tpm2-util: add helper that calculates name of NV index

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 783e44145d37d04d10261bc955e34d6760da7be9..47907b7d18b8be88485ba2486610e52f4d96e4b1 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -3303,7 +3303,7 @@ int tpm2_calculate_pubkey_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name)
                                        "Failed to marshal key name: %s", sym_Tss2_RC_Decode(rc));
         name.size = size;
 
-        tpm2_log_debug_name(&name, "Calculated name");
+        tpm2_log_debug_name(&name, "Calculated public key name");
 
         *ret_name = name;
 
@@ -3340,6 +3340,60 @@ static int tpm2_get_name(
         return 0;
 }
 
+int tpm2_calculate_nv_index_name(const TPMS_NV_PUBLIC *nvpublic, TPM2B_NAME *ret_name) {
+        TSS2_RC rc;
+        int r;
+
+        assert(nvpublic);
+        assert(ret_name);
+
+        r = dlopen_tpm2();
+        if (r < 0)
+                return log_debug_errno(r, "TPM2 support not installed: %m");
+
+        if (nvpublic->nameAlg != TPM2_ALG_SHA256)
+                return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                       "Unsupported nameAlg: 0x%x",
+                                       nvpublic->nameAlg);
+
+        _cleanup_free_ uint8_t *buf = NULL;
+        size_t size = 0;
+
+        buf = (uint8_t*) new(TPMS_NV_PUBLIC, 1);
+        if (!buf)
+                return log_oom_debug();
+
+        rc = sym_Tss2_MU_TPMS_NV_PUBLIC_Marshal(nvpublic, buf, sizeof(TPMS_NV_PUBLIC), &size);
+        if (rc != TSS2_RC_SUCCESS)
+                return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                       "Failed to marshal NV index: %s", sym_Tss2_RC_Decode(rc));
+
+        TPM2B_DIGEST digest = {};
+        r = tpm2_digest_buffer(TPM2_ALG_SHA256, &digest, buf, size, /* extend= */ false);
+        if (r < 0)
+                return r;
+
+        TPMT_HA ha = {
+                .hashAlg = TPM2_ALG_SHA256,
+        };
+        assert(digest.size <= sizeof(ha.digest.sha256));
+        memcpy_safe(ha.digest.sha256, digest.buffer, digest.size);
+
+        TPM2B_NAME name;
+        size = 0;
+        rc = sym_Tss2_MU_TPMT_HA_Marshal(&ha, name.name, sizeof(name.name), &size);
+        if (rc != TSS2_RC_SUCCESS)
+                return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                       "Failed to marshal NV index name: %s", sym_Tss2_RC_Decode(rc));
+        name.size = size;
+
+        tpm2_log_debug_name(&name, "Calculated NV index name");
+
+        *ret_name = name;
+
+        return 0;
+}
+
 /* Extend 'digest' with the PolicyAuthValue calculated hash. */
 int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest) {
         TPM2_CC command = TPM2_CC_PolicyAuthValue;

diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index b6940dbab1098ed9ff7512b6dd738ae236379a0d..b23471ba849e9b616339789bad731ebf91fd6052 100644 (file)
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -209,6 +209,8 @@ int tpm2_policy_auth_value(Tpm2Context *c, const Tpm2Handle *session, TPM2B_DIGE
 int tpm2_policy_pcr(Tpm2Context *c, const Tpm2Handle *session, const TPML_PCR_SELECTION *pcr_selection, TPM2B_DIGEST **ret_policy_digest);
 
 int tpm2_calculate_pubkey_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name);
+int tpm2_calculate_nv_index_name(const TPMS_NV_PUBLIC *nvpublic, TPM2B_NAME *ret_name);
+
 int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest);
 int tpm2_calculate_policy_authorize(const TPM2B_PUBLIC *public, const TPM2B_DIGEST *policy_ref, TPM2B_DIGEST *digest);
 int tpm2_calculate_policy_pcr(const Tpm2PCRValue *pcr_values, size_t n_pcr_values, TPM2B_DIGEST *digest);