diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2018-06-26 16:56:35 +0200 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2018-06-28 13:58:25 -0700 |
commit | 14799bf92b2b63cc4c476ff51b1a2007165606b2 (patch) | |
tree | c5a019162611387e4d6bb534145aabc6aaeb21b4 | |
parent | 9026fea2c854439b97a30f73791faca221a51c0b (diff) | |
download | openssl_tpm2_engine-14799bf92b2b63cc4c476ff51b1a2007165606b2.tar.gz |
tpm2-common: initialize policy session
Initialize the policy session with the policy command included in the key.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tpm2-common.c | 59 | ||||
-rw-r--r-- | tpm2-common.h | 8 |
2 files changed, 67 insertions, 0 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index 5381369..60e7e35 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -19,6 +19,7 @@ #include TSSINCLUDE(tssmarshal.h) #include TSSINCLUDE(tsscrypto.h) #include TSSINCLUDE(tsscryptoh.h) +#include TSSINCLUDE(Unmarshal_fp.h) #include "tpm2-common.h" @@ -608,6 +609,64 @@ TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle, } /* + * PolicyPCR_In_Unmarshal() cannot be used because pcrs and digestTPM + * are inverted in the policy command. + */ +TPM_RC policy_pcr_unmarshal(PolicyPCR_In *target, BYTE **buffer, INT32 *size) +{ + return TPML_PCR_SELECTION_Unmarshal(&target->pcrs, buffer, size); +} + +TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle, + int num_commands, struct policy_command *commands) +{ + INT32 size; + BYTE *policy; + TPM_RC rc = 0; + COMMAND_PARAMETERS in; + int i; + + ((PolicyPCR_In *)&in)->policySession = handle; + + for (i = 0; i < num_commands; i++) { + size = commands[i].size; + policy = commands[i].policy; + + switch (commands[i].code) { + case TPM_CC_PolicyPCR: + rc = TPML_PCR_SELECTION_Unmarshal( + &((PolicyPCR_In *)&in)->pcrs, &policy, &size); + ((PolicyPCR_In *)&in)->pcrDigest.b.size = 0; + break; + case TPM_CC_PolicyAuthValue: + break; + default: + fprintf(stderr, "Unsupported policy command %d\n", + commands[i].code); + return TPM_RC_FAILURE; + } + + if (rc) { + tpm2_error(rc, "unmarshal"); + return rc; + } + + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + commands[i].code, + TPM_RH_NULL, NULL, 0); + if (rc) { + tpm2_error(rc, "policy command"); + return rc; + } + } + + return TPM_RC_SUCCESS; +} + +/* * Cut down version of Part 4 Supporting Routines 7.6.3.10 * * Hard coded to symmetrically encrypt with aes128 as the inner diff --git a/tpm2-common.h b/tpm2-common.h index a33e238..1eed54b 100644 --- a/tpm2-common.h +++ b/tpm2-common.h @@ -4,6 +4,12 @@ #define T2_AES_KEY_BITS 128 #define T2_AES_KEY_BYTES (T2_AES_KEY_BITS/8) +struct policy_command { + TPM_CC code; + INT32 size; + BYTE *policy; +}; + void tpm2_error(TPM_RC rc, const char *reason); TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth, TPM2B_PUBLIC *pub, TPM_HANDLE handle); void tpm2_flush_handle(TSS_CONTEXT *tssContext, TPM_HANDLE h); @@ -11,6 +17,8 @@ EVP_PKEY *tpm2_to_openssl_public(TPMT_PUBLIC *pub); void tpm2_flush_srk(TSS_CONTEXT *tssContext, TPM_HANDLE hSRK); TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle, TPM_HANDLE salt_key, TPM_SE sessionType); +TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle, + int num_commands, struct policy_command *commands); TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle, TPM_HANDLE bind, const char *auth); TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s, |