From: Lennart Poettering Date: Fri, 12 Aug 2022 13:36:14 +0000 (+0200) Subject: tpm2-util: allow external code to create tpm2 contexts X-Git-Tag: v252-rc1~224^2~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bad4c73c37bf4c5ed85e5c41cfdb9a014eb08a17;p=thirdparty%2Fsystemd.git tpm2-util: allow external code to create tpm2 contexts --- diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 5e01fc436a7..5ffddf136fa 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -98,13 +98,7 @@ int dlopen_tpm2(void) { DLSYM_ARG(Tss2_MU_TPM2B_PUBLIC_Unmarshal)); } -struct tpm2_context { - ESYS_CONTEXT *esys_context; - void *tcti_dl; - TSS2_TCTI_CONTEXT *tcti_context; -}; - -static void tpm2_context_destroy(struct tpm2_context *c) { +void tpm2_context_destroy(struct tpm2_context *c) { assert(c); if (c->esys_context) @@ -125,12 +119,7 @@ static inline void Esys_Finalize_wrapper(ESYS_CONTEXT **c) { sym_Esys_Finalize(c); } -static inline void Esys_Freep(void *p) { - if (*(void**) p) - sym_Esys_Free(*(void**) p); -} - -static ESYS_TR flush_context_verbose(ESYS_CONTEXT *c, ESYS_TR handle) { +ESYS_TR tpm2_flush_context_verbose(ESYS_CONTEXT *c, ESYS_TR handle) { TSS2_RC rc; if (!c || handle == ESYS_TR_NONE) @@ -147,7 +136,7 @@ static ESYS_TR flush_context_verbose(ESYS_CONTEXT *c, ESYS_TR handle) { return ESYS_TR_NONE; } -static int tpm2_init(const char *device, struct tpm2_context *ret) { +int tpm2_context_init(const char *device, struct tpm2_context *ret) { _cleanup_(Esys_Finalize_wrapper) ESYS_CONTEXT *c = NULL; _cleanup_free_ TSS2_TCTI_CONTEXT *tcti = NULL; _cleanup_(dlclosep) void *dl = NULL; @@ -415,7 +404,7 @@ static int tpm2_make_primary( return 0; } -static void tpm2_pcr_mask_to_selection(uint32_t mask, uint16_t bank, TPML_PCR_SELECTION *ret) { +void tpm2_pcr_mask_to_selection(uint32_t mask, uint16_t bank, TPML_PCR_SELECTION *ret) { assert(ret); /* We only do 24bit here, as that's what PC TPMs are supposed to support */ @@ -715,7 +704,7 @@ static int tpm2_make_encryption_session( session = ESYS_TR_NONE; } - session = flush_context_verbose(c, session); + session = tpm2_flush_context_verbose(c, session); return 0; } @@ -857,7 +846,7 @@ static int tpm2_make_pcr_session( r = 0; finish: - session = flush_context_verbose(c, session); + session = tpm2_flush_context_verbose(c, session); return r; } @@ -919,7 +908,7 @@ int tpm2_seal( start = now(CLOCK_MONOTONIC); - r = tpm2_init(device, &c); + r = tpm2_context_init(device, &c); if (r < 0) return r; @@ -1066,8 +1055,8 @@ int tpm2_seal( finish: explicit_bzero_safe(&hmac_sensitive, sizeof(hmac_sensitive)); - primary = flush_context_verbose(c.esys_context, primary); - session = flush_context_verbose(c.esys_context, session); + primary = tpm2_flush_context_verbose(c.esys_context, primary); + session = tpm2_flush_context_verbose(c.esys_context, session); return r; } @@ -1133,7 +1122,7 @@ int tpm2_unseal( return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to unmarshal public key: %s", sym_Tss2_RC_Decode(rc)); - r = tpm2_init(device, &c); + r = tpm2_context_init(device, &c); if (r < 0) return r; @@ -1230,9 +1219,9 @@ int tpm2_unseal( r = 0; finish: - primary = flush_context_verbose(c.esys_context, primary); - session = flush_context_verbose(c.esys_context, session); - hmac_key = flush_context_verbose(c.esys_context, hmac_key); + primary = tpm2_flush_context_verbose(c.esys_context, primary); + session = tpm2_flush_context_verbose(c.esys_context, session); + hmac_key = tpm2_flush_context_verbose(c.esys_context, hmac_key); return r; } diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index fa3ac89da75..cc40027c1bd 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -51,8 +51,28 @@ int dlopen_tpm2(void); int tpm2_seal(const char *device, uint32_t pcr_mask, const char *pin, void **ret_secret, size_t *ret_secret_size, void **ret_blob, size_t *ret_blob_size, void **ret_pcr_hash, size_t *ret_pcr_hash_size, uint16_t *ret_pcr_bank, uint16_t *ret_primary_alg); int tpm2_unseal(const char *device, uint32_t pcr_mask, uint16_t pcr_bank, uint16_t primary_alg, const void *blob, size_t blob_size, const void *pcr_hash, size_t pcr_hash_size, const char *pin, void **ret_secret, size_t *ret_secret_size); +struct tpm2_context { + void *tcti_dl; + TSS2_TCTI_CONTEXT *tcti_context; + ESYS_CONTEXT *esys_context; +}; + +ESYS_TR tpm2_flush_context_verbose(ESYS_CONTEXT *c, ESYS_TR handle); + +void tpm2_pcr_mask_to_selection(uint32_t mask, uint16_t bank, TPML_PCR_SELECTION *ret); + +static inline void Esys_Freep(void *p) { + if (*(void**) p) + sym_Esys_Free(*(void**) p); +} + +#else +struct tpm2_context; #endif +int tpm2_context_init(const char *device, struct tpm2_context *ret); +void tpm2_context_destroy(struct tpm2_context *c); + int tpm2_list_devices(void); int tpm2_find_device_auto(int log_level, char **ret);