rpms
/
tpm2-tools
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9-beta'
${ noResults }
tpm2-tools/SOURCES/0006-import-fix-bug-on-usin...

101 lines
4.0 KiB
Raw Permalink Blame History

From acc82191f519f8bcdfcc0827faf024dcd2f56f78 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 20 May 2022 10:49:04 -0500
Subject: [PATCH 06/17] import: fix bug on using scheme
When scheme is specified in the template, the openssl load functions
clobber the scheme value and set it to TPM2_ALG_NULL. Only set the
algorithm to NULL if zero value is specified.
Fixes: #2997
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
lib/tpm2_openssl.c | 24 ++++++++++++++++++------
test/integration/tests/import.sh | 13 +++++++++----
2 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
index 01bfc9ef..ad43c8e1 100644
--- a/lib/tpm2_openssl.c
+++ b/lib/tpm2_openssl.c
@@ -534,9 +534,15 @@ static bool load_public_RSA_from_key(EVP_PKEY *key, TPM2B_PUBLIC *pub) {
pt->type = TPM2_ALG_RSA;
TPMS_RSA_PARMS *rdetail = &pub->publicArea.parameters.rsaDetail;
- rdetail->scheme.scheme = TPM2_ALG_NULL;
- rdetail->symmetric.algorithm = TPM2_ALG_NULL;
- rdetail->scheme.details.anySig.hashAlg = TPM2_ALG_NULL;
+ /*
+ * If the scheme is not TPM2_ALG_ERROR (0),
+ * its a valid scheme so don't set it to NULL scheme
+ */
+ if (rdetail->scheme.scheme == TPM2_ALG_ERROR) {
+ rdetail->scheme.scheme = TPM2_ALG_NULL;
+ rdetail->symmetric.algorithm = TPM2_ALG_NULL;
+ rdetail->scheme.details.anySig.hashAlg = TPM2_ALG_NULL;
+ }
/* NULL out sym details */
TPMT_SYM_DEF_OBJECT *sym = &rdetail->symmetric;
@@ -809,9 +815,15 @@ static bool load_public_ECC_from_key(EVP_PKEY *key, TPM2B_PUBLIC *pub) {
* no kdf - not sure what this should be
*/
pp->kdf.scheme = TPM2_ALG_NULL;
- pp->scheme.scheme = TPM2_ALG_NULL;
- pp->symmetric.algorithm = TPM2_ALG_NULL;
- pp->scheme.details.anySig.hashAlg = TPM2_ALG_NULL;
+
+ /*
+ * If the scheme is not TPM2_ALG_ERROR (0),
+ * its a valid scheme so don't set it to NULL scheme
+ */
+ if (pp->scheme.scheme == TPM2_ALG_ERROR) {
+ pp->scheme.scheme = TPM2_ALG_NULL;
+ pp->scheme.details.anySig.hashAlg = TPM2_ALG_NULL;
+ }
/* NULL out sym details */
TPMT_SYM_DEF_OBJECT *sym = &pp->symmetric;
diff --git a/test/integration/tests/import.sh b/test/integration/tests/import.sh
index 9f6a474e..9cb6096f 100644
--- a/test/integration/tests/import.sh
+++ b/test/integration/tests/import.sh
@@ -4,8 +4,8 @@ source helpers.sh
cleanup() {
rm -f import_key.ctx import_key.name import_key.priv import_key.pub \
- parent.ctx plain.dec.ssl plain.enc plain.txt sym.key import_rsa_key.pub \
- import_rsa_key.priv import_rsa_key.ctx import_rsa_key.name private.pem \
+ parent.ctx plain.dec.ssl plain.enc plain.txt sym.key import_rsa_key*.pub \
+ import_rsa_key*.priv import_rsa_key.ctx import_rsa_key.name private.pem \
public.pem plain.rsa.enc plain.rsa.dec public.pem data.in.raw \
data.in.digest data.out.signed ticket.out ecc.pub ecc.priv ecc.name \
ecc.ctx private.ecc.pem public.ecc.pem passfile aes.key policy.dat \
@@ -67,6 +67,10 @@ run_rsa_import_test() {
tpm2 import -Q -G rsa -g "$name_alg" -i private.pem -C $1 \
-u import_rsa_key.pub -r import_rsa_key.priv
+ # test in import with scheme and discard
+ tpm2 import -G rsa:rsassa-sha256 -g "$name_alg" -i private.pem -C $1 \
+ -u import_rsa_key2.pub -r import_rsa_key2.priv | grep -q 'rsassa'
+
tpm2 load -Q -C $1 -u import_rsa_key.pub -r import_rsa_key.priv \
-n import_rsa_key.name -c import_rsa_key.ctx
@@ -118,8 +122,9 @@ run_ecc_import_test() {
shasum -a 256 data.in.raw | awk '{ print "000000 " $1 }' | xxd -r -c 32 > \
data.in.digest
- tpm2 import -Q -G ecc -g "$name_alg" -i private.ecc.pem -C $1 -u ecc.pub \
- -r ecc.priv
+ # test import with scheme
+ tpm2 import -G ecc:ecdsa-sha256 -g "$name_alg" -i private.ecc.pem -C $1 -u ecc.pub \
+ -r ecc.priv | grep -q 'ecdsa'
tpm2 load -Q -C $1 -u ecc.pub -r ecc.priv -n ecc.name -c ecc.ctx
--
2.40.1
Reference in new issue View Git Blame Copy Permalink