From: Lennart Poettering Date: Thu, 19 Oct 2023 15:48:00 +0000 (+0200) Subject: tpm2-util: export a couple of functions we'd like to use for pcrlock X-Git-Tag: v255-rc1~27^2~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f3f9c2bf5d2723ec392479fb1afb10f074e61ac;p=thirdparty%2Fsystemd.git tpm2-util: export a couple of functions we'd like to use for pcrlock --- diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 7f4ce9e3058..f669b63b032 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -2130,7 +2130,7 @@ int tpm2_create(Tpm2Context *c, return 0; } -static int tpm2_load( +int tpm2_load( Tpm2Context *c, const Tpm2Handle *parent, const Tpm2Handle *session, @@ -2853,7 +2853,7 @@ static void tpm2_trim_auth_value(TPM2B_AUTH *auth) { log_debug("authValue ends in 0, trimming as required by the TPM2 specification Part 1 section 'HMAC Computation' authValue Note 2."); } -static int tpm2_get_pin_auth(TPMI_ALG_HASH hash, const char *pin, TPM2B_AUTH *ret_auth) { +int tpm2_get_pin_auth(TPMI_ALG_HASH hash, const char *pin, TPM2B_AUTH *ret_auth) { TPM2B_AUTH auth = {}; int r; @@ -2910,7 +2910,7 @@ static bool tpm2_is_encryption_session(Tpm2Context *c, const Tpm2Handle *session return (flags & TPMA_SESSION_DECRYPT) && (flags & TPMA_SESSION_ENCRYPT); } -static int tpm2_make_encryption_session( +int tpm2_make_encryption_session( Tpm2Context *c, const Tpm2Handle *primary, const Tpm2Handle *bind_key, @@ -2964,7 +2964,7 @@ static int tpm2_make_encryption_session( return 0; } -static int tpm2_make_policy_session( +int tpm2_make_policy_session( Tpm2Context *c, const Tpm2Handle *primary, const Tpm2Handle *encryption_session, @@ -3234,7 +3234,7 @@ int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest) { return 0; } -static int tpm2_policy_auth_value( +int tpm2_policy_auth_value( Tpm2Context *c, const Tpm2Handle *session, TPM2B_DIGEST **ret_policy_digest) { @@ -3320,7 +3320,7 @@ int tpm2_calculate_policy_pcr( return 0; } -static int tpm2_policy_pcr( +int tpm2_policy_pcr( Tpm2Context *c, const Tpm2Handle *session, const TPML_PCR_SELECTION *pcr_selection, @@ -3915,7 +3915,7 @@ static int tpm2_unmarshal_blob( /* Serialize a handle. This produces a binary object that can be later deserialized (by the same TPM), even * across restarts of the TPM or reboots (assuming the handle is persistent). */ -static int tpm2_serialize( +int tpm2_serialize( Tpm2Context *c, const Tpm2Handle *handle, void **ret_serialized, @@ -3941,7 +3941,7 @@ static int tpm2_serialize( return 0; } -static int tpm2_deserialize( +int tpm2_deserialize( Tpm2Context *c, const void *serialized, size_t serialized_size, diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index 332d1245f4e..4644d806a65 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -111,9 +111,12 @@ char *tpm2_pcr_values_to_string(const Tpm2PCRValue *pcr_values, size_t n_pcr_val int tpm2_pcr_values_hash_count(const Tpm2PCRValue *pcr_values, size_t n_pcr_values, size_t *ret_count); int tpm2_tpml_pcr_selection_from_pcr_values(const Tpm2PCRValue *pcr_values, size_t n_pcr_values, TPML_PCR_SELECTION *ret_selection, TPM2B_DIGEST **ret_values, size_t *ret_n_values); +int tpm2_make_encryption_session(Tpm2Context *c, const Tpm2Handle *primary, const Tpm2Handle *bind_key, Tpm2Handle **ret_session); + int tpm2_create_primary(Tpm2Context *c, const Tpm2Handle *session, const TPM2B_PUBLIC *template, const TPM2B_SENSITIVE_CREATE *sensitive, TPM2B_PUBLIC **ret_public, Tpm2Handle **ret_handle); int tpm2_create(Tpm2Context *c, const Tpm2Handle *parent, const Tpm2Handle *session, const TPMT_PUBLIC *template, const TPMS_SENSITIVE_CREATE *sensitive, TPM2B_PUBLIC **ret_public, TPM2B_PRIVATE **ret_private); int tpm2_create_loaded(Tpm2Context *c, const Tpm2Handle *parent, const Tpm2Handle *session, const TPMT_PUBLIC *template, const TPMS_SENSITIVE_CREATE *sensitive, TPM2B_PUBLIC **ret_public, TPM2B_PRIVATE **ret_private, Tpm2Handle **ret_handle); +int tpm2_load(Tpm2Context *c, const Tpm2Handle *parent, const Tpm2Handle *session, const TPM2B_PUBLIC *public, const TPM2B_PRIVATE *private, Tpm2Handle **ret_handle); bool tpm2_supports_alg(Tpm2Context *c, TPM2_ALG_ID alg); bool tpm2_supports_command(Tpm2Context *c, TPM2_CC command); @@ -191,6 +194,12 @@ int tpm2_index_from_handle(Tpm2Context *c, const Tpm2Handle *handle, TPM2_HANDLE int tpm2_pcr_read(Tpm2Context *c, const TPML_PCR_SELECTION *pcr_selection, Tpm2PCRValue **ret_pcr_values, size_t *ret_n_pcr_values); int tpm2_pcr_read_missing_values(Tpm2Context *c, Tpm2PCRValue *pcr_values, size_t n_pcr_values); +int tpm2_get_pin_auth(TPMI_ALG_HASH hash, const char *pin, TPM2B_AUTH *ret_auth); + +int tpm2_make_policy_session(Tpm2Context *c, const Tpm2Handle *primary, const Tpm2Handle *encryption_session, Tpm2Handle **ret_session); +int tpm2_policy_auth_value(Tpm2Context *c, const Tpm2Handle *session, TPM2B_DIGEST **ret_policy_digest); +int tpm2_policy_pcr(Tpm2Context *c, const Tpm2Handle *session, const TPML_PCR_SELECTION *pcr_selection, TPM2B_DIGEST **ret_policy_digest); + int tpm2_calculate_pubkey_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name); int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest); int tpm2_calculate_policy_authorize(const TPM2B_PUBLIC *public, const TPM2B_DIGEST *policy_ref, TPM2B_DIGEST *digest); @@ -210,6 +219,9 @@ int tpm2_tpm2b_public_from_openssl_pkey(const EVP_PKEY *pkey, TPM2B_PUBLIC *ret) int tpm2_tpm2b_public_from_pem(const void *pem, size_t pem_size, TPM2B_PUBLIC *ret); int tpm2_tpm2b_public_to_fingerprint(const TPM2B_PUBLIC *public, void **ret_fingerprint, size_t *ret_fingerprint_size); +int tpm2_serialize(Tpm2Context *c, const Tpm2Handle *handle, void **ret_serialized, size_t *ret_serialized_size); +int tpm2_deserialize(Tpm2Context *c, const void *serialized, size_t serialized_size, Tpm2Handle **ret_handle); + /* The tpm2-tss library has many structs that are simply a combination of an array (or object) and * size. These macros allow easily initializing or assigning instances of such structs from an existing * buffer/object and size, while also checking the size for safety with the struct buffer/object size. If the