diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-10-19 17:53:50 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-11-03 11:21:55 +0100 |
| commit | 34657b1f0b95d004b017e9a4827eeece11693d15 (patch) | |
| tree | 08a10a098c2ef7c83793821184fea96d9ba4a980 | |
| parent | tpm2-util: add helper for setting TPM2B_AUTH in binary (diff) | |
| download | systemd-34657b1f0b95d004b017e9a4827eeece11693d15.tar.xz systemd-34657b1f0b95d004b017e9a4827eeece11693d15.zip | |
tpm2-util: add helper that calculates name of NV index
| -rw-r--r-- | src/shared/tpm2-util.c | 56 | ||||
| -rw-r--r-- | src/shared/tpm2-util.h | 2 |
2 files changed, 57 insertions, 1 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 783e44145d..47907b7d18 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -3303,7 +3303,7 @@ int tpm2_calculate_pubkey_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name) "Failed to marshal key name: %s", sym_Tss2_RC_Decode(rc)); name.size = size; - tpm2_log_debug_name(&name, "Calculated name"); + tpm2_log_debug_name(&name, "Calculated public key name"); *ret_name = name; @@ -3340,6 +3340,60 @@ static int tpm2_get_name( return 0; } +int tpm2_calculate_nv_index_name(const TPMS_NV_PUBLIC *nvpublic, TPM2B_NAME *ret_name) { + TSS2_RC rc; + int r; + + assert(nvpublic); + assert(ret_name); + + r = dlopen_tpm2(); + if (r < 0) + return log_debug_errno(r, "TPM2 support not installed: %m"); + + if (nvpublic->nameAlg != TPM2_ALG_SHA256) + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "Unsupported nameAlg: 0x%x", + nvpublic->nameAlg); + + _cleanup_free_ uint8_t *buf = NULL; + size_t size = 0; + + buf = (uint8_t*) new(TPMS_NV_PUBLIC, 1); + if (!buf) + return log_oom_debug(); + + rc = sym_Tss2_MU_TPMS_NV_PUBLIC_Marshal(nvpublic, buf, sizeof(TPMS_NV_PUBLIC), &size); + if (rc != TSS2_RC_SUCCESS) + return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to marshal NV index: %s", sym_Tss2_RC_Decode(rc)); + + TPM2B_DIGEST digest = {}; + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &digest, buf, size, /* extend= */ false); + if (r < 0) + return r; + + TPMT_HA ha = { + .hashAlg = TPM2_ALG_SHA256, + }; + assert(digest.size <= sizeof(ha.digest.sha256)); + memcpy_safe(ha.digest.sha256, digest.buffer, digest.size); + + TPM2B_NAME name; + size = 0; + rc = sym_Tss2_MU_TPMT_HA_Marshal(&ha, name.name, sizeof(name.name), &size); + if (rc != TSS2_RC_SUCCESS) + return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to marshal NV index name: %s", sym_Tss2_RC_Decode(rc)); + name.size = size; + + tpm2_log_debug_name(&name, "Calculated NV index name"); + + *ret_name = name; + + return 0; +} + /* Extend 'digest' with the PolicyAuthValue calculated hash. */ int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest) { TPM2_CC command = TPM2_CC_PolicyAuthValue; diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index b6940dbab1..b23471ba84 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -209,6 +209,8 @@ int tpm2_policy_auth_value(Tpm2Context *c, const Tpm2Handle *session, TPM2B_DIGE int tpm2_policy_pcr(Tpm2Context *c, const Tpm2Handle *session, const TPML_PCR_SELECTION *pcr_selection, TPM2B_DIGEST **ret_policy_digest); int tpm2_calculate_pubkey_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name); +int tpm2_calculate_nv_index_name(const TPMS_NV_PUBLIC *nvpublic, TPM2B_NAME *ret_name); + int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest); int tpm2_calculate_policy_authorize(const TPM2B_PUBLIC *public, const TPM2B_DIGEST *policy_ref, TPM2B_DIGEST *digest); int tpm2_calculate_policy_pcr(const Tpm2PCRValue *pcr_values, size_t n_pcr_values, TPM2B_DIGEST *digest); |