path") == 0) { + mssim_conf->path = key_value->value; + mssim_conf->host = NULL; + return TSS2_RC_SUCCESS; } else { return TSS2_TCTI_RC_BAD_VALUE; } @@ -601,9 +606,15 @@ tcti_mssim->tpm_sock = -1; tcti_mssim->platform_sock = -1; - rc = socket_connect (mssim_conf.host, - mssim_conf.port, - &tcti_mssim->tpm_sock); + if (mssim_conf.path) + rc = socket_connect_unix (mssim_conf.path, + 0, + &tcti_mssim->tpm_sock); + else + rc = socket_connect (mssim_conf.host, + mssim_conf.port, + 0, + &tcti_mssim->tpm_sock); if (rc != TSS2_RC_SUCCESS) { goto fail_out; } @@ -613,9 +624,15 @@ goto fail_out; } - rc = socket_connect (mssim_conf.host, - mssim_conf.port + 1, - &tcti_mssim->platform_sock); + if (mssim_conf.path) + rc = socket_connect_unix (mssim_conf.path, + 1, + &tcti_mssim->platform_sock); + else + rc = socket_connect (mssim_conf.host, + mssim_conf.port, + 1, + &tcti_mssim->platform_sock); if (rc != TSS2_RC_SUCCESS) { goto fail_out; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tcti-mssim.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-mssim.h
Changed
@@ -19,9 +19,11 @@ #define TCTI_MSSIM_CONF_MAX (_HOST_NAME_MAX + 16) #define TCTI_MSSIM_DEFAULT_HOST "localhost" #define TCTI_MSSIM_DEFAULT_PORT 2321 +#define TCTI_MSSIM_DEFAULT_PATH NULL #define MSSIM_CONF_DEFAULT_INIT { \ .host = TCTI_MSSIM_DEFAULT_HOST, \ .port = TCTI_MSSIM_DEFAULT_PORT, \ + .path = TCTI_MSSIM_DEFAULT_PATH, \ } #define TCTI_MSSIM_MAGIC 0xf05b04cd9f02728dULL @@ -29,6 +31,8 @@ typedef struct { char *host; uint16_t port; + /* if path is NULL, we use host/port */ + char *path; } mssim_conf_t; typedef struct {
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tcti-swtpm.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-swtpm.c
Changed
@@ -135,9 +135,15 @@ uint8_t resp_bufSWTPM_CTRL_RESP_MAX_LEN = { 0 }; size_t resp_buf_len = sizeof(uint32_t); - rc = socket_connect (tcti_swtpm->swtpm_conf.host, - tcti_swtpm->swtpm_conf.port + 1, - &tcti_swtpm->ctrl_sock); + if (tcti_swtpm->swtpm_conf.path) + rc = socket_connect_unix (tcti_swtpm->swtpm_conf.path, + 1, + &tcti_swtpm->ctrl_sock); + else + rc = socket_connect (tcti_swtpm->swtpm_conf.host, + tcti_swtpm->swtpm_conf.port, + 1, + &tcti_swtpm->ctrl_sock); if (rc != TSS2_RC_SUCCESS) { LOG_ERROR ("Failed to connect to control socket."); rc = TSS2_TCTI_RC_IO_ERROR; @@ -274,9 +280,15 @@ LOG_DEBUG ("Sending command with TPM_CC 0x%" PRIx32 " and size %" PRIu32, header.code, header.size); - rc = socket_connect (tcti_swtpm->swtpm_conf.host, - tcti_swtpm->swtpm_conf.port, - &tcti_swtpm->tpm_sock); + if (tcti_swtpm->swtpm_conf.path) + rc = socket_connect_unix (tcti_swtpm->swtpm_conf.path, + 0, + &tcti_swtpm->tpm_sock); + else + rc = socket_connect (tcti_swtpm->swtpm_conf.host, + tcti_swtpm->swtpm_conf.port, + 0, + &tcti_swtpm->tpm_sock); if (rc != TSS2_RC_SUCCESS) { return rc; } @@ -496,6 +508,7 @@ LOG_DEBUG ("key: %s / value: %s\n", key_value->key, key_value->value); if (strcmp (key_value->key, "host") == 0) { swtpm_conf->host = key_value->value; + swtpm_conf->path = NULL; return TSS2_RC_SUCCESS; } else if (strcmp (key_value->key, "port") == 0) { swtpm_conf->port = string_to_port (key_value->value); @@ -503,6 +516,10 @@ return TSS2_TCTI_RC_BAD_VALUE; } return TSS2_RC_SUCCESS; + } else if (strcmp (key_value->key, "path") == 0) { + swtpm_conf->path = key_value->value; + swtpm_conf->host = NULL; + return TSS2_RC_SUCCESS; } else { return TSS2_TCTI_RC_BAD_VALUE; } @@ -583,9 +600,15 @@ tcti_swtpm->ctrl_sock = -1; /* sanity check */ - rc = socket_connect (tcti_swtpm->swtpm_conf.host, - tcti_swtpm->swtpm_conf.port, - &tcti_swtpm->tpm_sock); + if (tcti_swtpm->swtpm_conf.path) + rc = socket_connect_unix (tcti_swtpm->swtpm_conf.path, + 0, + &tcti_swtpm->tpm_sock); + else + rc = socket_connect (tcti_swtpm->swtpm_conf.host, + tcti_swtpm->swtpm_conf.port, + 0, + &tcti_swtpm->tpm_sock); socket_close (&tcti_swtpm->tpm_sock); if (rc != TSS2_RC_SUCCESS) { LOG_ERROR ("Cannot connect to swtpm TPM socket");
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tcti-swtpm.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tcti-swtpm.h
Changed
@@ -19,9 +19,11 @@ #define TCTI_SWTPM_CONF_MAX (_HOST_NAME_MAX + 16) #define TCTI_SWTPM_DEFAULT_HOST "localhost" #define TCTI_SWTPM_DEFAULT_PORT 2321 +#define TCTI_SWTPM_DEFAULT_PATH NULL #define SWTPM_CONF_DEFAULT_INIT { \ .host = TCTI_SWTPM_DEFAULT_HOST, \ .port = TCTI_SWTPM_DEFAULT_PORT, \ + .path = TCTI_SWTPM_DEFAULT_PATH, \ } #define TCTI_SWTPM_MAGIC 0x496E66696E656F6EULL @@ -36,6 +38,8 @@ typedef struct { char *host; uint16_t port; + /* if path is NULL, we use host/port */ + char *path; } swtpm_conf_t; typedef struct {
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/tss2-tcti/tctildr-dl.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-tcti/tctildr-dl.c
Changed
@@ -268,7 +268,7 @@ rc = handle_from_name (name, data); if (rc != TSS2_RC_SUCCESS) return rc; - *info = (TSS2_TCTI_INFO*)info_from_handle (*data); + *info = info_from_handle (*data); if (*info == NULL) { tctildr_finalize_data (data); return TSS2_TCTI_RC_IO_ERROR;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/util/io.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/util/io.c
Changed
@@ -28,6 +28,12 @@ #include "util/log.h" #define MAX_PORT_STR_LEN sizeof("65535") + +/* sockaddr_un::sun_path is documented as char108, but it seems safer to let + * the compiler (or rather, the headers) derive this for us. (Cast to int to + * avoid signed/unsigned comparison warnings.) */ +#define MAX_SADDR_UN_PATH (int)sizeof(((struct sockaddr_un *)0)->sun_path) + /* * The 'read_all' function attempts to read all of the 'size' bytes requested * from the 'fd' provided into the buffer 'data'. This function will continue @@ -181,6 +187,7 @@ socket_connect ( const char *hostname, uint16_t port, + int control, SOCKET *sock) { static const struct addrinfo hints = { .ai_socktype = SOCK_STREAM, @@ -208,6 +215,9 @@ return TSS2_TCTI_RC_BAD_REFERENCE; } + if (control) + port++; + ret = snprintf(port_str, sizeof(port_str), "%u", port); if (ret < 0) return TSS2_TCTI_RC_BAD_VALUE; @@ -260,6 +270,46 @@ } TSS2_RC +socket_connect_unix ( + const char *path, + int control, + SOCKET *sock) +{ +#ifdef _WIN32 + return TSS2_TCTI_RC_BAD_REFERENCE; +#else + struct sockaddr_un saddr; + + if (path == NULL) + return TSS2_TCTI_RC_BAD_REFERENCE; + + saddr.sun_family = AF_UNIX; + + if (snprintf(saddr.sun_path, MAX_SADDR_UN_PATH, + control ? "%s.ctrl" : "%s", path) >= MAX_SADDR_UN_PATH) { + LOG_ERROR ("Socket %s%s is too long for AF_UNIX", + path, control ? ".ctrl" : ""); + return TSS2_TCTI_RC_BAD_VALUE; + } + + *sock = socket (AF_UNIX, SOCK_STREAM, 0); + + if (*sock == INVALID_SOCKET) { + LOG_WARNING ("Failed to create AF_UNIX socket"); + return TSS2_TCTI_RC_IO_ERROR; + } + + LOG_DEBUG ("Attempting UNIX connection to %s", saddr.sun_path); + if (connect (*sock, (struct sockaddr *)&saddr, sizeof(saddr)) == SOCKET_ERROR) { + LOG_WARNING ("Failed to connect to %s", saddr.sun_path); + return TSS2_TCTI_RC_IO_ERROR; + } + + return TSS2_RC_SUCCESS; +#endif +} + +TSS2_RC socket_set_nonblock (SOCKET sock) { #ifndef _WIN32
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/src/util/io.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/util/io.h
Changed
@@ -75,10 +75,26 @@ SOCKET fd, const uint8_t *buf, size_t size); +/* + * Connect to the given target using TCP. 'control' is to distinguish the data + * socket from the control socket. For TCP, the data socket and control socket + * are assumed to be on the same host and consecutive port numbers, so 'port' + * is incremented by 1 if 'control' is non-zero. + */ TSS2_RC socket_connect ( const char *hostname, uint16_t port, + int control, + SOCKET *socket); +/* + * Connect to the given target using unix domain sockets. (Not available on + * "_WIN32".) If 'control' is non-zero, ".ctrl" is appended to 'path'. + */ +TSS2_RC +socket_connect_unix ( + const char *path, + int control, SOCKET *socket); TSS2_RC socket_close (
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/helper/tpm_getek.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/helper/tpm_getek.c
Changed
@@ -7,8 +7,14 @@ #include <stdio.h> #include <inttypes.h> #include <openssl/evp.h> -#include <openssl/rsa.h> #include <openssl/pem.h> +#if OPENSSL_VERSION_NUMBER < 0x30000000 +#include <openssl/rsa.h> +#else +#include <openssl/core_names.h> +#include <openssl/params.h> +#include <openssl/param_build.h> +#endif #include "tss2_sys.h" #include "tss2_mu.h" @@ -24,7 +30,7 @@ TSS2_RC rc; TSS2_SYS_CONTEXT *sys_context; TSS2L_SYS_AUTH_COMMAND auth_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; TPM2B_SENSITIVE_CREATE in_sensitive = { 0 }; @@ -109,7 +115,7 @@ /* Convert the key from out_public to PEM */ - EVP_PKEY *evp = EVP_PKEY_new(); + EVP_PKEY *evp = NULL; BIO *bio; FILE *out = NULL; @@ -124,45 +130,35 @@ else bio = BIO_new_fp(stdout, BIO_NOCLOSE); - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - BIGNUM *d = BN_new(); - BIGNUM *p = BN_new(); - BIGNUM *q = BN_new(); - BIGNUM *dmp1 = BN_new(); - BIGNUM *dmq1 = BN_new(); - BIGNUM *iqmp = BN_new(); BIGNUM *n = BN_bin2bn(out_public.publicArea.unique.rsa.buffer, out_public.publicArea.unique.rsa.size, NULL); - BN_set_word(d, 0); - BN_set_word(p, 0); - BN_set_word(q, 0); - BN_set_word(dmp1, 0); - BN_set_word(dmq1, 0); - BN_set_word(iqmp, 0); uint32_t exp; if (out_public.publicArea.parameters.rsaDetail.exponent == 0) exp = 65537; else exp = out_public.publicArea.parameters.rsaDetail.exponent; + +#if OPENSSL_VERSION_NUMBER < 0x30000000 + BIGNUM *e = BN_new(); BN_set_word(e, exp); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - rsa->e = e; - rsa->n = n; - rsa->d = d; - rsa->p = p; - rsa->q = q; - rsa->dmp1 = dmp1; - rsa->dmq1 = dmq1; - rsa->iqmp = iqmp; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ - RSA_set0_key(rsa, n, e, d); - RSA_set0_factors(rsa, p, q); - RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ + RSA *rsa = RSA_new(); + RSA_set0_key(rsa, n, e, NULL); + n = NULL; + e = NULL; + evp = EVP_PKEY_new(); EVP_PKEY_assign_RSA(evp, rsa); +#else /* OPENSSL_VERSION_NUMBER < 0x30000000 */ + OSSL_PARAM_BLD *build = OSSL_PARAM_BLD_new(); + OSSL_PARAM_BLD_push_BN(build, OSSL_PKEY_PARAM_RSA_N, n); + OSSL_PARAM_BLD_push_uint32(build, OSSL_PKEY_PARAM_RSA_E, exp); + OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(build); + + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + EVP_PKEY_fromdata_init(ctx); + EVP_PKEY_fromdata(ctx, &evp, EVP_PKEY_PUBLIC_KEY, params); +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000 */ if (!PEM_write_bio_PUBKEY(bio, evp)) { LOG_ERROR("PEM_write failed"); @@ -170,6 +166,14 @@ } EVP_PKEY_free(evp); +#if OPENSSL_VERSION_NUMBER < 0x30000000 + /* ownership was taken by the EVP_PKEY */ +#else + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(build); +#endif + BN_free(n); BIO_free(bio); fclose(out);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/helper/tpm_getek_ecc.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/helper/tpm_getek_ecc.c
Changed
@@ -7,9 +7,15 @@ #include <stdio.h> #include <inttypes.h> #include <openssl/evp.h> -#include <openssl/rsa.h> #include <openssl/pem.h> #include <openssl/err.h> +#if OPENSSL_VERSION_NUMBER < 0x30000000 +#include <openssl/ec.h> +#else +#include <openssl/core_names.h> +#include <openssl/params.h> +#include <openssl/param_build.h> +#endif #include <string.h> #include "tss2_sys.h" @@ -39,7 +45,7 @@ TSS2_RC rc; TSS2_SYS_CONTEXT *sys_context; TSS2L_SYS_AUTH_COMMAND auth_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; TPM2B_SENSITIVE_CREATE in_sensitive = { 0 }; @@ -127,16 +133,7 @@ /* Convert the key from out_public to PEM */ - EVP_PKEY *evp = EVP_PKEY_new(); - - OpenSSL_add_all_algorithms(); - - OpenSSL_add_all_algorithms(); - - ERR_load_crypto_strings(); - - - EC_KEY *ecc_key = EC_KEY_new(); + EVP_PKEY *evp = NULL; BIGNUM *x = NULL, *y = NULL; BIO *bio; FILE *out = NULL; @@ -156,12 +153,6 @@ nid = EC_curve_nist2nid("P-256"); EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(nid); - if (!EC_KEY_set_group(ecc_key, ecgroup)) - exit(1); - - EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE); - EC_GROUP_free(ecgroup); - /* Set the ECC parameters in the OpenSSL key */ x = BN_bin2bn(out_public.publicArea.unique.ecc.x.buffer, out_public.publicArea.unique.ecc.x.size, NULL); @@ -173,15 +164,46 @@ exit(1); } - if (!EC_KEY_set_public_key_affine_coordinates(ecc_key, x, y)) { + EC_POINT *point = EC_POINT_new(ecgroup); +#if OPENSSL_VERSION_NUMBER < 0x10101000L + EC_POINT_set_affine_coordinates_GFp(ecgroup, point, x, y, NULL); +#else + EC_POINT_set_affine_coordinates(ecgroup, point, x, y, NULL); +#endif + +#if OPENSSL_VERSION_NUMBER < 0x30000000 + EC_KEY *ecc_key = EC_KEY_new(); + if (!EC_KEY_set_group(ecc_key, ecgroup)) + exit(1); + + if (!EC_KEY_set_public_key(ecc_key, point)) { exit(1); } + evp = EVP_PKEY_new(); if (!EVP_PKEY_assign_EC_KEY(evp, ecc_key)) { handleErrors(); LOG_ERROR("PEM_write failed"); exit(1); } +#else /* OPENSSL_VERSION_NUMBER < 0x30000000 */ + unsigned char *puboct = NULL; + size_t bsize; + + bsize = EC_POINT_point2buf(ecgroup, point, POINT_CONVERSION_UNCOMPRESSED, + &puboct, NULL); + + OSSL_PARAM_BLD *build = OSSL_PARAM_BLD_new(); + OSSL_PARAM_BLD_push_utf8_string(build, OSSL_PKEY_PARAM_GROUP_NAME, + (char *)OBJ_nid2sn(nid), 0); + OSSL_PARAM_BLD_push_octet_string(build, OSSL_PKEY_PARAM_PUB_KEY, + puboct, bsize); + OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(build); + + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + EVP_PKEY_fromdata_init(ctx); + EVP_PKEY_fromdata(ctx, &evp, EVP_PKEY_PUBLIC_KEY, params); +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000 */ if (!PEM_write_bio_PUBKEY(bio, evp)) { handleErrors(); @@ -189,9 +211,19 @@ exit(1); } + EVP_PKEY_free(evp); +#if OPENSSL_VERSION_NUMBER < 0x30000000 + /* ownership was taken by the EVP_PKEY */ +#else + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(build); + OPENSSL_free(puboct); +#endif + EC_POINT_free(point); + EC_GROUP_free(ecgroup); BN_free(y); BN_free(x); - EVP_PKEY_free(evp); BIO_free(bio); fclose(out);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/helper/tpm_writeekcert.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/helper/tpm_writeekcert.c
Changed
@@ -39,7 +39,7 @@ TSS2_RC rc; TSS2_SYS_CONTEXT *sys_context; TSS2L_SYS_AUTH_COMMAND auth_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; TPMI_RH_NV_INDEX nvIndex;
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/esys-get-capability-act.int.c
Added
@@ -0,0 +1,62 @@ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdlib.h> + +#include "tss2_esys.h" + + +#include "esys_iutil.h" +#include "test-esys.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" +/** This test is intended to test to get ACT + * capabilities using the get capability command. + * + * + * Tested ESYS commands: + * - Esys_GetCapability() (M) + * + * @paramin,out esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ +int +test_esys_get_capability_act(ESYS_CONTEXT * esys_context) +{ + TSS2_RC r; + TPM2_CAP capability = TPM2_CAP_ACT; + UINT32 property = TPM2_RH_ACT_0; + UINT32 propertyCount = 1; + TPMS_CAPABILITY_DATA *capabilityData; + TPMI_YES_NO moreData; + + r = Esys_GetCapability(esys_context, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + capability, property, propertyCount, + &moreData, &capabilityData); + + /* Check whether capability is available. */ + if ((r & ~TPM2_RC_N_MASK) == (TPM2_RC_P | TPM2_RC_VALUE)) { + SAFE_FREE(capabilityData); + return EXIT_SKIP; + } + + goto_if_error(r, "Error esys get capability", error); + + SAFE_FREE(capabilityData); + + return EXIT_SUCCESS; + + error: + SAFE_FREE(capabilityData); + + return EXIT_FAILURE; +} + +int +test_invoke_esys(ESYS_CONTEXT * esys_context) { + return test_esys_get_capability_act(esys_context); +}
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/esys-pcr-auth-value.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/esys-pcr-auth-value.int.c
Changed
@@ -70,6 +70,20 @@ goto_if_error(r, "Error: PCR_SetAuthValue", error); + /* This should work as the authValue should be remembered, see + * - https://github.com/tpm2-software/tpm2-tss/issues/2099 + * for details. + */ + r = Esys_PCR_SetAuthValue( + esys_context, + pcrHandle_handle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE, + &auth + ); + goto_if_error(r, "Error: PCR_SetAuthValue2", error); + TPM2B_DIGEST authPolicy = { .size = 32, .buffer = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,11, 12, 13, 14, 15, 16, 17,
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/esys-tr-fromTpmPublic-nv.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/esys-tr-fromTpmPublic-nv.int.c
Changed
@@ -26,6 +26,7 @@ * - Esys_NV_DefineSpace() (M) * - Esys_NV_ReadPublic() (M) * - Esys_NV_UndefineSpace() (M) + * - Esys_TR_FromTPMPublic() (M) * * @paramin,out ectx The ESYS_CONTEXT. * @retval EXIT_FAILURE @@ -57,6 +58,13 @@ } }; + ESYS_TR session = ESYS_TR_NONE; + ESYS_TR session2 = ESYS_TR_NONE; + TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, + .keyBits = {.aes = 128}, + .mode = {.aes = TPM2_ALG_CFB} + }; + r = Esys_NV_DefineSpace(ectx, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &auth, &publicInfo, &nvHandle); @@ -70,11 +78,73 @@ r = Esys_TR_Close(ectx, &nvHandle); goto_if_error(r, "TR close on nv object", error_name1); + /* Reading public data for a TPM handle without session */ + r = Esys_TR_FromTPMPublic(ectx, TPM2_NV_INDEX_FIRST, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &nvHandle); + goto_if_error(r, "TR from TPM public", error_name1); + + /* Reading public data for a TPM handle without session for an existing + esys object. */ r = Esys_TR_FromTPMPublic(ectx, TPM2_NV_INDEX_FIRST, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, &nvHandle); goto_if_error(r, "TR from TPM public", error_name1); + r = Esys_TR_Close(ectx, &nvHandle); + goto_if_error(r, "TR close on nv object", error_name1); + + /* Reading public data for a TPM handle with a HMAC session. */ + r = Esys_StartAuthSession(ectx, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + NULL, + TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, + &session); + + goto_if_error(r, "Error: During initialization of session", error); + + r = Esys_TRSess_SetAttributes(ectx, session, TPMA_SESSION_ENCRYPT, + TPMA_SESSION_CONTINUESESSION | TPMA_SESSION_ENCRYPT); + goto_if_error(r, "TR_Sess_SetAttributes", error); + + r = Esys_StartAuthSession(ectx, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + NULL, + TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, + &session2); + goto_if_error(r, "Error: During initialization of session", error); + + /* Create also a second session for reading the public data. */ + + r = Esys_TRSess_SetAttributes(ectx, session2, TPMA_SESSION_AUDIT, + TPMA_SESSION_CONTINUESESSION | TPMA_SESSION_AUDIT); + + goto_if_error(r, "TR_Sess_SetAttributes", error); + + r = Esys_TR_FromTPMPublic(ectx, TPM2_NV_INDEX_FIRST, + session, session2, ESYS_TR_NONE, + &nvHandle); + goto_if_error(r, "TR from TPM public", error_name1); + + /* Reading public data for a TPM handle with a HMAC session for an existing + esys object. */ + r = Esys_StartAuthSession(ectx, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + NULL, + TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, + &session); + + goto_if_error(r, "Error: During initialization of session", error); + + r = Esys_TRSess_SetAttributes(ectx, session, TPMA_SESSION_ENCRYPT, + TPMA_SESSION_CONTINUESESSION | TPMA_SESSION_ENCRYPT); + goto_if_error(r, "TR_Sess_SetAttributes", error); + + r = Esys_TR_FromTPMPublic(ectx, TPM2_NV_INDEX_FIRST, + session, ESYS_TR_NONE, ESYS_TR_NONE, + &nvHandle); + goto_if_error(r, "TR from TPM public", error_name1); + r = Esys_TR_GetName(ectx, nvHandle, &name2); goto_if_error(r, "TR get name", error_name1);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-data-crypt.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-data-crypt.int.c
Changed
@@ -129,21 +129,17 @@ mdctx = EVP_MD_CTX_create(); chknull(mdctx); - if (1 != EVP_DigestSignInit(mdctx, &pctx, NULL, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL digest sign init.", + if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { + goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", error_cleanup); } - if (EVP_PKEY_type(EVP_PKEY_id(priv_key)) == EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(priv_key) == EVP_PKEY_RSA) { int signing_scheme = RSA_SIG_SCHEME; if (1 != EVP_PKEY_CTX_set_rsa_padding(pctx, signing_scheme)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL set RSA padding.", error_cleanup); } } - if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", - error_cleanup); - } if (1 != EVP_DigestSignUpdate(mdctx, dataToSign, dataToSignSize)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign update.", error_cleanup);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-export-policy.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-export-policy.int.c
Changed
@@ -231,6 +231,9 @@ r = Fapi_Provision(context, NULL, NULL, NULL); goto_if_error(r, "Error Fapi_Provision", error); + r = pcr_reset(context, 16); + goto_if_error(r, "Error pcr_reset", error); + for (i = 0; i < sizeof(policies) / sizeof(policies0); i++) { fprintf(stderr, "\nTest policy: %s\n", policiesi.path); json_policy = read_policy(context, policiesi.path);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-ext-public-key.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-ext-public-key.int.c
Changed
@@ -48,7 +48,7 @@ BIO *bufio = NULL; EVP_PKEY *evp_key = NULL; - RSA *rsa_key = NULL; + EVP_PKEY_CTX *ctx = NULL; /* Key will be used for non TPM signature verfication. */ char *pubkey_pem = @@ -185,10 +185,8 @@ bufio = BIO_new_mem_buf((void *)priv_pem, strlen(priv_pem)); evp_key = PEM_read_bio_PrivateKey(bufio, NULL, NULL, NULL); - rsa_key = EVP_PKEY_get1_RSA(evp_key); - - if (!bufio || !evp_key || !rsa_key) { + if (!bufio || !evp_key) { LOG_ERROR("Generation of test key failed."); goto error; } @@ -198,10 +196,20 @@ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d }; uint8_t signature256; - unsigned int signatureLength = 256; + size_t signatureLength = 256; - if (!RSA_sign(NID_sha1, digest, 20, signature, &signatureLength, rsa_key)) { - LOG_ERROR("Test RSA_sign failed."); + if ((ctx = EVP_PKEY_CTX_new(evp_key, NULL)) == NULL) { + LOG_ERROR("Test EVP_PKEY_CTX_new failed."); + goto error; + } + if (EVP_PKEY_sign_init(ctx) <= 0 + || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0 + || EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()) <= 0) { + LOG_ERROR("Test EVP_PKEY_sign_init failed."); + goto error; + } + if (EVP_PKEY_sign(ctx, signature, &signatureLength, digest, 20) <= 0) { + LOG_ERROR("Test EVP_PKEY_sign failed."); goto error; } @@ -246,12 +254,8 @@ if (bufio) { BIO_free(bufio); } - if (evp_key) { - EVP_PKEY_free(evp_key); - } - if (rsa_key) { - RSA_free(rsa_key); - } + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(evp_key); SAFE_FREE(path_list); SAFE_FREE(cert2); return EXIT_SUCCESS; @@ -261,12 +265,8 @@ if (bufio) { BIO_free(bufio); } - if (evp_key) { - EVP_PKEY_free(evp_key); - } - if (rsa_key) { - RSA_free(rsa_key); - } + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(evp_key); SAFE_FREE(path_list); SAFE_FREE(cert2); return EXIT_FAILURE;
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-he-sign.int.c
Added
@@ -0,0 +1,133 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdlib.h> +#include <string.h> + +#include "tss2_fapi.h" + +#include "test-fapi.h" +#include "fapi_util.h" +#include "fapi_int.h" + +#include "esys_iutil.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +#define PASSWORD "abc" +#define SIGN_TEMPLATE "sign,noDa" +#ifndef FAPI_PROFILE +#define FAPI_PROFILE "P_ECC" +#endif /* FAPI_PROFILE */ + +static TSS2_RC +auth_callback( + char const *objectPath, + char const *description, + const char **auth, + void *userData) +{ + UNUSED(description); + UNUSED(userData); + + if (!objectPath) { + return_error(TSS2_FAPI_RC_BAD_VALUE, "No path."); + } + + *auth = PASSWORD; + return TSS2_RC_SUCCESS; +} + +/** Test creation of a signing key in the endorsement hierarchy. + * + * Tested FAPI commands: + * - Fapi_Provision() + * - Fapi_SetAuthCB() + * - Fapi_CreateKey() + * - Fapi_Sign() + * - Fapi_VerifySignature() + * - Fapi_List() + * - Fapi_Delete() + * + * @paramin,out context The FAPI_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ +int +test_fapi_key_create_he_sign(FAPI_CONTEXT *context) +{ + TSS2_RC r; + char *sigscheme = NULL; + + uint8_t *signature = NULL; + char *publicKey = NULL; + char *path_list = NULL; + + if (strcmp("P_ECC", fapi_profile) != 0) + sigscheme = "RSA_PSS"; + + /* We need to reset the passwords again, in order to not brick physical TPMs */ + r = Fapi_Provision(context, NULL, NULL, NULL); + goto_if_error(r, "Error Fapi_Provision", error); + + r = Fapi_SetAuthCB(context, auth_callback, NULL); + goto_if_error(r, "Error SetPolicyAuthCallback", error); + + r = Fapi_CreateKey(context, "HE/EK/mySignKey", SIGN_TEMPLATE , "", + PASSWORD); + + goto_if_error(r, "Error Fapi_CreateKey", error); + size_t signatureSize = 0; + + TPM2B_DIGEST digest = { + .size = 32, + .buffer = { + 0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0, + 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f, + 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f, + 0x67, 0x68 + } + }; + + + r = Fapi_Sign(context, "HE/EK/mySignKey", sigscheme, + &digest.buffer0, digest.size, &signature, &signatureSize, + &publicKey, NULL); + goto_if_error(r, "Error Fapi_Sign", error); + ASSERT(signature != NULL); + ASSERT(publicKey != NULL); + ASSERT(strlen(publicKey) > ASSERT_SIZE); + + r = Fapi_VerifySignature(context, "HE/EK/mySignKey", + &digest.buffer0, digest.size, signature, signatureSize); + goto_if_error(r, "Error Fapi_VerifySignature", error); + + r = Fapi_Delete(context, "/"); + goto_if_error(r, "Error Fapi_Delete", error); + + SAFE_FREE(path_list); + SAFE_FREE(publicKey); + SAFE_FREE(signature); + return EXIT_SUCCESS; + +error: + Fapi_Delete(context, "/"); + SAFE_FREE(path_list); + SAFE_FREE(publicKey); + SAFE_FREE(signature); + return EXIT_FAILURE; +} + +int +test_invoke_fapi(FAPI_CONTEXT *fapi_context) +{ + return test_fapi_key_create_he_sign(fapi_context); +}
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create-null-key-sign.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-null-key-sign.int.c
Changed
@@ -152,6 +152,36 @@ r = Fapi_Delete(context, "HS/myPrimary"); goto_if_error(r, "Error Fapi_Delete", error); + /* Test the creation of a primary in the storage hierarchy with a policy. */ + + char *policy_name = "/policy/pol_pcr16_0"; + const char *json_policy = + "{" \ + "\"description\":\"Description pol_16_0\"," \ + "\"policy\":" \ + "{" \ + "\"type\":\"POLICYPCR\"," \ + "\"pcrs\":" \ + "{" \ + "\"pcr\":16," \ + "\"hashAlg\":\"TPM2_ALG_SHA256\"," \ + "\"digest\":\"00000000000000000000000000000000000000000000000000000000000000000\"" \ + "}" \ + "" \ + "}" \ + "" \ + "}"; + + r = Fapi_Import(context, policy_name, json_policy); + goto_if_error(r, "Error Fapi_Import", error); + + r = Fapi_CreateKey(context, "HS/myPrimary", "noDa", policy_name, + NULL); + goto_if_error(r, "Error Fapi_CreateKey", error); + + r = Fapi_Delete(context, "HS/myPrimary"); + goto_if_error(r, "Error Fapi_Delete", error); + /* Test the creation of a primary in the endorsement hierarchy. */ r = Fapi_CreateKey(context, "HE/myPrimary", "noDa", "", PASSWORD);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create-policy-nv-sign.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-policy-nv-sign.int.c
Changed
@@ -149,6 +149,7 @@ SAFE_FREE(publicKey); SAFE_FREE(certificate); SAFE_FREE(json_policy); + SAFE_FREE(pathList); return EXIT_FAILURE; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create-policy-signed.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-policy-signed.int.c
Changed
@@ -143,21 +143,17 @@ mdctx = EVP_MD_CTX_create(); chknull(mdctx); - if (1 != EVP_DigestSignInit(mdctx, &pctx, NULL, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL digest sign init.", + if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { + goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", error_cleanup); } - if (EVP_PKEY_type(EVP_PKEY_id(priv_key)) == EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(priv_key) == EVP_PKEY_RSA) { int signing_scheme = RSA_SIG_SCHEME; if (1 != EVP_PKEY_CTX_set_rsa_padding(pctx, signing_scheme)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL set RSA padding.", error_cleanup); } } - if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", - error_cleanup); - } if (1 != EVP_DigestSignUpdate(mdctx, dataToSign, dataToSignSize)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign update.", error_cleanup);
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-primary-sign.int.c
Added
@@ -0,0 +1,210 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdlib.h> +#include <string.h> + +#include "tss2_fapi.h" + +#include "test-fapi.h" +#include "fapi_util.h" +#include "fapi_int.h" + +#include "esys_iutil.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +#define PASSWORD "abc" +#define SIGN_TEMPLATE "sign,noDa" +#ifndef FAPI_PROFILE +#define FAPI_PROFILE "P_ECC" +#endif /* FAPI_PROFILE */ + +json_object * +get_json_hex_string(const uint8_t *buffer, size_t size) +{ + + char hex_stringsize * 2 + 1; + + for (size_t i = 0, off = 0; i < size; i++, off += 2) { + sprintf(&hex_stringoff, "%02x", bufferi); + } + hex_string(size) * 2 = '\0'; + json_object *jso = json_object_new_string(hex_string); + return jso; +} + +static TSS2_RC +auth_callback( + char const *objectPath, + char const *description, + const char **auth, + void *userData) +{ + UNUSED(description); + UNUSED(userData); + + if (!objectPath) { + return_error(TSS2_FAPI_RC_BAD_VALUE, "No path."); + } + + *auth = PASSWORD; + return TSS2_RC_SUCCESS; +} + +/** Test signing with a primary key with an auth value + * + * Tested FAPI commands: + * - Fapi_Provision() + * - Fapi_SetAuthCB() + * - Fapi_CreateKey() + * - Fapi_GetTpmBlobs() + * - Fapi_Sign() + * - Fapi_VerifySignature() + * - Fapi_SetCertificate() + * - Fapi_List() + * - Fapi_Delete() + * + * @paramin,out context The FAPI_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ +int +test_fapi_key_create_sign(FAPI_CONTEXT *context) +{ + TSS2_RC r; + char *sigscheme = NULL; + + const char *cert = + "-----BEGIN CERTIFICATE-----\n" + "MIIDBjCCAe4CCQDcvXBOEVM0UTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE\n" + "RTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\n" + "cyBQdHkgTHRkMB4XDTE5MDIyODEwNDkyM1oXDTM1MDgyNzEwNDkyM1owRTELMAkG\n" + "A1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\n" + "IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "AKBi+iKwkgM55iCMwXrLCJlu7TzlMu/LlkyGrm99ip2B5+/Cl6a62d8pKelg6zkH\n" + "jI7+AAPteJiW4O+2qVWF8hJ5BXTjGtYbM0iZ6enCb8eyC54C7xVMc21ZIv3ob4Et\n" + "50ZOuzY2pfpzE3vIaXt1CkHlfyI/hdK+mM/dVvuCz5p3AIlHrEWS3rSNgWbCsB2E\n" + "TM55qSGKaLmtTbUvEKRF0TJrFLntfXkv10QD5pgn52+QV9k59OogqZOsDvkXzKPX\n" + "rXF+XC0gLiGBEGAr1dv9F03xMOtO77bQTdGOeC61Tip6Nb0V3ebMckZXwdFi+Nhe\n" + "FRuU33CaObtV6u5PZvSue/MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcamUPe8I\n" + "nMOHcv9x5lVN1joihVRmKc0QqNLFc6XpJY8+U5rGkZvOcDe9Da8L97wDNXpKmU/q\n" + "pprj3rT8l3v0Z5xs8Vdr8lxS6T5NhqQV0UCsn1x14gZJcE48y9/LazYi6Zcar+BX\n" + "Am4vewAV3HmQ8X2EctsRhXe4wlAq4slIfEWaaofa8ai7BzO9KwpMLsGPWoNetkB9\n" + "19+SFt0lFFOj/6vDw5pCpSd1nQlo1ug69mJYSX/wcGkV4t4LfGhV8jRPDsGs6I5n\n" + "ETHSN5KV1XCPYJmRCjFY7sIt1x4zN7JJRO9DVw+YheIlduVfkBiF+GlQgLlFTjrJ\n" + "VrpSGMIFSu301A==\n" + "-----END CERTIFICATE-----\n"; + + uint8_t *signature = NULL; + char *publicKey = NULL; + char *certificate = NULL; + uint8_t *publicblob = NULL; + uint8_t *privateblob = NULL; + char *policy = NULL; + char *path_list = NULL; + size_t publicsize; + size_t privatesize; + json_object *jso = NULL; + + if (strcmp("P_ECC", fapi_profile) != 0) + sigscheme = "RSA_PSS"; + + /* We need to reset the passwords again, in order to not brick physical TPMs */ + r = Fapi_Provision(context, NULL, PASSWORD, NULL); + goto_if_error(r, "Error Fapi_Provision", error); + + r = Fapi_SetAuthCB(context, auth_callback, NULL); + goto_if_error(r, "Error SetPolicyAuthCallback", error); + +#ifdef PERSISTENT + r = Fapi_CreateKey(context, "HS/mySignKey", SIGN_TEMPLATE ",0x81000004", "", + PASSWORD); +#else + r = Fapi_CreateKey(context, "HS/mySignKey", SIGN_TEMPLATE "", "", + PASSWORD); +#endif + goto_if_error(r, "Error Fapi_CreateKey_Async", error); + + goto_if_error(r, "Error Fapi_CreateKey_Finish", error); + size_t signatureSize = 0; + + TPM2B_DIGEST digest = { + .size = 32, + .buffer = { + 0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0, + 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f, + 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f, + 0x67, 0x68 + } + }; + + r = Fapi_GetTpmBlobs(context, "HS/mySignKey", &publicblob, + &publicsize, + &privateblob, &privatesize, &policy); + goto_if_error(r, "Error Fapi_GetTpmBlobs", error); + ASSERT(publicblob != NULL); + ASSERT(privateblob != NULL); + ASSERT(policy != NULL); + ASSERT(strlen(policy) == 0); + + r = Fapi_SetCertificate(context, "HS/mySignKey", cert); + goto_if_error(r, "Error Fapi_SetCertificate", error); + + r = Fapi_Sign(context, "HS/mySignKey", sigscheme, + &digest.buffer0, digest.size, &signature, &signatureSize, + &publicKey, &certificate); + goto_if_error(r, "Error Fapi_Sign", error); + ASSERT(signature != NULL); + ASSERT(publicKey != NULL); + ASSERT(certificate != NULL); + ASSERT(strlen(publicKey) > ASSERT_SIZE); + ASSERT(strlen(certificate) > ASSERT_SIZE); + + r = Fapi_VerifySignature(context, "HS/mySignKey", + &digest.buffer0, digest.size, signature, signatureSize); + goto_if_error(r, "Error Fapi_VerifySignature", error); + + /* We need to reset the passwords again, in order to not brick physical TPMs */ + r = Fapi_ChangeAuth(context, "/HS", NULL); + goto_if_error(r, "Error Fapi_ChangeAuth", error); + + r = Fapi_Delete(context, "/"); + goto_if_error(r, "Error Fapi_Delete", error); + + json_object_put(jso); + SAFE_FREE(path_list); + SAFE_FREE(publicblob); + SAFE_FREE(privateblob); + SAFE_FREE(policy); + SAFE_FREE(publicKey); + SAFE_FREE(signature); + SAFE_FREE(certificate); + return EXIT_SUCCESS; + +error: + if (jso) + json_object_put(jso); + Fapi_Delete(context, "/"); + SAFE_FREE(path_list); + SAFE_FREE(publicblob); + SAFE_FREE(privateblob);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create-sign-password-provision.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-sign-password-provision.int.c
Changed
@@ -113,6 +113,9 @@ r = Fapi_Provision(context, NULL, PASSWORD, NULL); goto_if_error(r, "Error Fapi_Provision", error); + r = pcr_reset(context, 16); + goto_if_error(r, "Error pcr_reset", error); + r = Fapi_SetAuthCB(context, auth_callback, NULL); goto_if_error(r, "Error SetPolicyAuthCallback", error);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create-sign.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create-sign.int.c
Changed
@@ -250,6 +250,7 @@ SAFE_FREE(policy); SAFE_FREE(publicKey); SAFE_FREE(signature); + SAFE_FREE(certificate); return EXIT_FAILURE; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-key-create2-sign.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-key-create2-sign.int.c
Changed
@@ -409,6 +409,7 @@ SAFE_FREE(policy); SAFE_FREE(publicKey); SAFE_FREE(signature); + SAFE_FREE(certificate); return EXIT_FAILURE; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-pcr-test.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-pcr-test.int.c
Changed
@@ -45,6 +45,41 @@ {\n\ \"hashAlg\":\"SHA512\",\n\ \"digest\":\"0f89ee1fcb7b0a4f7809d1267a029719004c5a5e5ec323a7c3523a20974f9a3f202f56fadba4cd9e8d654ab9f2e96dc5c795ea176fa20ede8d854c342f903533\"\n\ + },\n\ + {\n\ + \"hashAlg\":\"SM3_256\",\n\ + \"digest\":\"24c898bdb4d258f9bebb2e820d4ed478a7c013b37bd9e5006515730c18a70416\"\n\ + }\n\ + ,\n\ + \"type\":\"tss2\",\n\ + \"sub_event\":{\n\ + \"data\":\"00010203040506070809\",\n\ + \"event\":{\n\ + \"test\":\"myfile\"\n\ + }\n\ + }\n\ + }\n\ +", +"\n\ + {\n\ + \"recnum\":1,\n\ + \"pcr\":16,\n\ + \"digests\":\n\ + {\n\ + \"hashAlg\":\"SHA1\",\n\ + \"digest\":\"494179714a6cd627239dfededf2de9ef994caf03\"\n\ + },\n\ + {\n\ + \"hashAlg\":\"SHA256\",\n\ + \"digest\":\"1f825aa2f0020ef7cf91dfa30da4668d791c5d4824fc8e41354b89ec05795ab3\"\n\ + },\n\ + {\n\ + \"hashAlg\":\"SHA384\",\n\ + \"digest\":\"182e95266adff49059e706c61483478fe0688150c8d08b95fab5cfde961f12d903aaf44104af4ce72ba6a4bf20302b2e\"\n\ + },\n\ + {\n\ + \"hashAlg\":\"SHA512\",\n\ + \"digest\":\"0f89ee1fcb7b0a4f7809d1267a029719004c5a5e5ec323a7c3523a20974f9a3f202f56fadba4cd9e8d654ab9f2e96dc5c795ea176fa20ede8d854c342f903533\"\n\ }\n\ ,\n\ \"type\":\"tss2\",\n\ @@ -183,10 +218,12 @@ ASSERT(log != NULL); ASSERT(strlen(log) > ASSERT_SIZE); - for (i = 0; i < ( sizeof(log_exp) / sizeof(log_exp0) ); i++) + size_t number_of_test_values = sizeof(log_exp) / sizeof(log_exp0); + + for (i = 0; i < number_of_test_values; i++) if (strcmp(log_expi, log) == 0) break; - if (i >= 3) { + if (i >= number_of_test_values) { LOG_ERROR("Log mismatch. Received: %s", log); goto error; }
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-quote-with-primary.int.c
Added
@@ -0,0 +1,338 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <json-c/json.h> +#include <json-c/json_util.h> +#include <json-c/json_tokener.h> + +#include "tss2_fapi.h" + +#include "test-fapi.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +#define EVENT_SIZE 10 +#ifndef FAPI_PROFILE +#define FAPI_PROFILE "P_ECC" +#endif /* FAPI_PROFILE */ + +/** Test the FAPI functions for quote commands. + * + * Tested FAPI commands: + * - Fapi_Provision() + * - Fapi_CreateKey() + * - Fapi_PcrExtend() + * - Fapi_Quote() + * - Fapi_ExportKey() + * - Fapi_Import() + * - Fapi_PcrRead() + * - Fapi_VerifyQuote() + * - Fapi_List() + * - Fapi_Delete() + * + * @paramin,out context The FAPI_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ +int +test_fapi_quote(FAPI_CONTEXT *context) +{ + TSS2_RC r; + json_object *jso = NULL; + char *pubkey_pem = NULL; + uint8_t *signature = NULL; + char *quoteInfo = NULL; + char *pcrEventLog = NULL; + char *certificate = NULL; + char *export_data = NULL; + json_object *jso_public = NULL; + uint8_t *pcr_digest = NULL; + char *log = NULL; + char *pathlist = NULL; + + uint8_t dataEVENT_SIZE = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9}; + size_t signatureSize = 0; + uint32_t pcrList1 = { 16 }; + size_t pcr_digest_size = 0; + + r = Fapi_Provision(context, NULL, NULL, NULL); + + goto_if_error(r, "Error Fapi_Provision", error); + + r = Fapi_CreateKey(context, "HS/mySignKey", "sign,noDa", "", NULL); + goto_if_error(r, "Error Fapi_CreateKey", error); + + r = Fapi_SetCertificate(context, "HS/mySignKey", "-----BEGIN " \ + "CERTIFICATE-----...-----END CERTIFICATE-----"); + goto_if_error(r, "Error Fapi_SetCertificate", error); + + uint8_t qualifyingData20 = { + 0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0, + 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f + }; + + r = pcr_reset(context, 16); + goto_if_error(r, "Error pcr_reset", error); + + r = Fapi_PcrExtend(context, 16, data, EVENT_SIZE, "{ \"test\": \"myfile\" }"); + goto_if_error(r, "Error Fapi_PcrExtend", error); + + r = Fapi_Quote(context, pcrList, 1, "HS/mySignKey", + "TPM-Quote", + qualifyingData, 20, + "eInfo, + &signature, &signatureSize, + &pcrEventLog, &certificate); + goto_if_error(r, "Error Fapi_Quote", error); + ASSERT(quoteInfo != NULL); + ASSERT(signature != NULL); + ASSERT(pcrEventLog != NULL); + ASSERT(certificate != NULL); + ASSERT(strlen(quoteInfo) > ASSERT_SIZE); + ASSERT(strlen(pcrEventLog) > ASSERT_SIZE); + ASSERT(strlen(certificate) > ASSERT_SIZE); + + LOG_INFO("\npcrEventLog: %s\n", pcrEventLog); + + LOG_INFO("Quote Info:\n%s\n", quoteInfo); + char *field_list_quote_info = { "attest", "attested", "pcrDigest" }; + CHECK_JSON_FIELDS(quoteInfo, field_list_quote_info, "", error); + + r = Fapi_ExportKey(context, "HS/mySignKey", NULL, &export_data); + goto_if_error(r, "Export.", error); + ASSERT(export_data != NULL); + ASSERT(strlen(export_data) > ASSERT_SIZE); + + jso = json_tokener_parse(export_data); + LOG_INFO("\nExported: %s\n", export_data); + + char *fields_export = { "pem_ext_public" }; + CHECK_JSON_FIELDS(export_data, fields_export, "BEGIN PUBLIC KEY", error); + + if (!jso || !json_object_object_get_ex(jso, "pem_ext_public", &jso_public)) { + LOG_ERROR("No public key eyported."); + goto error; + } + pubkey_pem = strdup(json_object_get_string(jso_public)); + if (!pubkey_pem) { + LOG_ERROR("Out of memory."); + goto error; + } + + r = Fapi_Import(context, "/ext/myExtPubKey", pubkey_pem); + goto_if_error(r, "Error Fapi_Import", error); + + r = Fapi_PcrRead(context, 16, &pcr_digest, + &pcr_digest_size, &log); + goto_if_error(r, "Error Fapi_PcrRead", error); + ASSERT(pcr_digest != NULL); + ASSERT(log != NULL); + ASSERT(strlen(log) > ASSERT_SIZE); + + LOG_INFO("\nTEST_JSON\nLog:\n%s\nEND_JSON", log); + LOG_INFO("Quote Info:\n%s\n", quoteInfo); + + const char *log_check_list = + { + "" + " {" + " \"recnum\":1," + " \"pcr\":16," + " \"digests\":" + " {" + " \"hashAlg\":\"SHA1\"," + " \"digest\":\"494179714a6cd627239dfededf2de9ef994caf03\"" + " }," + " {" + " \"hashAlg\":\"SHA256\"," + " \"digest\":\"1f825aa2f0020ef7cf91dfa30da4668d791c5d4824fc8e41354b89ec05795ab3\"" + " }," + " {" + " \"hashAlg\":\"SHA384\"," + " \"digest\":\"182e95266adff49059e706c61483478fe0688150c8d08b95fab5cfde961f12d903aaf44104af4ce72ba6a4bf20302b2e\"" + " }," + " {" + " \"hashAlg\":\"SHA512\"," + " \"digest\":\"0f89ee1fcb7b0a4f7809d1267a029719004c5a5e5ec323a7c3523a20974f9a3f202f56fadba4cd9e8d654ab9f2e96dc5c795ea176fa20ede8d854c342f903533\"" + " }," + " {" + " \"hashAlg\":\"SM3_256\"," + " \"digest\":\"24c898bdb4d258f9bebb2e820d4ed478a7c013b37bd9e5006515730c18a70416\"" + " }," + + " ," + " \"type\":\"tss2\"," + " \"sub_event\":{" + " \"data\":\"00010203040506070809\"," + " \"event\":{" + " \"test\":\"myfile\"" + " }" + " }" + " }" + "", + "" + " {" + " \"recnum\":1," + " \"pcr\":16," + " \"digests\":" + " {" + " \"hashAlg\":\"SHA1\"," + " \"digest\":\"494179714a6cd627239dfededf2de9ef994caf03\"" + " }," + " {" + " \"hashAlg\":\"SHA256\"," + " \"digest\":\"1f825aa2f0020ef7cf91dfa30da4668d791c5d4824fc8e41354b89ec05795ab3\"" + " }," + " {"
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/fapi-quote.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/fapi-quote.int.c
Changed
@@ -167,6 +167,41 @@ " {" " \"hashAlg\":\"SHA512\"," " \"digest\":\"0f89ee1fcb7b0a4f7809d1267a029719004c5a5e5ec323a7c3523a20974f9a3f202f56fadba4cd9e8d654ab9f2e96dc5c795ea176fa20ede8d854c342f903533\"" + " }," + " {" + " \"hashAlg\":\"SM3_256\"," + " \"digest\":\"24c898bdb4d258f9bebb2e820d4ed478a7c013b37bd9e5006515730c18a70416\"" + " }" + " ," + " \"type\":\"tss2\"," + " \"sub_event\":{" + " \"data\":\"00010203040506070809\"," + " \"event\":{" + " \"test\":\"myfile\"" + " }" + " }" + " }" + "", + "" + " {" + " \"recnum\":1," + " \"pcr\":16," + " \"digests\":" + " {" + " \"hashAlg\":\"SHA1\"," + " \"digest\":\"494179714a6cd627239dfededf2de9ef994caf03\"" + " }," + " {" + " \"hashAlg\":\"SHA256\"," + " \"digest\":\"1f825aa2f0020ef7cf91dfa30da4668d791c5d4824fc8e41354b89ec05795ab3\"" + " }," + " {" + " \"hashAlg\":\"SHA384\"," + " \"digest\":\"182e95266adff49059e706c61483478fe0688150c8d08b95fab5cfde961f12d903aaf44104af4ce72ba6a4bf20302b2e\"" + " }," + " {" + " \"hashAlg\":\"SHA512\"," + " \"digest\":\"0f89ee1fcb7b0a4f7809d1267a029719004c5a5e5ec323a7c3523a20974f9a3f202f56fadba4cd9e8d654ab9f2e96dc5c795ea176fa20ede8d854c342f903533\"" " }" " ," " \"type\":\"tss2\"," @@ -270,6 +305,17 @@ ASSERT(cmp_strtokens(pathlist, check_pathlist, ":")); LOG_INFO("\nPathlist: %s\n", check_pathlist); + /* Invalidate qualifying data */ + qualifyingData0 = 0; + + r = Fapi_VerifyQuote(context, "HS/SRK/mySignKey", + qualifyingData, 20, quoteInfo, + signature, signatureSize, log); + if (r == TPM2_RC_SUCCESS) { + LOG_ERROR("Invalid qualifying data was not detected."); + goto error; + } + r = Fapi_Delete(context, "/"); goto_if_error(r, "Error Fapi_Delete", error);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-asymmetric-encrypt-decrypt.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-asymmetric-encrypt-decrypt.int.c
Changed
@@ -56,7 +56,7 @@ TSS2L_SYS_AUTH_RESPONSE sessions_data_out; TSS2L_SYS_AUTH_COMMAND sessions_data = { .count = 1, - .auths = {{.sessionHandle = TPM2_RS_PW, + .auths = {{.sessionHandle = TPM2_RH_PW, .nonce={.size=0}, .hmac={.size=0}}}};
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-create-keyedhash-sha1-hmac.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-create-keyedhash-sha1-hmac.int.c
Changed
@@ -37,7 +37,7 @@ /* session parameters */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-create-loaded.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-create-loaded.int.c
Changed
@@ -32,7 +32,7 @@ TPM2B_NAME qualified_name = TPM2B_NAME_INIT; TPM2_HANDLE object_handle = 0; TSS2L_SYS_AUTH_COMMAND auth_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; TSS2L_SYS_AUTH_RESPONSE auth_rsp = {
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-evict-ctrl.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-evict-ctrl.int.c
Changed
@@ -23,7 +23,7 @@ /* session parameters */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-hierarchy-change-auth.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-hierarchy-change-auth.int.c
Changed
@@ -31,7 +31,7 @@ TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, - .auths = {{.sessionHandle = TPM2_RS_PW, + .auths = {{.sessionHandle = TPM2_RH_PW, .sessionAttributes = 0x00, .nonce={.size=0}, .hmac={.size=0}}}}; @@ -129,7 +129,7 @@ TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, - .auths = {{.sessionHandle = TPM2_RS_PW, + .auths = {{.sessionHandle = TPM2_RH_PW, .sessionAttributes = 0x00, .nonce={.size=0}, .hmac={.size=0}}}};
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-hmac-auth.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-hmac-auth.int.c
Changed
@@ -126,7 +126,7 @@ .size = 1, .buffer = { 0xa5, }, }, - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = TPMA_SESSION_CONTINUESESSION, } } @@ -135,7 +135,7 @@ .count = 1, .auths = { { - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, }, }, };
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-nv-policy-locality.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-nv-policy-locality.int.c
Changed
@@ -104,7 +104,7 @@ .count = 1, .auths= { { - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, } } }; @@ -144,7 +144,7 @@ .count = 1, .auths = { { - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, }, }, }; @@ -217,6 +217,9 @@ { LOG_INFO ("%s: writing NV from locality %" PRIu8, __func__, locality); rc = Tss2_Tcti_SetLocality (tcti_ctx, locality); + if (rc == TSS2_TCTI_RC_NOT_IMPLEMENTED) { + return 77; + } return_if_error (rc, "Tss2_Tcti_SetLocality"); rc = nv_write (sys_ctx); @@ -258,7 +261,7 @@ .count = 1, .auths = { { - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, }, }, };
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-nv-readwrite.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-nv-readwrite.int.c
Changed
@@ -31,7 +31,7 @@ .count = 1, .auths = { { - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, }, }, };
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-param-encrypt-decrypt.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-param-encrypt-decrypt.int.c
Changed
@@ -42,7 +42,7 @@ TPM2B_NONCE nonce_caller; TPMT_SYM_DEF symmetric; TSS2L_SYS_AUTH_COMMAND req_auth = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; TSS2L_SYS_AUTH_RESPONSE resp_auth = { @@ -104,7 +104,7 @@ req_auth.count = 2; /* Set up auth session structure */ - req_auth.auths0.sessionHandle = TPM2_RS_PW; + req_auth.auths0.sessionHandle = TPM2_RH_PW; req_auth.auths0.nonce.size = 0; req_auth.auths0.sessionAttributes = 0; req_auth.auths0.hmac.size = nv_auth.size; @@ -275,7 +275,7 @@ clean: req_auth.count = 1; - req_auth.auths0.sessionHandle = TPM2_RS_PW; + req_auth.auths0.sessionHandle = TPM2_RH_PW; rc2 = Tss2_Sys_NV_UndefineSpace(sys_context, TPM2_RH_OWNER, nv_index, &req_auth, 0);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-pcr-extension.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-pcr-extension.int.c
Changed
@@ -45,7 +45,7 @@ TSS2L_SYS_AUTH_COMMAND sessions_data = { .count = 1, - .auths = {{.sessionHandle = TPM2_RS_PW, + .auths = {{.sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0}}}};
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-policy-authorizeNV.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-policy-authorizeNV.int.c
Changed
@@ -34,7 +34,7 @@ TSS2L_SYS_AUTH_COMMAND cmd_auth = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, }}, }; TSS2L_SYS_AUTH_RESPONSE rsp_auth = { 0 }; @@ -90,7 +90,7 @@ nv_public.nvPublic.authPolicy.size = 0; nv_public.nvPublic.dataSize = sizeof(TPMT_HA); cmd_auth.count = 1; - cmd_auth.auths0.sessionHandle = TPM2_RS_PW; + cmd_auth.auths0.sessionHandle = TPM2_RH_PW; cmd_auth.auths0.hmac.size = 0; LOG_INFO("Calling NV_DefineSpace"); @@ -185,7 +185,7 @@ public_template.size = offset; memcpy(public_template.buffer, public_buf, offset); cmd_auth.count = 1; - cmd_auth.auths0.sessionHandle = TPM2_RS_PW; + cmd_auth.auths0.sessionHandle = TPM2_RH_PW; cmd_auth.auths0.hmac.size = TPM2_SHA256_DIGEST_SIZE; /* Create a symmetric encryption key using the password session */ @@ -217,7 +217,7 @@ } /* Call encrypt using the key object using the password session */ - LOG_INFO("Calling EncryptDecrypt using password session 0x%x", TPM2_RS_PW); + LOG_INFO("Calling EncryptDecrypt using password session 0x%x", TPM2_RH_PW); LOGBLOB_DEBUG(data_in.buffer, 32, "%s", "First 32 bytes of plain text:"); rc = TSS2_RETRY_EXP(Tss2_Sys_EncryptDecrypt (sys_context, object_handle, @@ -285,7 +285,7 @@ } LOG_INFO("EncryptDecrypt success!"); - cmd_auth.auths0.sessionHandle = TPM2_RS_PW; + cmd_auth.auths0.sessionHandle = TPM2_RH_PW; cmd_auth.auths0.hmac.size = 0; /* Kill the NV index - this should invalidate the policy */
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-policy-template.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-policy-template.int.c
Changed
@@ -148,7 +148,7 @@ LOGBLOB_DEBUG(policy_digest.buffer, policy_digest.size, "%s", "policy digest:"); cmd_auth.count = 1; - cmd_auth.auths0.sessionHandle = TPM2_RS_PW; + cmd_auth.auths0.sessionHandle = TPM2_RH_PW; cmd_auth.auths0.nonce.size = 0; cmd_auth.auths0.hmac.size = 0;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-util.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-util.c
Changed
@@ -13,10 +13,13 @@ #include <string.h> #include <assert.h> +#include <openssl/evp.h> #include <openssl/sha.h> +#if OPENSSL_VERSION_NUMBER < 0x30000000L #include <openssl/hmac.h> -#include <openssl/evp.h> -#include <openssl/opensslv.h> +#else +#include <openssl/core_names.h> +#endif #define LOGMODULE testintegration #include "util/log.h" @@ -45,7 +48,7 @@ /* session parameters */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */ @@ -133,7 +136,7 @@ /* session parameters */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */ @@ -204,7 +207,7 @@ /* session parameters */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */ @@ -257,7 +260,7 @@ /* command session info */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */ @@ -314,7 +317,7 @@ /* command session info */ /* command session info */ TSS2L_SYS_AUTH_COMMAND sessions_cmd = { - .auths = {{ .sessionHandle = TPM2_RS_PW }}, + .auths = {{ .sessionHandle = TPM2_RH_PW }}, .count = 1 }; /* response session info */ @@ -451,6 +454,29 @@ return encrypt_decrypt_cfb(data_out, data_in, NO, key, iv); } +#if HAVE_EVP_SM3 && !defined(OPENSSL_NO_SM3) +static unsigned char *SM3(const unsigned char *d, size_t n, unsigned char *md) +{ + EVP_MD_CTX *ctx; + static unsigned char mTPM2_SM3_256_DIGEST_SIZE = { 0 }; + uint32_t mdLen = TPM2_SM3_256_DIGEST_SIZE; + + if (md == NULL) { + md = m; + } + ctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(ctx, EVP_sm3(), NULL); + EVP_DigestUpdate(ctx, d, n); + EVP_DigestFinal_ex(ctx, md, &mdLen); + if (mdLen != TPM2_SM3_256_DIGEST_SIZE) { + EVP_MD_CTX_free(ctx); + return NULL; + } + EVP_MD_CTX_free(ctx); + return md; +} +#endif + TSS2_RC hash ( TPM2_ALG_ID alg, @@ -475,6 +501,12 @@ SHA512(data, size, out->buffer); out->size = TPM2_SHA512_DIGEST_SIZE; break; +#if HAVE_EVP_SM3 && !defined(OPENSSL_NO_SM3) + case TPM2_ALG_SM3_256: + SM3(data, size, out->buffer); + out->size = TPM2_SM3_256_DIGEST_SIZE; + break; +#endif default: return TSS2_SYS_RC_BAD_VALUE; } @@ -489,22 +521,18 @@ TPM2B_DIGEST **buffer_list, TPM2B_DIGEST *out) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - HMAC_CTX *ctx; -#else - HMAC_CTX _ctx; - HMAC_CTX *ctx = &_ctx; -#endif - EVP_MD *evp; int rc = 1, i; - unsigned int *buf = NULL, size; + unsigned int *buf = NULL; uint8_t *buf_ptr; + EVP_MD *evp; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - /* HMAC_CTX_new and HMAC_CTX_free are new in openSSL 1.1.0 */ - ctx = HMAC_CTX_new(); +#if OPENSSL_VERSION_NUMBER < 0x30000000L + unsigned int size; + HMAC_CTX *ctx = HMAC_CTX_new(); #else - HMAC_CTX_init(ctx); + size_t size; + EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); + EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(hmac); #endif if (!ctx) @@ -527,6 +555,12 @@ evp = (EVP_MD *) EVP_sha512(); out->size = TPM2_SHA512_DIGEST_SIZE; break; +#if HAVE_EVP_SM3 && !defined(OPENSSL_NO_SM3) + case TPM2_ALG_SM3_256: + evp = (EVP_MD *) EVP_sm3(); + out->size = TPM2_SM3_256_DIGEST_SIZE; + break; +#endif default: rc = TSS2_SYS_RC_BAD_VALUE; goto out; @@ -538,21 +572,33 @@ buf_ptr = (uint8_t *)buf; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x30000000L rc = HMAC_Init_ex(ctx, key, key_len, evp, NULL); #else - rc = HMAC_Init(ctx, key, key_len, evp); -#endif + OSSL_PARAM params2; + params0 = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, + (char *)EVP_MD_get0_name(evp), 0); + params1 = OSSL_PARAM_construct_end(); + rc = EVP_MAC_init(ctx, key, key_len, params); +#endif if (rc != 1) goto out; for (i = 0; buffer_listi != 0; i++) { +#if OPENSSL_VERSION_NUMBER < 0x30000000L rc = HMAC_Update(ctx, buffer_listi->buffer, buffer_listi->size); +#else + rc = EVP_MAC_update(ctx, buffer_listi->buffer, buffer_listi->size); +#endif if (rc != 1) goto out; } /* buf_ptr has to be 4 bytes alligned for whatever reason */ +#if OPENSSL_VERSION_NUMBER < 0x30000000L rc = HMAC_Final(ctx, buf_ptr, &size); +#else + rc = EVP_MAC_final(ctx, buf_ptr, &size, out->size); +#endif if (rc != 1) goto out; @@ -561,10 +607,11 @@ memcpy(out->buffer, buf, out->size); out: -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x30000000L HMAC_CTX_free(ctx); #else - HMAC_CTX_cleanup(ctx); + EVP_MAC_CTX_free(ctx); + EVP_MAC_free(hmac); #endif if (buf) @@ -681,7 +728,7 @@
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/sys-util.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/sys-util.h
Changed
@@ -160,7 +160,7 @@ /* * This is a helper function for digest calculation. - * alg can be TPM2_ALG_SHA1, TPM2_ALG_SHA256, TPM2_ALG_SHA384, + * alg can be TPM2_ALG_SHA1, TPM2_ALG_SHA256, TPM2_ALG_SHA384, TPM2_ALG_SM3_256, * and TPM2_ALG_SHA512 */ TSS2_RC @@ -172,7 +172,7 @@ /* * This is a helper function for calculating HMAC. - * alg can be TPM2_ALG_SHA1, TPM2_ALG_SHA256, TPM2_ALG_SHA384, + * alg can be TPM2_ALG_SHA1, TPM2_ALG_SHA256, TPM2_ALG_SHA384, TPM2_ALG_SM3_256, * and TPM2_ALG_SHA512 */ TSS2_RC
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/integration/test-fapi.h -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/integration/test-fapi.h
Changed
@@ -113,7 +113,6 @@ } \ if (i >= n) { \ json_object_put(jso1); \ - json_object_put(jso2); \ LOG_ERROR("Mismatch" ); \ goto LABEL; \ } \
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/tpmclient/tpmclient.int.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/tpmclient/tpmclient.int.c
Changed
@@ -184,7 +184,7 @@ TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0}}}}; @@ -311,7 +311,7 @@ TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TSS2L_SYS_AUTH_COMMAND sessionsDataIn = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce=nonce, .hmac=hmac}}}; @@ -452,7 +452,7 @@ UINT32 rval; TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -470,7 +470,7 @@ TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -488,7 +488,7 @@ int i; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -561,7 +561,7 @@ TSS2_TCTI_CONTEXT *tctiContext; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -677,7 +677,7 @@ TPM2B_NAME nvName; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -815,7 +815,7 @@ TPM2B_MAX_NV_BUFFER nvData; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -1036,7 +1036,7 @@ CheckFailed( rval, TPM2_RC_POLICY_FAIL + TPM2_RC_S + TPM2_RC_1 ); /* Delete NV index */ - sessionsData.auths0.sessionHandle = TPM2_RS_PW; + sessionsData.auths0.sessionHandle = TPM2_RH_PW; sessionsData.auths0.nonce.size = 0; sessionsData.auths0.nonce.buffer0 = 0xa5; sessionsData.auths0.hmac.size = 0; @@ -1087,7 +1087,7 @@ TPM2B_PRIVATE outPrivate; TSS2L_SYS_AUTH_COMMAND cmdAuthArray = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = {.size = 0}, .hmac = {.size = 0}}}}; @@ -1125,7 +1125,7 @@ &creationTicket, &srkName, 0 ); CheckPassed( rval ); - cmdAuthArray.auths0.sessionHandle = TPM2_RS_PW; + cmdAuthArray.auths0.sessionHandle = TPM2_RH_PW; inSensitive.sensitive.userAuth.size = 0; blobAuth.size = sizeof( passwordPCRTestPassword ); @@ -1378,7 +1378,7 @@ rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM2_ALG_SHA1, &sequenceHandle0, 0 ); CheckPassed( rval ); - sessionsData.auths0.sessionHandle = TPM2_RS_PW; + sessionsData.auths0.sessionHandle = TPM2_RH_PW; sessionsData.auths0.nonce.size = 0; sessionsData.auths0.hmac = auth; sessionsData.auths0.sessionAttributes = 0; @@ -1415,7 +1415,7 @@ TPMT_SIGNATURE signature; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce = { .size = 0 }, .hmac = { .size = 0, .buffer={0x00} }, @@ -1477,7 +1477,7 @@ UINT32 sizeAvailable; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0}}}}; @@ -1523,7 +1523,7 @@ TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0, .buffer={0x00}} @@ -1622,7 +1622,7 @@ TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0}}}}; @@ -1663,7 +1663,7 @@ /* Authorization array for command (only has one auth structure). */ TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{ - .sessionHandle = TPM2_RS_PW, + .sessionHandle = TPM2_RH_PW, .sessionAttributes = 0, .nonce={.size=0}, .hmac={.size=0}}}}; @@ -1970,7 +1970,7 @@ TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{ - .sessionHandle = TPM2_RS_PW }}}; + .sessionHandle = TPM2_RH_PW }}}; TPM2B_MAX_NV_BUFFER nvReadData; const uint8_t *cpBuffer; @@ -2163,7 +2163,7 @@ return 1; } - nullSessionsData.auths0.sessionHandle = TPM2_RS_PW; + nullSessionsData.auths0.sessionHandle = TPM2_RH_PW; nullSessionsDataOut.count = 1; nullSessionsDataOut.auths0.nonce = nullSessionNonceOut; nullSessionsDataOut.auths0.hmac = nullSessionHmac;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/TPM2B-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/TPM2B-marshal.c
Changed
@@ -326,7 +326,7 @@ void tpm2b_unmarshal_dest_null (void **state) { - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; TSS2_RC rc; rc = Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, sizeof (buffer), NULL, NULL);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/TPMS-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/TPMS-marshal.c
Changed
@@ -317,7 +317,7 @@ { TPMS_ALG_PROPERTY alg = {0}; TPMS_CAPABILITY_DATA cap = {0}; - uint8_t buffersizeof(alg) + sizeof(cap) + 1 = { 0 }; + uint8_t buffersizeof(alg) + sizeof(cap) + 3 = { 0 }; TPMS_ALG_PROPERTY *ptr; TPMS_CAPABILITY_DATA *ptr2; size_t offset = 3;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/TPMU-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/TPMU-marshal.c
Changed
@@ -371,8 +371,8 @@ TPMU_NAME name = {0}; TPMT_HA ha = {0}; uint8_t buf256 = {0}; - TPM2_HANDLE hdl = TPM2_RS_PW; - TPM2_HANDLE hdl_expected = HOST_TO_BE_32(TPM2_RS_PW); + TPM2_HANDLE hdl = TPM2_RH_PW; + TPM2_HANDLE hdl_expected = HOST_TO_BE_32(TPM2_RH_PW); TPM2_ALG_ID id_expected = HOST_TO_BE_16(TPM2_ALG_SHA1); size_t size = sizeof(hdl), offset = 0; const char digest = {0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x01, 0x02,
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/UINT16-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/UINT16-marshal.c
Changed
@@ -171,7 +171,7 @@ void UINT16_unmarshal_dest_null (void **state) { - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; TSS2_RC rc; rc = Tss2_MU_UINT16_Unmarshal (buffer, sizeof (buffer), NULL, NULL); @@ -186,7 +186,7 @@ UINT16_unmarshal_buffer_size_lt_offset (void **state) { UINT16 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer) + 1; TSS2_RC rc; @@ -204,7 +204,7 @@ UINT16_unmarshal_buffer_size_lt_dest (void **state) { UINT16 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer); TSS2_RC rc;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/UINT32-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/UINT32-marshal.c
Changed
@@ -172,7 +172,7 @@ void UINT32_unmarshal_dest_null (void **state) { - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; TSS2_RC rc; rc = Tss2_MU_UINT32_Unmarshal (buffer, sizeof (buffer), NULL, NULL); @@ -187,7 +187,7 @@ UINT32_unmarshal_buffer_size_lt_offset (void **state) { UINT32 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer) + 1; TSS2_RC rc; @@ -205,7 +205,7 @@ UINT32_unmarshal_buffer_size_lt_dest (void **state) { UINT32 dest = 0; - uint8_t buffer 3; + uint8_t buffer 3 = { 0 }; size_t offset = sizeof (buffer); TSS2_RC rc;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/UINT64-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/UINT64-marshal.c
Changed
@@ -172,7 +172,7 @@ void UINT64_unmarshal_dest_null (void **state) { - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; TSS2_RC rc; rc = Tss2_MU_UINT64_Unmarshal (buffer, sizeof (buffer), NULL, NULL); @@ -187,7 +187,7 @@ UINT64_unmarshal_buffer_size_lt_offset (void **state) { UINT64 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer) + 1; TSS2_RC rc; @@ -205,7 +205,7 @@ UINT64_unmarshal_buffer_size_lt_dest (void **state) { UINT64 dest = 0; - uint8_t buffer 3; + uint8_t buffer 3 = { 0 }; size_t offset = sizeof (buffer); TSS2_RC rc;
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/UINT8-marshal.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/UINT8-marshal.c
Changed
@@ -167,7 +167,7 @@ void UINT8_unmarshal_dest_null (void **state) { - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; TSS2_RC rc; rc = Tss2_MU_UINT8_Unmarshal (buffer, sizeof (buffer), NULL, NULL); @@ -181,7 +181,7 @@ void UINT8_unmarshal_dest_null_offset_valid (void **state) { - uint8_t buffer 2; + uint8_t buffer 2 = { 0 }; size_t offset = 1; TSS2_RC rc; @@ -199,7 +199,7 @@ UINT8_unmarshal_buffer_size_lt_offset (void **state) { UINT8 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer) + 1; TSS2_RC rc; @@ -217,7 +217,7 @@ UINT8_unmarshal_buffer_size_lt_dest (void **state) { UINT8 dest = 0; - uint8_t buffer 1; + uint8_t buffer 1 = { 0 }; size_t offset = sizeof (buffer); TSS2_RC rc;
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/dlopen-fail.c
Added
@@ -0,0 +1,130 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <setjmp.h> +#include <cmocka.h> + +#include <dlfcn.h> + +#include "tss2_tctildr.h" +#include "tss2_rc.h" +#include "tss2_mu.h" +#include "tss2_esys.h" +#include "tss2_fapi.h" + + +#define DLOPEN_HANDLE ((void *)0xaaffffee) + +void *__wrap_dlopen(const char *filename, int flags) +{ + return mock_type (void *); +} + +void *__wrap_dlsym(void *handle, const char *symbol) +{ + if (handle != DLOPEN_HANDLE) { + fprintf(stderr, "dlsym called with weird handle %p\n", handle); + exit(99); + } + return mock_type (void *); +} + +static void test_tctildr(void **state) +{ + TSS2_RC r; + + will_return(__wrap_dlopen, NULL); + r = Tss2_TctiLdr_Initialize_Ex(NULL, NULL, NULL); + assert_int_equal(r, TSS2_TCTI_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_TctiLdr_Initialize(NULL, NULL); + assert_int_equal(r, TSS2_TCTI_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_TctiLdr_GetInfo(NULL, NULL); + assert_int_equal(r, TSS2_TCTI_RC_NOT_IMPLEMENTED); +} + +static void test_mu(void **state) +{ + TSS2_RC r; + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_UINT8_Marshal(0, NULL, 0, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_UINT8_Unmarshal(NULL, 0, NULL, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_TPM2B_DIGEST_Marshal(NULL, NULL, 0, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_TPM2B_DIGEST_Unmarshal(NULL, 0, NULL, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_TPMU_HA_Marshal(NULL, 0, NULL, 0, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Tss2_MU_TPMU_HA_Unmarshal(NULL, 0, NULL, 0, NULL); + assert_int_equal(r, TSS2_BASE_RC_NOT_IMPLEMENTED); +} + +static void test_rc(void **state) +{ + const char *r; + TSS2_RC_HANDLER h; + + will_return(__wrap_dlopen, NULL); + r = Tss2_RC_Decode(0); + assert_string_equal(r, "libtss2-rc.so.0 not found."); + + will_return(__wrap_dlopen, NULL); + h = Tss2_RC_SetHandler(0, NULL, NULL); + assert_null(h); +} + +static void test_esys(void **state) +{ + TSS2_RC r; + + will_return(__wrap_dlopen, NULL); + r = Esys_Initialize(NULL, NULL, NULL); + assert_int_equal(r, TSS2_ESYS_RC_NOT_IMPLEMENTED); +} + +static void test_fapi(void **state) +{ + TSS2_RC r; + + will_return(__wrap_dlopen, NULL); + r = Fapi_Initialize(NULL, NULL); + assert_int_equal(r, TSS2_FAPI_RC_NOT_IMPLEMENTED); + + will_return(__wrap_dlopen, NULL); + r = Fapi_Initialize_Async(NULL, NULL); + assert_int_equal(r, TSS2_FAPI_RC_NOT_IMPLEMENTED); +} + +int main(void) { + const struct CMUnitTest tests = { + cmocka_unit_test (test_tctildr), + cmocka_unit_test (test_rc), + cmocka_unit_test (test_mu), + cmocka_unit_test (test_esys), + cmocka_unit_test (test_fapi) + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +}
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/fapi-get-intl-cert.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/fapi-get-intl-cert.c
Changed
@@ -15,7 +15,7 @@ #include <stdio.h> #include <json-c/json_util.h> #include <json-c/json_tokener.h> -#include <openssl/sha.h> +#include <openssl/evp.h> #include <setjmp.h> #include <cmocka.h> @@ -124,7 +124,7 @@ size_t *buffer_size) { UNUSED(url); - *buffer = (unsigned char *)strdup(mock_json_cert); ; + *buffer = (unsigned char *)strdup(mock_json_cert); *buffer_size = strlen(mock_json_cert) + 1; return 0; } @@ -132,22 +132,22 @@ /* * Wrapper function for updating the hash of EK public data. */ -size_t wrap_SHA256_update_test = 0; +size_t wrap_EVP_DigestUpdate_test = 0; int -__real_SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +__real_EVP_DigestUpdate(EVP_MD_CTX *c, const void *data, size_t len); int -__wrap_SHA256_Update(SHA256_CTX *c, const void *data, size_t len) +__wrap_EVP_DigestUpdate(EVP_MD_CTX *c, const void *data, size_t len) { - if (!wrap_SHA256_update_test) { - return __real_SHA256_Update(c, data, len); - } else if (wrap_SHA256_update_test == 1) { - wrap_SHA256_update_test = 0; + if (!wrap_EVP_DigestUpdate_test) { + return __real_EVP_DigestUpdate(c, data, len); + } else if (wrap_EVP_DigestUpdate_test == 1) { + wrap_EVP_DigestUpdate_test = 0; return mock_type(int); } else { - wrap_SHA256_update_test--; - return __real_SHA256_Update(c, data, len); + wrap_EVP_DigestUpdate_test--; + return __real_EVP_DigestUpdate(c, data, len); } } @@ -213,21 +213,21 @@ unsigned char *cert_buf = NULL; size_t cert_size; TSS2_RC r; - will_return_always(__wrap_SHA256_Update, 0); + will_return_always(__wrap_EVP_DigestUpdate, 0); mock_json_cert = valid_json_cert; - wrap_SHA256_update_test = 1; + wrap_EVP_DigestUpdate_test = 1; r = ifapi_get_intl_ek_certificate(ctx, &eccPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 1; + wrap_EVP_DigestUpdate_test = 1; r = ifapi_get_intl_ek_certificate(ctx, &rsaPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 2; + wrap_EVP_DigestUpdate_test = 2; r = ifapi_get_intl_ek_certificate(ctx, &eccPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 2; + wrap_EVP_DigestUpdate_test = 2; r = ifapi_get_intl_ek_certificate(ctx, &rsaPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/fapi-helpers.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/fapi-helpers.c
Changed
@@ -272,8 +272,9 @@ TSS2_RC r; public.nameAlg = TPM2_ALG_SHA256; + public.authPolicy.size = 0xFFFF; r = ifapi_get_name(&public, &name); - assert_int_equal(r, TSS2_MU_RC_BAD_VALUE); + assert_int_equal(r, TSS2_MU_RC_INSUFFICIENT_BUFFER); wrap_activate_crypto_hash_update = true; will_return(__wrap_ifapi_crypto_hash_update, TSS2_FAPI_RC_GENERAL_FAILURE);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/fapi-io.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/fapi-io.c
Changed
@@ -38,7 +38,9 @@ bool wrap_fcntl_test = false; bool wrap_malloc_test = false; bool wrap_read_test = false; -FILE mock_stream; /**< stream will be used to activate wrapper.*/ +char _mock_stream; /**< stream will be used to activate wrapper.*/ + +#define MOCK_STREAM ((FILE *)(&_mock_stream)) /* * Wrapper functions for file system io. @@ -69,21 +71,12 @@ } int -__real_lockf(int fd, int cmd, off_t len, ...); -int -__wrap_lockf(int fd, int cmd, off_t len, ...) -{ - errno = EAGAIN; - return mock_type(int); -} - -int __real_fclose(FILE *stream, ...); int __wrap_fclose(FILE *stream, ...) { - if (stream != &mock_stream) { + if (stream != MOCK_STREAM) { return __real_fclose(stream); } return mock_type(int); @@ -95,7 +88,7 @@ int __wrap_fseek(FILE *stream, long offset, int whence, ...) { - if (stream != &mock_stream) { + if (stream != MOCK_STREAM) { return __real_fseek(stream, offset, whence); } return mock_type(int); @@ -107,7 +100,7 @@ long __wrap_ftell(FILE *stream, ...) { - if (stream != &mock_stream) { + if (stream != MOCK_STREAM) { return __real_ftell(stream); } return mock_type(int); @@ -144,7 +137,7 @@ int __wrap_fileno(FILE *stream, ...) { - if (stream != &mock_stream) { + if (stream != MOCK_STREAM) { return __real_fileno(stream); } return 1; @@ -187,17 +180,18 @@ r = ifapi_io_read_async(&io, "tss_unit_dummyf"); assert_int_equal(r, TSS2_FAPI_RC_IO_ERROR); - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_lockf, -1); + wrap_fcntl_test = true; + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fcntl, -1); will_return_always(__wrap_fclose, 0); errno = EAGAIN; io.char_buffer = NULL; r = ifapi_io_read_async(&io, "tss_unit_dummyf"); assert_int_equal(r, TSS2_FAPI_RC_IO_ERROR); - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_lockf, 0); + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fcntl, 0); will_return(__wrap_fseek, 0); will_return(__wrap_ftell, 1); will_return(__wrap_malloc, NULL); @@ -210,9 +204,9 @@ wrap_malloc_test = false; - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_lockf, 0); + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fcntl, 0); will_return(__wrap_fseek, 0); will_return(__wrap_ftell, 1); will_return(__wrap_fcntl, 0); @@ -220,7 +214,6 @@ errno = 0; io.char_buffer = NULL; - wrap_fcntl_test = true; r = ifapi_io_read_async(&io, "tss_unit_dummyf"); assert_int_equal(r, TSS2_FAPI_RC_IO_ERROR); wrap_fcntl_test = false; @@ -245,7 +238,7 @@ will_return_always(__wrap_fclose, 0); io.char_buffer = &io_char_buffer0; io.buffer_length = 10; - io.stream = &mock_stream; + io.stream = MOCK_STREAM; errno = EAGAIN; r = ifapi_io_read_finish(&io, &buffer0, &count); assert_int_equal(r, TSS2_FAPI_RC_TRY_AGAIN); @@ -306,17 +299,17 @@ r = ifapi_io_write_async(&io, "tss_unit_dummyf", &buffer0, 5); assert_int_equal(r, TSS2_FAPI_RC_IO_ERROR); - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_lockf, -1); + wrap_fcntl_test = true; + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fcntl, -1); errno = EAGAIN; r = ifapi_io_write_async(&io, "tss_unit_dummyf", &buffer0, 5); assert_int_equal(r, TSS2_FAPI_RC_IO_ERROR); io.char_rbuffer = NULL; - will_return(__wrap_fopen, &mock_stream); - will_return(__wrap_lockf, 0); - wrap_fcntl_test = true; + will_return(__wrap_fopen, MOCK_STREAM); + will_return(__wrap_fcntl, 0); will_return(__wrap_fcntl, 0); will_return(__wrap_fcntl, -1); errno = 0; @@ -354,7 +347,7 @@ will_return_always(__wrap_fclose, 0); wrap_write_test = true; - io.stream = &mock_stream; + io.stream = MOCK_STREAM; will_return(__wrap_write, -1); errno = EAGAIN; r = ifapi_io_write_finish(&io);
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/fapi-json.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/fapi-json.c
Changed
@@ -31,36 +31,6 @@ #define LOGMODULE tests #include "util/log.h" -/* 4 copies from ifapi_helpers.c */ - -void -ifapi_check_json_object_fields( - json_object *jso, - char** field_tab, - size_t size_of_tab) -{ - enum json_type type; - bool found; - size_t i; - - type = json_object_get_type(jso); - if (type == json_type_object) { - json_object_object_foreach(jso, key, val) { - UNUSED(val); - found = false; - for (i = 0; i < size_of_tab; i++) { - if (strcmp(key, field_tabi) == 0) { - found = true; - break; - } - } - if (!found) { - LOG_WARNING("Invalid field: %s", key); - } - } - } -} - static void cleanup_policy_element(TPMT_POLICYELEMENT *policy) { @@ -1116,6 +1086,44 @@ "}"; CHECK_JSON(TPMT_KEYEDHASH_SCHEME, test_json_TPMT_KEYEDHASH_SCHEME_xor_src, test_json_TPMT_KEYEDHASH_SCHEME_xor_expt); + const char *test_json_TPMS_TAGGED_POLICY_sha256_src = + "{\n" + " \"handle\":0," + " \"policyHash\": {\n" + " \"hashAlg\":\"SHA256\",\n" + " \"digest\":\"59215cb6c21a60e26b2cc479334a021113611903795507c1227659e2aef23d16\"\n" + " }\n" + "}"; + + const char *test_json_TPMS_TAGGED_POLICY_sha256_expt = + "{\n" + " \"handle\":0," + " \"policyHash\": {\n" + " \"hashAlg\":\"SHA256\",\n" + " \"digest\":\"59215cb6c21a60e26b2cc479334a021113611903795507c1227659e2aef23d16\"\n" + " }\n" + "}"; + CHECK_JSON(TPMS_TAGGED_POLICY, test_json_TPMS_TAGGED_POLICY_sha256_src, test_json_TPMS_TAGGED_POLICY_sha256_expt); + + const char *test_json_TPMS_ACT_DATA_src = + "{" + " \"handle\":0," + " \"timeout\":23," + " \"attributes\":" + " \"signaled\"" + " ," + "}"; + + const char *test_json_TPMS_ACT_DATA_expt = + "{\n" + " \"handle\":0,\n" + " \"timeout\":23,\n" + " \"attributes\":{" + " \"signaled\":1," + " \"preserveSignaled\":0" + " }" + "}"; + CHECK_JSON(TPMS_ACT_DATA, test_json_TPMS_ACT_DATA_src, test_json_TPMS_ACT_DATA_expt); } static void @@ -1164,6 +1172,36 @@ "\"0\"", "{\"fixedTPM\":0,\"stClear\":0,\"fixedParent\":0,\"sensitiveDataOrigin\":0,\"userWithAuth\":0," "\"adminWithPolicy\":0,\"noDA\":0,\"encryptedDuplication\":0,\"restricted\":0,\"decrypt\":0,\"sign\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "\"0\"", + "{\"signaled\":0,\"preserveSignaled\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "0", + "{\"signaled\":0,\"preserveSignaled\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "\"1\"", + "{\"signaled\":1,\"preserveSignaled\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "1", + "{\"signaled\":1,\"preserveSignaled\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "\"2\"", + "{\"signaled\":0,\"preserveSignaled\":1}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "2", + "{\"signaled\":0,\"preserveSignaled\":1}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "\"3\"", + "{\"signaled\":1,\"preserveSignaled\":1}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "3", + "{\"signaled\":1,\"preserveSignaled\":1}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "{\"signaled\":1,\"preserveSignaled\":0}", + "{\"signaled\":1,\"preserveSignaled\":0}"); + CHECK_JSON_SIMPLE(TPMA_ACT, + "{\"signaled\":0,\"preserveSignaled\":1}", + "{\"signaled\":0,\"preserveSignaled\":1}"); const char *test_json_TPMA_NV_expected =\ "{" @@ -2260,6 +2298,12 @@ } } +static void +check_invalid_json(void **state) { + json_object *jso = ifapi_parse_json("{\n \"field\", \"value\""); + assert_null(jso); +} + int main(int argc, char *argv) { @@ -2275,6 +2319,7 @@ cmocka_unit_test(check_policy_bin), cmocka_unit_test(check_error), cmocka_unit_test(check_json_policy), + cmocka_unit_test(check_invalid_json), }; return cmocka_run_group_tests(tests, NULL, NULL); }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/io.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/io.c
Changed
@@ -118,13 +118,16 @@ { TSS2_RC rc; SOCKET sock; + int ctrl; - will_return (__wrap_socket, 0); - will_return (__wrap_socket, 1); - will_return (__wrap_connect, 0); - will_return (__wrap_connect, 1); - rc = socket_connect ("127.0.0.1", 666, &sock); - assert_int_equal (rc, TSS2_RC_SUCCESS); + for (ctrl = 0; ctrl < 2; ctrl++) { + will_return (__wrap_socket, 0); + will_return (__wrap_socket, 1); + will_return (__wrap_connect, 0); + will_return (__wrap_connect, 1); + rc = socket_connect ("127.0.0.1", 666, ctrl, &sock); + assert_int_equal (rc, TSS2_RC_SUCCESS); + } } static void socket_connect_socket_fail_test (void **state) @@ -134,7 +137,7 @@ will_return (__wrap_socket, EINVAL); will_return (__wrap_socket, -1); - rc = socket_connect ("127.0.0.1", 555, &sock); + rc = socket_connect ("127.0.0.1", 555, 0, &sock); assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); } static void @@ -147,7 +150,7 @@ will_return (__wrap_socket, 1); will_return (__wrap_connect, ENOTSOCK); will_return (__wrap_connect, -1); - rc = socket_connect ("127.0.0.1", 444, &sock); + rc = socket_connect ("127.0.0.1", 444, 0, &sock); assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); } @@ -157,13 +160,16 @@ { TSS2_RC rc; SOCKET sock; + int ctrl; - will_return (__wrap_socket, 0); - will_return (__wrap_socket, 1); - will_return (__wrap_connect, 0); - will_return (__wrap_connect, 1); - rc = socket_connect ("::1", 666, &sock); - assert_int_equal (rc, TSS2_RC_SUCCESS); + for (ctrl = 0; ctrl < 2; ctrl++) { + will_return (__wrap_socket, 0); + will_return (__wrap_socket, 1); + will_return (__wrap_connect, 0); + will_return (__wrap_connect, 1); + rc = socket_connect ("::1", 666, ctrl, &sock); + assert_int_equal (rc, TSS2_RC_SUCCESS); + } } static void socket_ipv6_connect_socket_fail_test (void **state) @@ -173,7 +179,7 @@ will_return (__wrap_socket, EINVAL); will_return (__wrap_socket, -1); - rc = socket_connect ("::1", 555, &sock); + rc = socket_connect ("::1", 555, 0, &sock); assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); } static void @@ -186,9 +192,62 @@ will_return (__wrap_socket, 1); will_return (__wrap_connect, ENOTSOCK); will_return (__wrap_connect, -1); - rc = socket_connect ("::1", 444, &sock); + rc = socket_connect ("::1", 444, 0, &sock); + assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); +} + +#ifdef _WIN32 +static void +socket_connect_unix_win32_fail_test (void **state) +{ + TSS2_RC rc; + SOCKET sock; + + rc = socket_connect_unix ("/some/path", 0, &sock); + assert_int_equal (rc, TSS2_RC_BAD_REFERENCE); +} +#else +static void +socket_connect_unix_test (void **state) +{ + TSS2_RC rc; + SOCKET sock; + int ctrl; + + for (ctrl = 0; ctrl < 2; ctrl++) { + will_return (__wrap_socket, 0); + will_return (__wrap_socket, 1); + will_return (__wrap_connect, 0); + will_return (__wrap_connect, 1); + rc = socket_connect_unix ("/some/path", ctrl, &sock); + assert_int_equal (rc, TSS2_RC_SUCCESS); + } +} +static void +socket_connect_unix_socket_fail_test (void **state) +{ + TSS2_RC rc; + SOCKET sock; + + will_return (__wrap_socket, EINVAL); + will_return (__wrap_socket, -1); + rc = socket_connect_unix ("/some/path", 0, &sock); + assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); +} +static void +socket_connect_unix_connect_fail_test (void **state) +{ + TSS2_RC rc; + SOCKET sock; + + will_return (__wrap_socket, 0); + will_return (__wrap_socket, 1); + will_return (__wrap_connect, ENOTSOCK); + will_return (__wrap_connect, -1); + rc = socket_connect_unix ("/some/path", 0, &sock); assert_int_equal (rc, TSS2_TCTI_RC_IO_ERROR); } +#endif static void socket_connect_null_test (void **state) @@ -196,7 +255,7 @@ TSS2_RC rc; SOCKET sock; - rc = socket_connect (NULL, 444, &sock); + rc = socket_connect (NULL, 444, 0, &sock); assert_int_equal (rc, TSS2_TCTI_RC_BAD_REFERENCE); } @@ -215,6 +274,9 @@ cmocka_unit_test (socket_ipv6_connect_test), cmocka_unit_test (socket_ipv6_connect_socket_fail_test), cmocka_unit_test (socket_ipv6_connect_connect_fail_test), + cmocka_unit_test (socket_connect_unix_test), + cmocka_unit_test (socket_connect_unix_socket_fail_test), + cmocka_unit_test (socket_connect_unix_connect_fail_test), }; return cmocka_run_group_tests (tests, NULL, NULL); }
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/tcti-libtpms.c
Added
@@ -0,0 +1,1652 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/***********************************************************************; + * Copyright (c) 2015 - 2018, Intel Corporation + * All rights reserved. + ***********************************************************************/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <inttypes.h> +#include <limits.h> +#include <stdio.h> +#include <stdbool.h> +#include <stdlib.h> +#include <string.h> + +#include <setjmp.h> +#include <cmocka.h> +#include <unistd.h> + +#include "tss2_tcti.h" +#include "tss2_tcti_libtpms.h" + +#include "tss2-tcti/tcti-common.h" +#include "tss2-tcti/tcti-libtpms.h" + +#define LOGMODULE test +#include "util/log.h" + +#define LIBTPMS_DL_HANDLE 0x12345678 +#define STATEFILE_PATH "statefile.bin" +#define STATEFILE_FD 0xAABB +#define STATEFILE_MMAP mmap_buf +#define STATEFILE_MMAP_NEW mmap_buf_new + +#define STATEFILE_PATH_REAL0 "statefile0.bin" +#define STATEFILE_PATH_REAL1 "statefile1.bin" + +/* loaded state */ +#define S1_PERMANENT_BUF_LITERAL "aaaaaaaa" +#define S1_PERMANENT_BUF_LEN 8 +#define S1_VOLATILE_BUF_LITERAL "bbbbb" +#define S1_VOLATILE_BUF_LEN 5 +#define S1_STATE "\0\0\0\x08" S1_PERMANENT_BUF_LITERAL "\0\0\0\x05" S1_VOLATILE_BUF_LITERAL +#define S1_STATE_LEN (sizeof(uint32_t) + S1_PERMANENT_BUF_LEN + sizeof(uint32_t) + S1_VOLATILE_BUF_LEN) + +/* next state */ +#define S2_PERMANENT_BUF_LITERAL "xxxxxxxxxxxxx" +#define S2_PERMANENT_BUF_LEN 13 +#define S2_VOLATILE_BUF_LITERAL "yyyyyyy" +#define S2_VOLATILE_BUF_LEN 7 +#define S2_STATE "\0\0\0\x0D" S2_PERMANENT_BUF_LITERAL "\0\0\0\x07" S2_VOLATILE_BUF_LITERAL +#define S2_STATE_LEN (sizeof(uint32_t) + S2_PERMANENT_BUF_LEN + sizeof(uint32_t) + S2_VOLATILE_BUF_LEN) + +/* big state */ +#define S3_PERMANENT_BUF_LITERAL "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" \ + "ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss" +#define S3_PERMANENT_BUF_LEN 1200 +#define S3_VOLATILE_BUF_LITERAL "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" \ + "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt" +#define S3_VOLATILE_BUF_LEN 1100 +#define S3_STATE "\0\0\x04\xB0" S3_PERMANENT_BUF_LITERAL "\0\0\04\x4C" S3_VOLATILE_BUF_LITERAL +#define S3_STATE_LEN (sizeof(uint32_t) + S3_PERMANENT_BUF_LEN + sizeof(uint32_t) + S3_VOLATILE_BUF_LEN) + +char mmap_bufSTATE_MMAP_CHUNK_LEN = {0}; +char mmap_buf_new2400 = {0}; + +struct libtpms_callbacks global_callbacks; + +/* mock libtpms API */ +TPM_RESULT TPMLIB_ChooseTPMVersion(TPMLIB_TPMVersion ver) +{ + check_expected(ver); + return mock_type(int); +} +TPM_RESULT TPMLIB_RegisterCallbacks(struct libtpms_callbacks *callbacks) +{ + global_callbacks.sizeOfStruct = callbacks->sizeOfStruct; + global_callbacks.tpm_nvram_init = callbacks->tpm_nvram_init; + global_callbacks.tpm_nvram_loaddata = callbacks->tpm_nvram_loaddata; + global_callbacks.tpm_nvram_storedata = callbacks->tpm_nvram_storedata; + global_callbacks.tpm_nvram_deletename = callbacks->tpm_nvram_deletename; + global_callbacks.tpm_io_init = callbacks->tpm_io_init; + global_callbacks.tpm_io_getlocality = callbacks->tpm_io_getlocality; + global_callbacks.tpm_io_getphysicalpresence = callbacks->tpm_io_getphysicalpresence; + return mock_type(int); +} +TPM_RESULT TPMLIB_GetState(enum TPMLIB_StateType st, unsigned char **buf, uint32_t *buf_len) +{ + check_expected(st); + unsigned char *buf_out = mock_type(unsigned char *); + *buf_len = mock_type(uint32_t); + *buf = malloc(*buf_len); + assert_non_null(*buf); + memcpy(*buf, buf_out, *buf_len); + return mock_type(int); +} +TPM_RESULT TPMLIB_MainInit(void) +{ + uint32_t ret; + ret = global_callbacks.tpm_nvram_init(); + assert_int_equal(ret, 0); + ret = global_callbacks.tpm_io_init(); + assert_int_equal(ret, 0); + ret = global_callbacks.tpm_nvram_loaddata((unsigned char **) 1, + (uint32_t *) 2, + 3, + "4"); + assert_int_equal(ret, TPM_RETRY); + return mock_type(int); +} +TPM_RESULT TPMLIB_Process(unsigned char **resp_buf, uint32_t *resp_len, uint32_t *resp_buf_len, unsigned char *cmd, uint32_t cmd_len) +{ + uint32_t locality; + uint32_t ret; + check_expected_ptr(cmd); + check_expected(cmd_len); + ret = global_callbacks.tpm_io_getlocality(&locality, 0); + assert_int_equal(ret, 0); + check_expected(locality); + + ret = global_callbacks.tpm_nvram_storedata((unsigned char *) 1, 2, 3, "4"); + assert_int_equal(ret, TPM_SUCCESS); + + unsigned char *buf_out = mock_type(unsigned char *); + *resp_buf_len = *resp_len = mock_type(uint32_t); + *resp_buf = malloc(*resp_len); + assert_non_null(*resp_buf); + memcpy(*resp_buf, buf_out, *resp_len); + return mock_type(int); +} +TPM_RESULT TPMLIB_SetState(enum TPMLIB_StateType st, const unsigned char *buf, uint32_t buf_len) +{ + check_expected_ptr(st); + check_expected_ptr(buf); + check_expected_ptr(buf_len); + return mock_type(int); +} +void TPMLIB_Terminate(void) +{ +} + +void *__wrap_dlopen(const char *filename, int flags) +{ + LOG_TRACE("Called with filename %s and flags %x", filename, flags); + check_expected_ptr(filename); + check_expected(flags); + return mock_type(void *); +} +int __wrap_dlclose(void *handle) +{ + LOG_TRACE("Called with handle %p", handle); + check_expected_ptr(handle); + return mock_type(int); +} +void *__wrap_dlsym(void *handle, const char *symbol) +{ + LOG_TRACE("Called with handle %p and symbol %s", handle, symbol); + check_expected_ptr(handle); + check_expected_ptr(symbol); + return mock_type(void *); +} +void *__real_mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset); +void *__wrap_mmap (void *addr, size_t len, int prot, int flags, int fd, off_t offset) +{ + int wrap = mock_type(int); + if (wrap) { + check_expected_ptr(addr); + check_expected(len); + check_expected(prot); + check_expected(flags); + check_expected(fd); + check_expected(offset); + return mock_type(void *); + } else { + return __real_mmap(addr, len, prot, flags, fd, offset); + } +} +void *__wrap_mremap(void *old_address, size_t old_size, size_t new_size, int flags)
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/tcti-mssim.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/tcti-mssim.c
Changed
@@ -32,84 +32,108 @@ TSS2_RC mssim_kv_callback (const key_value_t *key_value, void *user_data); + /* - * This tests our ability to handle conf strings that have a port - * component. In this case the 'conf_str_to_host_port' function - * should set the 'port' parameter and so we check to be sure it's - * set. + * In the tests below where 'host' is set (implying TCP and excluding unix domain + * sockets), we ensure that 'path' comes back NULL. Similarly, when 'path' is + * set (implying unix domain sockets), we ensure that 'host' is NULL. + */ +#define NO_HOST_VALUE "no.host.xyz" +#define NO_PORT_VALUE 646 +#define NO_PATH_VALUE "/bad/path" + +/* + * This tests our ability to handle conf strings that have a port component. In + * this case the 'conf_str_to_host_port' function should set the 'host' and + * 'port' parameters and so we check to be sure they're set. (And that 'path' + * is unset.) */ static void conf_str_to_host_port_success_test (void **state) { TSS2_RC rc; char conf = "host=127.0.0.1,port=2321"; - mssim_conf_t mssim_conf = { 0 }; + char unusedpath = NO_PATH_VALUE; + mssim_conf_t mssim_conf = { + .path = unusedpath + }; rc = parse_key_value_string (conf, mssim_kv_callback, &mssim_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (mssim_conf.port, 2321); assert_string_equal (mssim_conf.host, "127.0.0.1"); + assert_null (mssim_conf.path); } /* * This tests our ability to handle conf strings that don't have the port * component of the URI. In this case the 'conf_str_to_host_port' function * should not touch the 'port' parameter and so we check to be sure it's - * unchanged. + * unchanged. (And that 'path' is unset.) */ -#define NO_PORT_VALUE 646 static void conf_str_to_host_port_no_port_test (void **state) { TSS2_RC rc; char conf = "host=127.0.0.1"; + char unusedpath = NO_PATH_VALUE; mssim_conf_t mssim_conf = { .host = "foo", .port = NO_PORT_VALUE, + .path = unusedpath }; rc = parse_key_value_string (conf, mssim_kv_callback, &mssim_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_string_equal (mssim_conf.host, "127.0.0.1"); assert_int_equal (mssim_conf.port, NO_PORT_VALUE); + assert_null (mssim_conf.path); } /* * This tests our ability to handle conf strings that have an IPv6 address * and port component. In this case the 'conf_str_to_host_port' function * should set the 'hostname' parameter and so we check to be sure it's - * set without the brackets. + * set without the brackets. (And that 'path' is unset.) */ static void conf_str_to_host_ipv6_port_success_test (void **state) { TSS2_RC rc; char conf = "host=::1,port=2321"; - mssim_conf_t mssim_conf = { 0 }; + char unusedpath = NO_PATH_VALUE; + mssim_conf_t mssim_conf = { + .path = unusedpath + }; rc = parse_key_value_string (conf, mssim_kv_callback, &mssim_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (mssim_conf.port, 2321); assert_string_equal (mssim_conf.host, "::1"); + assert_null (mssim_conf.path); } /* * This tests our ability to handle conf strings that have an IPv6 address * but no port component. In this case the 'conf_str_to_host_port' function * should not touch the 'port' parameter and so we check to be sure it's - * unchanged. + * unchanged. (And that 'path' is unset.) */ static void conf_str_to_host_ipv6_port_no_port_test (void **state) { TSS2_RC rc; char conf = "host=::1"; - mssim_conf_t mssim_conf = { .port = NO_PORT_VALUE }; + mssim_conf_t mssim_conf = { + .port = NO_PORT_VALUE, + .path = NO_PATH_VALUE + }; rc = parse_key_value_string (conf, mssim_kv_callback, &mssim_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (mssim_conf.port, NO_PORT_VALUE); assert_string_equal (mssim_conf.host, "::1"); + assert_null (mssim_conf.path); } /* @@ -137,6 +161,28 @@ assert_int_equal (rc, TSS2_TCTI_RC_BAD_VALUE); } +/* + * This tests our ability to handle conf strings that have a path + * component. In this case the 'conf_str_to_host_port' function + * should set the 'path' parameter and so we check to be sure it's + * set. (And that 'host' is unset.) + */ +static void +conf_str_to_path_success_test (void **state) +{ + TSS2_RC rc; + char conf = "path=/some/path"; + char unusedhost = NO_HOST_VALUE; + mssim_conf_t mssim_conf = { + .host = unusedhost + }; + + rc = parse_key_value_string (conf, mssim_kv_callback, &mssim_conf); + assert_int_equal (rc, TSS2_RC_SUCCESS); + assert_string_equal (mssim_conf.path, "/some/path"); + assert_null (mssim_conf.host); +} + /* When passed all NULL values ensure that we get back the expected RC. */ static void tcti_socket_init_all_null_test (void **state) @@ -264,6 +310,17 @@ printf ("%s: done\n", __func__); return 0; } +#ifndef _WIN32 +/* variant of tcti_socket_setup() for unix domain sockets. */ +static int +tcti_socket_setup_unix (void **state) +{ + printf ("%s: before tcti_socket_init_from_conf\n", __func__); + *state = tcti_socket_init_from_conf ("path=/notarealdirectory/notarealfile"); + printf ("%s: done\n", __func__); + return 0; +} +#endif static void tcti_socket_init_null_conf_test (void **state) { @@ -515,6 +572,7 @@ cmocka_unit_test (conf_str_to_host_ipv6_port_no_port_test), cmocka_unit_test (conf_str_to_host_port_invalid_port_large_test), cmocka_unit_test (conf_str_to_host_port_invalid_port_0_test), + cmocka_unit_test (conf_str_to_path_success_test), cmocka_unit_test (tcti_socket_init_all_null_test), cmocka_unit_test (tcti_socket_init_size_test), cmocka_unit_test (tcti_socket_init_null_conf_test), @@ -538,7 +596,12 @@ tcti_socket_teardown), cmocka_unit_test_setup_teardown (tcti_socket_transmit_success_test, tcti_socket_setup, - tcti_socket_teardown) + tcti_socket_teardown), +#ifndef _WIN32 + cmocka_unit_test_setup_teardown (tcti_socket_receive_success_test, + tcti_socket_setup_unix, + tcti_socket_teardown), +#endif }; return cmocka_run_group_tests (tests, NULL, NULL); }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/tcti-pcap.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/tcti-pcap.c
Changed
@@ -16,6 +16,7 @@ #include <string.h> #include <time.h> #include <sys/stat.h> +#include <netinet/in.h> #include <setjmp.h> #include <cmocka.h> @@ -26,6 +27,14 @@ #include "tss2-tcti/tcti-common.h" #include "tss2-tcti/tcti-pcap.h" +#if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) +#define _LE32TOH(a,b,c,d) d,c,b,a +#define _LE16TOH(a,b) b,a +#else +#define _LE32TOH(a,b,c,d) a,b,c,d +#define _LE16TOH(a,b) a,b +#endif + #define TCTI_STUB_CONF "stub" #define TCTI_PCAP_ENV_VAR "pcap_env_var" #define TCTI_PCAP_FILE "pcap_file" @@ -43,34 +52,34 @@ #define TCTI_PCAP_HOST_PORT_BYTES 0xcd, 0xef #define TCTI_PCAP_TIMESTAMP_SEC ((uint64_t) 0x0001020304050607 / 1000000) #define TCTI_PCAP_TIMESTAMP_NSEC (((uint64_t) 0x0001020304050607 % 1000000) * 1000) -#define TCTI_PCAP_TIMESTAMP_BYTES 0x03, 0x02, 0x01, 0x00, 0x07, 0x06, 0x05, 0x04 +#define TCTI_PCAP_TIMESTAMP_BYTES _LE32TOH(0x03, 0x02, 0x01, 0x00), _LE32TOH(0x07, 0x06, 0x05, 0x04) static const uint8_t pcap_header = { /* section header block */ - 0x0a, 0x0d, 0x0d, 0x0a, - 0x1c, 0x00, 0x00, 0x00, - 0x4d, 0x3c, 0x2b, 0x1a, - 0x01, 0x00, + _LE32TOH(0x0a, 0x0d, 0x0d, 0x0a), + _LE32TOH(0x1c, 0x00, 0x00, 0x00), + _LE32TOH(0x4d, 0x3c, 0x2b, 0x1a), + _LE16TOH(0x01, 0x00), 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0x1c, 0x00, 0x00, 0x00, + _LE32TOH(0x1c, 0x00, 0x00, 0x00), /* interface description block */ - 0x01, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x00, 0x00, - 0xE4, 0x00, + _LE32TOH(0x01, 0x00, 0x00, 0x00), + _LE32TOH(0x14, 0x00, 0x00, 0x00), + _LE16TOH(0xE4, 0x00), 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x00, 0x00 + _LE32TOH(0x14, 0x00, 0x00, 0x00) }; static uint8_t pcap_rx_epb_data = { /* enhanced packet block header */ - 0x06, 0x00, 0x00, 0x00, - 0x4c, 0x00, 0x00, 0x00, + _LE32TOH(0x06, 0x00, 0x00, 0x00), + _LE32TOH(0x4c, 0x00, 0x00, 0x00), 0x00, 0x00, 0x00, 0x00, TCTI_PCAP_TIMESTAMP_BYTES, - 0x2b, 0x00, 0x00, 0x00, - 0x2b, 0x00, 0x00, 0x00, + _LE32TOH(0x2b, 0x00, 0x00, 0x00), + _LE32TOH(0x2b, 0x00, 0x00, 0x00), /* ipv4 header */ 0x45, 0x00, @@ -96,17 +105,17 @@ /* epb padding */ 0x00, /* epb footer */ - 0x4c, 0x00, 0x00, 0x00 + _LE32TOH(0x4c, 0x00, 0x00, 0x00) }; static uint8_t pcap_tx_epb_data = { /* enhanced packet block header */ - 0x06, 0x00, 0x00, 0x00, - 0x4c, 0x00, 0x00, 0x00, + _LE32TOH(0x06, 0x00, 0x00, 0x00), + _LE32TOH(0x4c, 0x00, 0x00, 0x00), 0x00, 0x00, 0x00, 0x00, TCTI_PCAP_TIMESTAMP_BYTES, - 0x2b, 0x00, 0x00, 0x00, - 0x2b, 0x00, 0x00, 0x00, + _LE32TOH(0x2b, 0x00, 0x00, 0x00), + _LE32TOH(0x2b, 0x00, 0x00, 0x00), /* ipv4 header */ 0x45, 0x00, @@ -132,7 +141,7 @@ /* epb padding */ 0x00, /* epb footer */ - 0x4c, 0x00, 0x00, 0x00 + _LE32TOH(0x4c, 0x00, 0x00, 0x00) }; typedef struct { @@ -279,6 +288,11 @@ return EXIT_FAILURE; } +int +__wrap___clock_gettime64 (clockid_t clk_id, struct timespec *tp) +{ + return __wrap_clock_gettime(clk_id, tp); +} int __real_open (const char *pathname, int flags, mode_t mode); @@ -367,19 +381,10 @@ uint32_t seq_no; seq_no = *((uint32_t*) (data + offset)); - /* from big endian to little endian */ - seq_no = ((seq_no << 24) & 0xff000000) | /* byte 0 to byte 3 */ - ((seq_no << 8) & 0x00ff0000) | /* byte 1 to byte 2 */ - ((seq_no >> 8) & 0x0000ff00) | /* byte 2 to byte 1 */ - ((seq_no >> 24) & 0x000000ff); /* byte 3 to byte 0 */ + seq_no = ntohl (seq_no); seq_no += size; - - /* from little endian to big endian */ - seq_no = ((seq_no << 24) & 0xff000000) | /* byte 0 to byte 3 */ - ((seq_no << 8) & 0x00ff0000) | /* byte 1 to byte 2 */ - ((seq_no >> 8) & 0x0000ff00) | /* byte 2 to byte 1 */ - ((seq_no >> 24) & 0x000000ff); /* byte 3 to byte 0 */ + seq_no = htonl (seq_no); *((uint32_t*) (data + offset)) = seq_no; }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/tcti-swtpm.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/tcti-swtpm.c
Changed
@@ -32,84 +32,108 @@ TSS2_RC swtpm_kv_callback (const key_value_t *key_value, void *user_data); + /* - * This tests our ability to handle conf strings that have a port - * component. In this case the 'conf_str_to_host_port' function - * should set the 'port' parameter and so we check to be sure it's - * set. + * In the tests below where 'host' is set (implying TCP and excluding unix domain + * sockets), we ensure that 'path' comes back NULL. Similarly, when 'path' is + * set (implying unix domain sockets), we ensure that 'host' is NULL. + */ +#define NO_HOST_VALUE "no.host.xyz" +#define NO_PORT_VALUE 646 +#define NO_PATH_VALUE "/bad/path" + +/* + * This tests our ability to handle conf strings that have a port component. In + * this case the 'conf_str_to_host_port' function should set the 'host' and + * 'port' parameters and so we check to be sure they're set. (And that 'path' + * is unset.) */ static void conf_str_to_host_port_success_test (void **state) { TSS2_RC rc; char conf = "host=127.0.0.1,port=2321"; - swtpm_conf_t swtpm_conf = { 0 }; + char unusedpath = NO_PATH_VALUE; + swtpm_conf_t swtpm_conf = { + .path = unusedpath + }; rc = parse_key_value_string (conf, swtpm_kv_callback, &swtpm_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (swtpm_conf.port, 2321); assert_string_equal (swtpm_conf.host, "127.0.0.1"); + assert_null (swtpm_conf.path); } /* * This tests our ability to handle conf strings that don't have the port * component of the URI. In this case the 'conf_str_to_host_port' function * should not touch the 'port' parameter and so we check to be sure it's - * unchanged. + * unchanged. (And that 'path' is unset.) */ -#define NO_PORT_VALUE 646 static void conf_str_to_host_port_no_port_test (void **state) { TSS2_RC rc; char conf = "host=127.0.0.1"; + char unusedpath = NO_PATH_VALUE; swtpm_conf_t swtpm_conf = { .host = "foo", .port = NO_PORT_VALUE, + .path = unusedpath }; rc = parse_key_value_string (conf, swtpm_kv_callback, &swtpm_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_string_equal (swtpm_conf.host, "127.0.0.1"); assert_int_equal (swtpm_conf.port, NO_PORT_VALUE); + assert_null (swtpm_conf.path); } /* * This tests our ability to handle conf strings that have an IPv6 address * and port component. In this case the 'conf_str_to_host_port' function * should set the 'hostname' parameter and so we check to be sure it's - * set without the brackets. + * set without the brackets. (And that 'path' is unset.) */ static void conf_str_to_host_ipv6_port_success_test (void **state) { TSS2_RC rc; char conf = "host=::1,port=2321"; - swtpm_conf_t swtpm_conf = { 0 }; + char unusedpath = NO_PATH_VALUE; + swtpm_conf_t swtpm_conf = { + .path = unusedpath + }; rc = parse_key_value_string (conf, swtpm_kv_callback, &swtpm_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (swtpm_conf.port, 2321); assert_string_equal (swtpm_conf.host, "::1"); + assert_null (swtpm_conf.path); } /* * This tests our ability to handle conf strings that have an IPv6 address * but no port component. In this case the 'conf_str_to_host_port' function * should not touch the 'port' parameter and so we check to be sure it's - * unchanged. + * unchanged. (And that 'path' is unset.) */ static void conf_str_to_host_ipv6_port_no_port_test (void **state) { TSS2_RC rc; char conf = "host=::1"; - swtpm_conf_t swtpm_conf = { .port = NO_PORT_VALUE }; + swtpm_conf_t swtpm_conf = { + .port = NO_PORT_VALUE, + .path = NO_PATH_VALUE + }; rc = parse_key_value_string (conf, swtpm_kv_callback, &swtpm_conf); assert_int_equal (rc, TSS2_RC_SUCCESS); assert_int_equal (swtpm_conf.port, NO_PORT_VALUE); assert_string_equal (swtpm_conf.host, "::1"); + assert_null (swtpm_conf.path); } /* @@ -137,6 +161,28 @@ assert_int_equal (rc, TSS2_TCTI_RC_BAD_VALUE); } +/* + * This tests our ability to handle conf strings that have a path + * component. In this case the 'conf_str_to_host_port' function + * should set the 'path' parameter and so we check to be sure it's + * set. (And that 'host' is unset.) + */ +static void +conf_str_to_path_success_test (void **state) +{ + TSS2_RC rc; + char conf = "path=/some/path"; + char unusedhost = NO_HOST_VALUE; + swtpm_conf_t swtpm_conf = { + .host = unusedhost + }; + + rc = parse_key_value_string (conf, swtpm_kv_callback, &swtpm_conf); + assert_int_equal (rc, TSS2_RC_SUCCESS); + assert_string_equal (swtpm_conf.path, "/some/path"); + assert_null (swtpm_conf.host); +} + /* When passed all NULL values ensure that we get back the expected RC. */ static void tcti_swtpm_init_all_null_test (void **state) @@ -249,6 +295,17 @@ printf ("%s: done\n", __func__); return 0; } +#ifndef _WIN32 +/* variant of tcti_swtpm_setup() for unix domain sockets. */ +static int +tcti_swtpm_setup_unix (void **state) +{ + printf ("%s: before tcti_swtpm_init_from_conf\n", __func__); + *state = tcti_swtpm_init_from_conf ("path=/notarealdirectory/notarealfile"); + printf ("%s: done\n", __func__); + return 0; +} +#endif static void tcti_swtpm_init_null_conf_test (void **state) { @@ -717,6 +774,7 @@ cmocka_unit_test (conf_str_to_host_ipv6_port_no_port_test), cmocka_unit_test (conf_str_to_host_port_invalid_port_large_test), cmocka_unit_test (conf_str_to_host_port_invalid_port_0_test), + cmocka_unit_test (conf_str_to_path_success_test), cmocka_unit_test (tcti_swtpm_init_all_null_test), cmocka_unit_test (tcti_swtpm_init_size_test), cmocka_unit_test (tcti_swtpm_init_null_conf_test), @@ -772,6 +830,11 @@ cmocka_unit_test_setup_teardown (tcti_swtpm_locality_test, tcti_swtpm_setup, tcti_swtpm_teardown), +#ifndef _WIN32 + cmocka_unit_test_setup_teardown (tcti_swtpm_receive_success_test, + tcti_swtpm_setup_unix, + tcti_swtpm_teardown), +#endif }; return cmocka_run_group_tests (tests, NULL, NULL); }
View file
_service:tar_scm:tpm2-tss-3.1.0.tar.gz/test/unit/tctildr-dl.c -> _service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/tctildr-dl.c
Changed
@@ -55,6 +55,12 @@ return mock_type(void *); } +void * +__wrap___dlsym_time64(void *handle, const char *symbol) +{ + return __wrap_dlsym(handle, symbol); +} + TSS2_TCTI_INFO * __wrap_Tss2_Tcti_Fake_Info(void) {
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen
Added
+(directory)
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen/tss2-dlopen-esys.c
Added
@@ -0,0 +1,2208 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2021, Fraunhofer SIT + * All rights reserved. + *******************************************************************************/ + +/** + * The purpose of this file is to copy it into your project and + * include it during compilation if you don't want to link against + * libtss2-esys at compile time. + * It will attempt to load libtss2-esys.so during runtime. + * It will either work similarly to directly linking to libtss2-esys.so + * at compile-time or return a NOT_IMPLEMENTED error. + * + * For new versions of this file, please check: + * http://github.com/tpm2-software/tpm2-tss/tss2-dlopen +*/ + +#include <dlfcn.h> +#include <stdio.h> +#include <tss2/tss2_esys.h> + +#define str(s) xstr(s) +#define xstr(s) #s + +#ifdef ENABLE_WARN +#define WARN(str, ...) do { fprintf(stderr, "WARNING: " str "\n", ## __VA_ARGS__); } while (0) +#else /* ENABLE_WARN */ +#define WARN(...) do { } while (0) +#endif /* ENABLE_WARN */ + +#define LIB "libtss2-esys.so.0" +static void *dlhandle = NULL; + +static TSS2_RC +init_dlhandle(void) +{ + if (dlhandle) + return TSS2_RC_SUCCESS; + dlhandle = dlopen(LIB, RTLD_NOW | RTLD_LOCAL); + if (!dlhandle) { + WARN("Library " LIB " not found: %s.", dlerror()); + return TSS2_ESYS_RC_NOT_IMPLEMENTED; + } + return TSS2_RC_SUCCESS; +} + +TSS2_RC +Esys_Initialize( + ESYS_CONTEXT **esys_context, + TSS2_TCTI_CONTEXT *tcti, + TSS2_ABI_VERSION *abiVersion) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_ESYS_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (ESYS_CONTEXT **esys_context, TSS2_TCTI_CONTEXT *tcti, TSS2_ABI_VERSION *abiVersion) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Esys_Initialize"); + if (!sym) { + WARN("Function Esys_Initialize not found."); + return TSS2_ESYS_RC_NOT_IMPLEMENTED; + } + + return sym(esys_context, tcti, abiVersion); +} + +void +Esys_Finalize(ESYS_CONTEXT **ctx) +{ + if (!ctx || !*ctx) + return; + static TSS2_RC (*sym) (ESYS_CONTEXT **ctx) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Esys_Finalize"); + if (!sym) { + WARN("Function Esys_Finalize not found."); + return; + } + sym(ctx); +} + +void +Esys_Free(void *__ptr) +{ + if (!__ptr) + return; + static TSS2_RC (*sym) (void *__ptr) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Esys_Free"); + if (!sym) { + WARN("Function Esys_Free not found."); + return; + } + sym(__ptr); +} + +#define MAKE_ESYS_0(fun) \ +TSS2_RC fun (ESYS_CONTEXT *ctx) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx); \ +} + +#define MAKE_ESYS_1(fun, type1,parm1) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1); \ +} + +#define MAKE_ESYS_2(fun, type1,parm1, type2,parm2) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2); \ +} + +#define MAKE_ESYS_3(fun, type1,parm1, type2,parm2, type3,parm3) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2, type3) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3); \ +} + +#define MAKE_ESYS_4(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2, type3, type4) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3, parm4); \ +} + +#define MAKE_ESYS_5(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4, \ + type5,parm5) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4, \ + type5 parm5) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2, type3, type4, type5) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3, parm4, parm5); \ +} + +#define MAKE_ESYS_6(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4, \ + type5,parm5, type6,parm6) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4, \ + type5 parm5, type6 parm6) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2, type3, type4, type5, type6) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3, parm4, parm5, parm6); \ +} + +#define MAKE_ESYS_7(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4, \ + type5,parm5, type6,parm6, type7,parm7) \ +TSS2_RC fun (ESYS_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4, \ + type5 parm5, type6 parm6, type7 parm7) { \ + static TSS2_RC (*sym) (ESYS_CONTEXT *ctx, type1, type2, type3, type4, type5, type6, type7) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_ESYS_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3, parm4, parm5, parm6, parm7); \ +} +
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen/tss2-dlopen-fapi.c
Added
@@ -0,0 +1,727 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2021, Fraunhofer SIT + * All rights reserved. + *******************************************************************************/ + +/** + * The purpose of this file is to copy it into your project and + * include it during compilation if you don't want to link against + * libtss2-fapi at compile time. + * It will attempt to load libtss2-fapi.so during runtime. + * It will either work similarly to directly linking to libtss2-fapi.so + * at compile-time or return a NOT_IMPLEMENTED error. + * + * For new versions of this file, please check: + * http://github.com/tpm2-software/tpm2-tss/tss2-dlopen +*/ + +#include <dlfcn.h> +#include <stdio.h> +#include <tss2/tss2_fapi.h> + +#define str(s) xstr(s) +#define xstr(s) #s + +#ifdef ENABLE_WARN +#define WARN(str, ...) do { fprintf(stderr, "WARNING: " str "\n", ## __VA_ARGS__); } while (0) +#else /* ENABLE_WARN */ +#define WARN(...) do { } while (0) +#endif /* ENABLE_WARN */ + +#define LIB "libtss2-fapi.so.1" +static void *dlhandle = NULL; + +static TSS2_RC +init_dlhandle(void) +{ + if (dlhandle) + return TSS2_RC_SUCCESS; + dlhandle = dlopen(LIB, RTLD_NOW | RTLD_LOCAL); + if (!dlhandle) { + WARN("Library " LIB " not found: %s.", dlerror()); + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + } + return TSS2_RC_SUCCESS; +} + +TSS2_RC +Fapi_Initialize( + FAPI_CONTEXT **context, + char const *uri) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (FAPI_CONTEXT **context, char const *uri) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Fapi_Initialize"); + if (!sym) { + WARN("Function Fapi_Initialize not found."); + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + } + + return sym(context, uri); +} + +TSS2_RC +Fapi_Initialize_Async( + FAPI_CONTEXT **context, + char const *uri) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (FAPI_CONTEXT **context, char const *uri) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Fapi_Initialize_Async"); + if (!sym) { + WARN("Function Fapi_Initialize_Async not found."); + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + } + + return sym(context, uri); +} + +TSS2_RC Fapi_Initialize_Finish( + FAPI_CONTEXT **context) +{ + static TSS2_RC (*sym) (FAPI_CONTEXT **context) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Fapi_Initialize_Finish"); + if (!sym) { + WARN("Function Fapi_Initialize_Finish not found."); + return TSS2_FAPI_RC_NOT_IMPLEMENTED; + } + + return sym(context); +} + +void +Fapi_Finalize(FAPI_CONTEXT **ctx) +{ + if (!ctx || !*ctx) + return; + static TSS2_RC (*sym) (FAPI_CONTEXT **ctx) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Fapi_Finalize"); + if (!sym) { + WARN("Function Fapi_Finalize not found."); + return; + } + sym(ctx); +} + +void +Fapi_Free(void *__ptr) +{ + if (!__ptr) + return; + static TSS2_RC (*sym) (void *__ptr) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Fapi_Free"); + if (!sym) { + WARN("Function Fapi_Free not found."); + return; + } + sym(__ptr); +} + +#define MAKE_FAPI_0(fun) \ +TSS2_RC fun (FAPI_CONTEXT *ctx) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx); \ +} + +#define MAKE_FAPI_1(fun, type1,parm1) \ +TSS2_RC fun (FAPI_CONTEXT *ctx, type1 parm1) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx, type1) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1); \ +} + +#define MAKE_FAPI_2(fun, type1,parm1, type2,parm2) \ +TSS2_RC fun (FAPI_CONTEXT *ctx, type1 parm1, type2 parm2) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx, type1, type2) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2); \ +} + +#define MAKE_FAPI_3(fun, type1,parm1, type2,parm2, type3,parm3) \ +TSS2_RC fun (FAPI_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx, type1, type2, type3) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3); \ +} + +#define MAKE_FAPI_4(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4) \ +TSS2_RC fun (FAPI_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx, type1, type2, type3, type4) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \ + } \ + return sym(ctx, parm1, parm2, parm3, parm4); \ +} + +#define MAKE_FAPI_5(fun, type1,parm1, type2,parm2, type3,parm3, type4,parm4, \ + type5,parm5) \ +TSS2_RC fun (FAPI_CONTEXT *ctx, type1 parm1, type2 parm2, type3 parm3, type4 parm4, \ + type5 parm5) { \ + static TSS2_RC (*sym) (FAPI_CONTEXT *ctx, type1, type2, type3, type4, type5) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(fun)); \ + if (!sym) { \ + WARN("Function " str(fun) " not found."); \ + return TSS2_FAPI_RC_NOT_IMPLEMENTED; \
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen/tss2-dlopen-mu.c
Added
@@ -0,0 +1,299 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2021, Fraunhofer SIT + * All rights reserved. + *******************************************************************************/ + +/** + * The purpose of this file is to copy it into your project and + * include it during compilation if you don't want to link against + * libtss2-mu at compile time. + * It will attempt to load libtss2-mu.so during runtime. + * It will either work similarly to directly linking to libtss2-mu.so + * at compile-time or return a NOT_IMPLEMENTED error. + * + * For new versions of this file, please check: + * http://github.com/tpm2-software/tpm2-tss/tss2-dlopen +*/ + +#include <dlfcn.h> +#include <stdio.h> +#include <tss2/tss2_mu.h> + +#define str(s) xstr(s) +#define xstr(s) #s + +#ifdef ENABLE_WARN +#define WARN(str, ...) do { fprintf(stderr, "WARNING: " str "\n", ## __VA_ARGS__); } while (0) +#else /* ENABLE_WARN */ +#define WARN(...) do { } while (0) +#endif /* ENABLE_WARN */ + +#define LIB "libtss2-mu.so.0" +static void *dlhandle = NULL; + +static TSS2_RC +init_dlhandle(void) +{ + if (dlhandle) + return TSS2_RC_SUCCESS; + dlhandle = dlopen(LIB, RTLD_NOW | RTLD_LOCAL); + if (!dlhandle) { + WARN("Library " LIB " not found: %s.", dlerror()); + return TSS2_BASE_RC_NOT_IMPLEMENTED; + } + return TSS2_RC_SUCCESS; +} + +#define MAKE_MU_BASE(typ) \ +TSS2_RC Tss2_MU_ ## typ ## _Marshal ( \ + typ src, \ + uint8_t buffer, \ + size_t buffer_size, \ + size_t *offset) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (typ, uint8_t , size_t, size_t *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Marshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Marshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(src, buffer, buffer_size, offset); \ +} \ +TSS2_RC Tss2_MU_ ## typ ## _Unmarshal ( \ + uint8_t const buffer, \ + size_t buffer_size, \ + size_t *offset, \ + typ *dest) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (const uint8_t , size_t, size_t *, typ *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Unmarshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Unmarshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(buffer, buffer_size, offset, dest); \ +} + +#define MAKE_MU_STRUCT(typ) \ +TSS2_RC Tss2_MU_ ## typ ## _Marshal ( \ + typ const *src, \ + uint8_t buffer, \ + size_t buffer_size, \ + size_t *offset) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (const typ *, uint8_t , size_t, size_t *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Marshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Marshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(src, buffer, buffer_size, offset); \ +} \ +TSS2_RC Tss2_MU_ ## typ ## _Unmarshal ( \ + uint8_t const buffer, \ + size_t buffer_size, \ + size_t *offset, \ + typ *dest) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (const uint8_t , size_t, size_t *, typ *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Unmarshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Unmarshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(buffer, buffer_size, offset, dest); \ +} + +#define MAKE_MU_UNION(typ) \ +TSS2_RC Tss2_MU_ ## typ ## _Marshal ( \ + typ const *src, \ + uint32_t selector_value, \ + uint8_t buffer, \ + size_t buffer_size, \ + size_t *offset) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (const typ *, uint32_t, uint8_t , size_t, size_t *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Marshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Marshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(src, selector_value, buffer, buffer_size, offset); \ +} \ +TSS2_RC Tss2_MU_ ## typ ## _Unmarshal ( \ + uint8_t const buffer, \ + size_t buffer_size, \ + size_t *offset, \ + uint32_t selector_value, \ + typ *dest) \ +{ \ + if (init_dlhandle() != TSS2_RC_SUCCESS) \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + static TSS2_RC (*sym) (const uint8_t , size_t, size_t *, uint32_t, typ *) = NULL; \ + if (!sym) \ + sym = dlsym(dlhandle, str(Tss2_MU_ ## typ ## _Unmarshal)); \ + if (!sym) { \ + WARN("Function " str(Tss2_MU_ ## typ ## _Unmarshal) " not found."); \ + return TSS2_BASE_RC_NOT_IMPLEMENTED; \ + } \ + return sym(buffer, buffer_size, offset, selector_value, dest); \ +} + +MAKE_MU_BASE(INT8); +MAKE_MU_BASE(INT16); +MAKE_MU_BASE(INT32); +MAKE_MU_BASE(INT64); +MAKE_MU_BASE(UINT8); +MAKE_MU_BASE(UINT16); +MAKE_MU_BASE(UINT32); +MAKE_MU_BASE(UINT64); +MAKE_MU_BASE(TPM2_CC); +MAKE_MU_BASE(TPM2_ST); +MAKE_MU_BASE(TPMA_ALGORITHM); +MAKE_MU_BASE(TPMA_CC); +MAKE_MU_BASE(TPMA_LOCALITY); +MAKE_MU_BASE(TPMA_NV); +MAKE_MU_BASE(TPMA_OBJECT); +MAKE_MU_BASE(TPMA_PERMANENT); +MAKE_MU_BASE(TPMA_SESSION); +MAKE_MU_BASE(TPMA_STARTUP_CLEAR); +MAKE_MU_STRUCT(TPM2B_DIGEST); +MAKE_MU_STRUCT(TPM2B_ATTEST); +MAKE_MU_STRUCT(TPM2B_NAME); +MAKE_MU_STRUCT(TPM2B_MAX_NV_BUFFER); +MAKE_MU_STRUCT(TPM2B_SENSITIVE_DATA); +MAKE_MU_STRUCT(TPM2B_ECC_PARAMETER); +MAKE_MU_STRUCT(TPM2B_PUBLIC_KEY_RSA); +MAKE_MU_STRUCT(TPM2B_PRIVATE_KEY_RSA); +MAKE_MU_STRUCT(TPM2B_PRIVATE); +MAKE_MU_STRUCT(TPM2B_CONTEXT_SENSITIVE); +MAKE_MU_STRUCT(TPM2B_CONTEXT_DATA); +MAKE_MU_STRUCT(TPM2B_DATA); +MAKE_MU_STRUCT(TPM2B_SYM_KEY); +MAKE_MU_STRUCT(TPM2B_ECC_POINT); +MAKE_MU_STRUCT(TPM2B_NV_PUBLIC); +MAKE_MU_STRUCT(TPM2B_SENSITIVE); +MAKE_MU_STRUCT(TPM2B_SENSITIVE_CREATE); +MAKE_MU_STRUCT(TPM2B_CREATION_DATA); +MAKE_MU_STRUCT(TPM2B_PUBLIC); +MAKE_MU_STRUCT(TPM2B_ENCRYPTED_SECRET); +MAKE_MU_STRUCT(TPM2B_ID_OBJECT); +MAKE_MU_STRUCT(TPM2B_IV); +MAKE_MU_STRUCT(TPM2B_AUTH); +MAKE_MU_STRUCT(TPM2B_EVENT);
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen/tss2-dlopen-rc.c
Added
@@ -0,0 +1,82 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2021, Fraunhofer SIT + * All rights reserved. + *******************************************************************************/ + +/** + * The purpose of this file is to copy it into your project and + * include it during compilation if you don't want to link against + * libtss2-rc at compile time. + * It will attempt to load libtss2-rc.so during runtime. + * It will either work similarly to directly linking to libtss2-rc.so + * at compile-time or return an error string or NULL. + * + * For new versions of this file, please check: + * http://github.com/tpm2-software/tpm2-tss/tss2-dlopen +*/ + +#include <dlfcn.h> +#include <stdio.h> +#include <tss2/tss2_rc.h> + +#define str(s) xstr(s) +#define xstr(s) #s + +#ifdef ENABLE_WARN +#define WARN(str, ...) do { fprintf(stderr, "WARNING: " str "\n", ## __VA_ARGS__); } while (0) +#else /* ENABLE_WARN */ +#define WARN(...) do { } while (0) +#endif /* ENABLE_WARN */ + +#define LIB "libtss2-rc.so.0" +static void *dlhandle = NULL; + +static TSS2_RC +init_dlhandle(void) +{ + if (dlhandle) + return TSS2_RC_SUCCESS; + dlhandle = dlopen(LIB, RTLD_NOW | RTLD_LOCAL); + if (!dlhandle) { + WARN("Library " LIB " not found: %s.", dlerror()); + return TSS2_BASE_RC_NOT_IMPLEMENTED; + } + return TSS2_RC_SUCCESS; +} + +static const char *error = LIB " not found."; + +const char * +Tss2_RC_Decode(TSS2_RC rc) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return error; + + static const char * (*sym) (TSS2_RC rc) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_RC_Decode"); + if (!sym) { + WARN("Function Tss2_RC_Decode not found."); + return error; + } + + return sym(rc); +} + +TSS2_RC_HANDLER +Tss2_RC_SetHandler(uint8_t layer, const char *name, TSS2_RC_HANDLER handler) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return NULL; + + TSS2_RC_HANDLER (*sym) (uint8_t layer, const char *name, TSS2_RC_HANDLER handler) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_RC_SetHandler"); + if (!sym) { + WARN("Function Tss2_RC_SetHandler not found."); + return NULL; + } + + return sym(layer, name, handler); +}
View file
_service:tar_scm:tpm2-tss-3.2.1.tar.gz/tss2-dlopen/tss2-dlopen-tctildr.c
Added
@@ -0,0 +1,134 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/******************************************************************************* + * Copyright 2021, Fraunhofer SIT + * All rights reserved. + *******************************************************************************/ + +/** + * The purpose of this file is to copy it into your project and + * include it during compilation if you don't want to link against + * libtss2-tctildr at compile time. + * It will attempt to load libtss2-esys.so during runtime. + * It will either work similarly to directly linking to libtss2-tctildr.so + * at compile-time or return a NOT_IMPLEMENTED error. + * + * For new versions of this file, please check: + * http://github.com/tpm2-software/tpm2-tss/tss2-dlopen +*/ + +#include <dlfcn.h> +#include <stdio.h> +#include <tss2/tss2_tctildr.h> + +#define str(s) xstr(s) +#define xstr(s) #s + +#ifdef ENABLE_WARN +#define WARN(str, ...) do { fprintf(stderr, "WARNING: " str "\n", ## __VA_ARGS__); } while (0) +#else /* ENABLE_WARN */ +#define WARN(...) do { } while (0) +#endif /* ENABLE_WARN */ + +#define LIB "libtss2-tctildr.so.0" +static void *dlhandle = NULL; + +static TSS2_RC +init_dlhandle(void) +{ + if (dlhandle) + return TSS2_RC_SUCCESS; + dlhandle = dlopen(LIB, RTLD_NOW | RTLD_LOCAL); + if (!dlhandle) { + WARN("Library " LIB " not found: %s.", dlerror()); + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + } + return TSS2_RC_SUCCESS; +} + +TSS2_RC +Tss2_TctiLdr_Initialize_Ex (const char *name, + const char *conf, + TSS2_TCTI_CONTEXT **context) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (const char *name, const char *conf, TSS2_TCTI_CONTEXT **context) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_TctiLdr_Initialize_Ex"); + if (!sym) { + WARN("Function Tss2_TctiLdr_Initialize_Ex not found."); + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + } + + return sym(name, conf, context); +} + +TSS2_RC +Tss2_TctiLdr_Initialize (const char *nameConf, + TSS2_TCTI_CONTEXT **context) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (const char *nameConf, TSS2_TCTI_CONTEXT **context) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_TctiLdr_Initialize"); + if (!sym) { + WARN("Function Tss2_TctiLdr_Initialize not found."); + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + } + + return sym(nameConf, context); +} + +TSS2_RC +Tss2_TctiLdr_GetInfo (const char *name, + TSS2_TCTI_INFO **info) +{ + if (init_dlhandle() != TSS2_RC_SUCCESS) + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + + static TSS2_RC (*sym) (const char *name, TSS2_TCTI_INFO **info) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_TctiLdr_GetInfo"); + if (!sym) { + WARN("Function Tss2_TctiLdr_GetInfo not found."); + return TSS2_TCTI_RC_NOT_IMPLEMENTED; + } + + return sym(name, info); +} + + +void +Tss2_TctiLdr_Finalize (TSS2_TCTI_CONTEXT **context) +{ + if (!context || !*context) + return; + static void (*sym) (TSS2_TCTI_CONTEXT **context) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_TctiLdr_Finalize"); + if (!sym) { + WARN("Function Tss2_TctiLdr_Finalize not found."); + return; + } + + sym(context); +} + +void +Tss2_TctiLdr_FreeInfo (TSS2_TCTI_INFO **info) +{ + if (!info || !*info) + return; + static void (*sym) (TSS2_TCTI_INFO **info) = NULL; + if (!sym) + sym = dlsym(dlhandle, "Tss2_TctiLdr_FreeInfo"); + if (!sym) { + WARN("Function Tss2_TctiLdr_FreeInfo not found."); + return; + } + + sym(info); +}
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2