From: Lennart Poettering Date: Wed, 8 Nov 2023 20:31:45 +0000 (+0100) Subject: tpm2-util: move loading of TPM2B_PUBLIC from disk into tpm2-util.c X-Git-Tag: v255-rc2~53^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a8d8d34bfca293e7941b2af4351f72a47c74655c;p=thirdparty%2Fsystemd.git tpm2-util: move loading of TPM2B_PUBLIC from disk into tpm2-util.c No change in behaviour, let's just move this over so that we can reuse this in repart later (and don't have to export the ugly `sym_` function pointer for it) --- diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 4b9f6b2d07f..3b8b8ae2e09 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -224,32 +224,9 @@ int enroll_tpm2(struct crypt_device *cd, _cleanup_(tpm2_context_unrefp) Tpm2Context *tpm2_context = NULL; TPM2B_PUBLIC device_key_public = {}; if (device_key) { - _cleanup_free_ char *device_key_buffer = NULL; - size_t device_key_buffer_size; - r = read_full_file(device_key, &device_key_buffer, &device_key_buffer_size); + r = tpm2_load_public_key_file(device_key, &device_key_public); if (r < 0) - return log_error_errno(r, "Failed to read device key from file: %m"); - - r = dlopen_tpm2(); - if (r < 0) - return log_debug_errno(r, "TPM2 support not installed: %m"); - - TSS2_RC rc; - size_t offset = 0; - rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal( - (uint8_t*) device_key_buffer, - device_key_buffer_size, - &offset, - &device_key_public); - if (rc != TSS2_RC_SUCCESS) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Could not unmarshal public key from file."); - - assert(offset <= device_key_buffer_size); - if (offset != device_key_buffer_size) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Found %zu bytes of trailing garbage in public key file.", - device_key_buffer_size - offset); + return r; if (!tpm2_pcr_values_has_all_values(hash_pcr_values, n_hash_pcr_values)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index f3712c84962..11e0ae47230 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -88,7 +88,7 @@ static TSS2_RC (*sym_Tss2_MU_TPM2B_NAME_Marshal)(TPM2B_NAME const *src, uint8_t static TSS2_RC (*sym_Tss2_MU_TPM2B_PRIVATE_Marshal)(TPM2B_PRIVATE const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL; static TSS2_RC (*sym_Tss2_MU_TPM2B_PRIVATE_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PRIVATE *dest) = NULL; static TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Marshal)(TPM2B_PUBLIC const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL; -TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest) = NULL; +static TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest) = NULL; static TSS2_RC (*sym_Tss2_MU_TPM2B_SENSITIVE_Marshal)(TPM2B_SENSITIVE const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL; static TSS2_RC (*sym_Tss2_MU_TPML_PCR_SELECTION_Marshal)(TPML_PCR_SELECTION const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL; static TSS2_RC (*sym_Tss2_MU_TPMS_NV_PUBLIC_Marshal)(TPMS_NV_PUBLIC const *src, uint8_t buffer[], size_t buffer_size, size_t *offset) = NULL; @@ -6845,6 +6845,44 @@ int tpm2_pcrlock_policy_load( *ret_policy = TAKE_STRUCT(policy); return 1; } + +int tpm2_load_public_key_file(const char *path, TPM2B_PUBLIC *ret) { + _cleanup_free_ char *device_key_buffer = NULL; + TPM2B_PUBLIC device_key_public = {}; + size_t device_key_buffer_size; + TSS2_RC rc; + int r; + + assert(path); + assert(ret); + + r = dlopen_tpm2(); + if (r < 0) + return log_debug_errno(r, "TPM2 support not installed: %m"); + + r = read_full_file(path, &device_key_buffer, &device_key_buffer_size); + if (r < 0) + return log_error_errno(r, "Failed to read device key from file '%s': %m", path); + + size_t offset = 0; + rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal( + (uint8_t*) device_key_buffer, + device_key_buffer_size, + &offset, + &device_key_public); + if (rc != TSS2_RC_SUCCESS) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Could not unmarshal public key from file."); + + assert(offset <= device_key_buffer_size); + if (offset != device_key_buffer_size) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Found %zu bytes of trailing garbage in public key file.", + device_key_buffer_size - offset); + + *ret = device_key_public; + return 0; +} #endif char *tpm2_pcr_mask_to_string(uint32_t mask) { diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index e867976369e..9f4f1f6d58c 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -305,6 +305,8 @@ int tpm2_unseal_data(Tpm2Context *c, const struct iovec *public, const struct io int tpm2_serialize(Tpm2Context *c, const Tpm2Handle *handle, void **ret_serialized, size_t *ret_serialized_size); int tpm2_deserialize(Tpm2Context *c, const void *serialized, size_t serialized_size, Tpm2Handle **ret_handle); +int tpm2_load_public_key_file(const char *path, TPM2B_PUBLIC *ret); + /* The tpm2-tss library has many structs that are simply a combination of an array (or object) and * size. These macros allow easily initializing or assigning instances of such structs from an existing * buffer/object and size, while also checking the size for safety with the struct buffer/object size. If the @@ -361,8 +363,6 @@ int tpm2_deserialize(Tpm2Context *c, const void *serialized, size_t serialized_s 0; \ }) -extern TSS2_RC (*sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal)(uint8_t const buffer[], size_t buffer_size, size_t *offset, TPM2B_PUBLIC *dest); - #else /* HAVE_TPM2 */ typedef struct {} Tpm2Context; typedef struct {} Tpm2Handle;