You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
130 lines
4.9 KiB
130 lines
4.9 KiB
From 516a4e71a764f4f5e19dd8f2e19fb1a86aa0534b Mon Sep 17 00:00:00 2001
|
|
From: Dan Streetman <ddstreet@ieee.org>
|
|
Date: Wed, 17 May 2023 20:03:00 -0400
|
|
Subject: [PATCH] tpm2: add tpm2_read_public()
|
|
|
|
(cherry picked from commit 98d6a80942337f07183bc4039ce32dc188f4d4cd)
|
|
|
|
Related: RHEL-16182
|
|
---
|
|
src/shared/tpm2-util.c | 69 +++++++++++++++++++++++++++---------------
|
|
1 file changed, 45 insertions(+), 24 deletions(-)
|
|
|
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
|
index 3278863f4d..edd871c632 100644
|
|
--- a/src/shared/tpm2-util.c
|
|
+++ b/src/shared/tpm2-util.c
|
|
@@ -721,6 +721,35 @@ static int tpm2_credit_random(Tpm2Context *c) {
|
|
return 0;
|
|
}
|
|
|
|
+static int tpm2_read_public(
|
|
+ Tpm2Context *c,
|
|
+ const Tpm2Handle *session,
|
|
+ const Tpm2Handle *handle,
|
|
+ TPM2B_PUBLIC **ret_public,
|
|
+ TPM2B_NAME **ret_name,
|
|
+ TPM2B_NAME **ret_qname) {
|
|
+
|
|
+ TSS2_RC rc;
|
|
+
|
|
+ assert(c);
|
|
+ assert(handle);
|
|
+
|
|
+ rc = sym_Esys_ReadPublic(
|
|
+ c->esys_context,
|
|
+ handle->esys_handle,
|
|
+ session ? session->esys_handle : ESYS_TR_NONE,
|
|
+ ESYS_TR_NONE,
|
|
+ ESYS_TR_NONE,
|
|
+ ret_public,
|
|
+ ret_name,
|
|
+ ret_qname);
|
|
+ if (rc != TSS2_RC_SUCCESS)
|
|
+ return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
|
+ "Failed to read public info: %s", sym_Tss2_RC_Decode(rc));
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
const TPM2B_PUBLIC *tpm2_get_primary_template(Tpm2SRKTemplateFlags flags) {
|
|
|
|
/*
|
|
@@ -825,7 +854,9 @@ const TPM2B_PUBLIC *tpm2_get_primary_template(Tpm2SRKTemplateFlags flags) {
|
|
static int tpm2_get_srk(
|
|
Tpm2Context *c,
|
|
const Tpm2Handle *session,
|
|
- TPMI_ALG_PUBLIC *ret_alg,
|
|
+ TPM2B_PUBLIC **ret_public,
|
|
+ TPM2B_NAME **ret_name,
|
|
+ TPM2B_NAME **ret_qname,
|
|
Tpm2Handle **ret_handle) {
|
|
|
|
int r;
|
|
@@ -837,37 +868,26 @@ static int tpm2_get_srk(
|
|
if (r < 0)
|
|
return r;
|
|
if (r == 0) { /* SRK not found */
|
|
- if (ret_alg)
|
|
- *ret_alg = TPM2_ALG_ERROR;
|
|
+ if (ret_public)
|
|
+ *ret_public = NULL;
|
|
+ if (ret_name)
|
|
+ *ret_name = NULL;
|
|
+ if (ret_qname)
|
|
+ *ret_qname = NULL;
|
|
if (ret_handle)
|
|
*ret_handle = NULL;
|
|
return 0;
|
|
}
|
|
|
|
- /* Get the algorithm if the caller wants it */
|
|
- _cleanup_(Esys_Freep) TPM2B_PUBLIC *out_public = NULL;
|
|
- if (ret_alg) {
|
|
- TSS2_RC rc = sym_Esys_ReadPublic(
|
|
- c->esys_context,
|
|
- handle->esys_handle,
|
|
- ESYS_TR_NONE,
|
|
- ESYS_TR_NONE,
|
|
- ESYS_TR_NONE,
|
|
- &out_public,
|
|
- NULL,
|
|
- NULL);
|
|
- if (rc != TSS2_RC_SUCCESS)
|
|
- return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
|
- "Failed to convert ray handle to ESYS_TR for SRK: %s",
|
|
- sym_Tss2_RC_Decode(rc));
|
|
+ if (ret_public || ret_name || ret_qname) {
|
|
+ r = tpm2_read_public(c, session, handle, ret_public, ret_name, ret_qname);
|
|
+ if (r < 0)
|
|
+ return r;
|
|
}
|
|
|
|
if (ret_handle)
|
|
*ret_handle = TAKE_PTR(handle);
|
|
|
|
- if (ret_alg)
|
|
- *ret_alg = out_public->publicArea.type;
|
|
-
|
|
return 1;
|
|
}
|
|
|
|
@@ -909,14 +929,15 @@ static int tpm2_make_primary(
|
|
|
|
/* Find existing SRK and use it if present */
|
|
if (use_srk_model) {
|
|
- TPMI_ALG_PUBLIC got_alg = TPM2_ALG_NULL;
|
|
- r = tpm2_get_srk(c, NULL, &got_alg, &primary);
|
|
+ _cleanup_(Esys_Freep) TPM2B_PUBLIC *primary_public = NULL;
|
|
+ r = tpm2_get_srk(c, NULL, &primary_public, NULL, NULL, &primary);
|
|
if (r < 0)
|
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
|
"Failed to establish if SRK is present");
|
|
if (r == 1) {
|
|
log_debug("Discovered existing SRK");
|
|
|
|
+ TPMI_ALG_PUBLIC got_alg = primary_public->publicArea.type;
|
|
if (alg != 0 && alg != got_alg)
|
|
log_warning("Caller asked for specific algorithm %u, but existing SRK is %u, ignoring",
|
|
alg, got_alg);
|