tpm2-util: move loading of TPM2B_PUBLIC from disk into tpm2-util.c

No change in behaviour, let's just move this over so that we can reuse
this in repart later (and don't have to export the ugly `sym_` function
pointer for it)

diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c
index 4b9f6b2d07fad78e58976792381c69630c5de2be..3b8b8ae2e09b16a34a3b5fc88058b8a10ba1ddf6 100644 (file)
--- a/src/cryptenroll/cryptenroll-tpm2.c
+++ b/src/cryptenroll/cryptenroll-tpm2.c
@@ -224,32 +224,9 @@ int enroll_tpm2(struct crypt_device *cd,
         _cleanup_(tpm2_context_unrefp) Tpm2Context *tpm2_context = NULL;
         TPM2B_PUBLIC device_key_public = {};
         if (device_key) {
-                _cleanup_free_ char *device_key_buffer = NULL;
-                size_t device_key_buffer_size;
-                r = read_full_file(device_key, &device_key_buffer, &device_key_buffer_size);
+                r = tpm2_load_public_key_file(device_key, &device_key_public);
                 if (r < 0)
-                        return log_error_errno(r, "Failed to read device key from file: %m");
-
-                r = dlopen_tpm2();
-                if (r < 0)
-                        return log_debug_errno(r, "TPM2 support not installed: %m");
-
-                TSS2_RC rc;
-                size_t offset = 0;
-                rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal(
-                                (uint8_t*) device_key_buffer,
-                                device_key_buffer_size,
-                                &offset,
-                                &device_key_public);
-                if (rc != TSS2_RC_SUCCESS)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                               "Could not unmarshal public key from file.");
-
-                assert(offset <= device_key_buffer_size);
-                if (offset != device_key_buffer_size)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                               "Found %zu bytes of trailing garbage in public key file.",
-                                               device_key_buffer_size - offset);
+                        return r;
 
                 if (!tpm2_pcr_values_has_all_values(hash_pcr_values, n_hash_pcr_values))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index f3712c84962ab47f8701e60f9582601707f3938f..11e0ae472302d22585a481923fb1848ba63808bb 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -88,7 +88,7 @@ static TSS2_RC (*sym_Tss2_MU_TPM2B_NAME_Marshal)(TPM2B_NAME const *src, uint8_t
 static TSS2_RC (*sym_Tss2_MU_TPM2B_PRIVATE_Marshal)(TPM2B_PRIVATE const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL;
 static TSS2_RC (*sym_Tss2_MU_TPM2B_PRIVATE_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PRIVATE  *dest) = NULL;
 static TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Marshal)(TPM2B_PUBLIC const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL;
-TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest) = NULL;
+static TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest) = NULL;
 static TSS2_RC (*sym_Tss2_MU_TPM2B_SENSITIVE_Marshal)(TPM2B_SENSITIVE const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL;
 static TSS2_RC (*sym_Tss2_MU_TPML_PCR_SELECTION_Marshal)(TPML_PCR_SELECTION const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL;
 static TSS2_RC (*sym_Tss2_MU_TPMS_NV_PUBLIC_Marshal)(TPMS_NV_PUBLIC const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL;
@@ -6845,6 +6845,44 @@ int tpm2_pcrlock_policy_load(
         *ret_policy = TAKE_STRUCT(policy);
         return 1;
 }
+
+int tpm2_load_public_key_file(const char *path, TPM2B_PUBLIC *ret) {
+        _cleanup_free_ char *device_key_buffer = NULL;
+        TPM2B_PUBLIC device_key_public = {};
+        size_t device_key_buffer_size;
+        TSS2_RC rc;
+        int r;
+
+        assert(path);
+        assert(ret);
+
+        r = dlopen_tpm2();
+        if (r < 0)
+                return log_debug_errno(r, "TPM2 support not installed: %m");
+
+        r = read_full_file(path, &device_key_buffer, &device_key_buffer_size);
+        if (r < 0)
+                return log_error_errno(r, "Failed to read device key from file '%s': %m", path);
+
+        size_t offset = 0;
+        rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal(
+                        (uint8_t*) device_key_buffer,
+                        device_key_buffer_size,
+                        &offset,
+                        &device_key_public);
+        if (rc != TSS2_RC_SUCCESS)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Could not unmarshal public key from file.");
+
+        assert(offset <= device_key_buffer_size);
+        if (offset != device_key_buffer_size)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Found %zu bytes of trailing garbage in public key file.",
+                                       device_key_buffer_size - offset);
+
+        *ret = device_key_public;
+        return 0;
+}
 #endif
 
 char *tpm2_pcr_mask_to_string(uint32_t mask) {

diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index e867976369efe32070ec385c71edc0d4ed43f129..9f4f1f6d58c23477f14842646085287b30bd2830 100644 (file)
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -305,6 +305,8 @@ int tpm2_unseal_data(Tpm2Context *c, const struct iovec *public, const struct io
 int tpm2_serialize(Tpm2Context *c, const Tpm2Handle *handle, void **ret_serialized, size_t *ret_serialized_size);
 int tpm2_deserialize(Tpm2Context *c, const void *serialized, size_t serialized_size, Tpm2Handle **ret_handle);
 
+int tpm2_load_public_key_file(const char *path, TPM2B_PUBLIC *ret);
+
 /* The tpm2-tss library has many structs that are simply a combination of an array (or object) and
  * size. These macros allow easily initializing or assigning instances of such structs from an existing
  * buffer/object and size, while also checking the size for safety with the struct buffer/object size. If the
@@ -361,8 +363,6 @@ int tpm2_deserialize(Tpm2Context *c, const void *serialized, size_t serialized_s
                         0;                                              \
         })
 
-extern TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest);
-
 #else /* HAVE_TPM2 */
 typedef struct {} Tpm2Context;
 typedef struct {} Tpm2Handle;