rpms/tpm2-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix broken -T option and a couple of minor fixes

Browse Source 
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
Javier Martinez Canillas 2019-01-07 10:11:44 +01:00
parent 1d7ef2c742
commit 83d0ae72b7
No known key found for this signature in database
GPG Key ID: C751E590D63F3D69
6 changed files with 157 additions and 614 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
lib-tpm2_options-restore-TCTI-configuration-environm.patch
View File

@ -1,216 +0,0 @@
From 175e47711c72a8169f94b971c4e9973bbfb04efc Mon Sep 17 00:00:00 2001
From: Joshua Lock <joshua.g.lock@intel.com>
Date: Wed, 5 Sep 2018 23:21:21 +0100
Subject: [PATCH] lib/tpm2_options: restore TCTI configuration environment
variables
The port to TSS2.0 introduced a new unified environment variable to
configure a TCTI, TPM2TOOLS_ENV_TCTI. Unfortunately this also unwittingly
removed the old-style environment variable per TCTI configuration options,
which is a behavioural regression for the 3.x series of tpm2-tools.
Restore the original TPM2TOOLS_* environment variables in addition to the
new style single environment variable.
Fixes issue #1171
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
---
lib/tpm2_options.c | 134 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 107 insertions(+), 27 deletions(-)
diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c
index 751b0eee9819..2531948ecf74 100644
--- a/lib/tpm2_options.c
+++ b/lib/tpm2_options.c
@@ -52,6 +52,10 @@
#endif
#define TPM2TOOLS_ENV_TCTI "TPM2TOOLS_TCTI"
+#define TPM2TOOLS_ENV_TCTI_NAME "TPM2TOOLS_TCTI_NAME"
+#define TPM2TOOLS_ENV_DEVICE "TPM2TOOLS_DEVICE_FILE"
+#define TPM2TOOLS_ENV_SOCK_ADDR "TPM2TOOLS_SOCKET_ADDRESS"
+#define TPM2TOOLS_ENV_SOCK_PORT "TPM2TOOLS_SOCKET_PORT"
#define TPM2TOOLS_ENV_ENABLE_ERRATA "TPM2TOOLS_ENABLE_ERRATA"
tpm2_options *tpm2_options_new(const char *short_opts, size_t len,
@@ -136,13 +140,25 @@ void tpm2_options_free(tpm2_options *opts) {
}
typedef struct tcti_conf tcti_conf;
struct tcti_conf {
- const char *name;
- const char *opts;
+ char *name;
+ char *opts;
};
+/*
+ * Some tcti names changed in TSS 2.0, so in order to not break the
+ * expected options of the 3.X tools series map:
+ * - abrmd -> tabrmd
+ * - socket -> mssim
+ */
static inline const char *fixup_name(const char *name) {
- return !strcmp(name, "abrmd") ? "tabrmd" : name;
+ if (!strcmp(name, "abrmd")) {
+ return "tabrmd";
+ } else if (!strcmp(name, "socket")) {
+ return "mssim";
+ }
+
+ return name;
}
static const char *find_default_tcti(void) {
@@ -165,27 +181,14 @@ static const char *find_default_tcti(void) {
return NULL;
}
-static tcti_conf tcti_get_config(const char *optstr) {
-
- /* set up the default configuration */
- tcti_conf conf = {
- .name = find_default_tcti()
- };
-
- /* no tcti config supplied, get it from env */
- if (!optstr) {
- optstr = getenv (TPM2TOOLS_ENV_TCTI);
- if (!optstr) {
- /* nothing user supplied, use default */
- return conf;
- }
- }
+/* Parse new-style, TSS 2.0, environment variables */
+static void parse_env_tcti(const char *optstr, tcti_conf *conf) {
char *split = strchr(optstr, ':');
if (!split) {
/* --tcti=device */
- conf.name = fixup_name(optstr);
- return conf;
+ conf->name = strdup(fixup_name(optstr));
+ return;
}
/*
@@ -200,24 +203,99 @@ static tcti_conf tcti_get_config(const char *optstr) {
/* Case A */
if (!optstr[0] && !split[1]) {
- return conf;
+ return;
}
/* Case B */
if (!optstr[0]) {
- conf.opts = &split[1];
- return conf;
+ conf->opts = strdup(&split[1]);
+ return;
}
/* Case C */
if (!split[1]) {
- conf.name = fixup_name(optstr);
- return conf;
+ conf->name = strdup(fixup_name(optstr));
+ return;
}
/* Case D */
- conf.name = fixup_name(optstr);
- conf.opts = &split[1];
+ conf->name = strdup(fixup_name(optstr));
+ conf->opts = strdup(&split[1]);
+ return;
+}
+
+static char* parse_device_tcti(void) {
+ const char *device = getenv(TPM2TOOLS_ENV_DEVICE);
+ return strdup(device);
+}
+
+static char* parse_socket_tcti(void) {
+
+ /*
+ * tpm2_tcti_ldr_load() expects conf->opts to be of the format
+ * "host=localhost,port=2321" for the mssim tcti
+ *
+ * Max IPV6 IP address, 45 characters (45)
+ * Ports are 16bit int, 5 characters (5)
+ * "host=", 5 characters (5)
+ * "port=", 5 characters (5)
+ * strlen = 60
+ */
+ size_t optlen = 60;
+ const char *host;
+ const char *port;
+ char *ret = malloc(optlen);
+ if (!ret) {
+ LOG_ERR ("OOM");
+ return NULL;
+ }
+
+ host = getenv(TPM2TOOLS_ENV_SOCK_ADDR);
+ port = getenv(TPM2TOOLS_ENV_SOCK_PORT);
+
+ if (host && port) {
+ snprintf(ret, optlen, "host=%s,port=%s", host, port);
+ } else if (host) {
+ snprintf(ret, optlen, "host=%s", host);
+ } else if (port) {
+ snprintf(ret, optlen, "port=%s", port);
+ }
+ return ret;
+}
+
+static tcti_conf tcti_get_config(const char *optstr) {
+
+ tcti_conf conf = {
+ .name = NULL
+ };
+
+ /* no tcti config supplied, get it from env */
+ if (!optstr) {
+ /*
+ * Check the "old" way of specifying TCTI, using a shared env var and
+ * per-tcti option variables.
+ */
+ optstr = getenv (TPM2TOOLS_ENV_TCTI_NAME);
+ if (optstr) {
+ conf.name = strdup(fixup_name(optstr));
+ if (!strcmp(conf.name, "mssim")) {
+ conf.opts = parse_socket_tcti();
+ } else if (!strcmp(conf.name, "device")) {
+ conf.opts = parse_device_tcti();
+ }
+ } else {
+ /* Check the new way of defining a TCTI using a shared env var */
+ optstr = getenv (TPM2TOOLS_ENV_TCTI);
+ if (optstr) {
+ parse_env_tcti(optstr, &conf);
+ }
+ }
+ }
+
+ if (!conf.name) {
+ conf.name = strdup(find_default_tcti());
+ }
+
return conf;
}
@@ -418,6 +496,8 @@ tpm2_option_code tpm2_handle_options (int argc, char **argv,
if (!flags->enable_errata) {
flags->enable_errata = !!getenv (TPM2TOOLS_ENV_ENABLE_ERRATA);
}
+ free(conf.name);
+ free(conf.opts);
}
rc = tpm2_option_code_continue;
--
2.17.1

32
options-fix-broken-T-option.patch Normal file
View File

@ -0,0 +1,32 @@
From 554a13f45c05faa388e028369492e9cc7dee5f13 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Mon, 5 Nov 2018 11:39:02 -0800
Subject: [PATCH] options: fix broken -T option
commit:
- 175e47711c72 lib/tpm2_options: restore TCTI configuration environment variables
Broke the option handling, effectively ignoring the -T/--tcti input. Honor that input
if specified and don't just run the default TCTI search unless it's not specified.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
lib/tpm2_options.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c
index 2531948ecf7..006c46e4944 100644
--- a/lib/tpm2_options.c
+++ b/lib/tpm2_options.c
@@ -290,6 +290,8 @@ static tcti_conf tcti_get_config(const char *optstr) {
parse_env_tcti(optstr, &conf);
}
}
+ } else {
+ conf.name = strdup(optstr);
}
if (!conf.name) {
--
2.19.2

9
tpm2-tools.spec
View File

@ -1,12 +1,16 @@
Name: tpm2-tools
Version: 3.1.3
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
License: BSD
URL: https://github.com/tpm2-software/tpm2-tools
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: tpm2_rsaencrypt-fix-example-in-man-page.patch
Patch1: tpm2_getmanufc-fix-OSSL-build-warnings.patch
Patch2: options-fix-broken-T-option.patch
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: autoconf-archive
@ -44,6 +48,9 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
%{_mandir}/man1/tpm2_*.1.gz
%changelog
* Mon Jan 7 2019 Javier Martinez Canillas <javierm@redhat.com> - 3.1.3-2
- Fix broken -T option and a couple of minor fixes
* Wed Nov 7 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.3-1
- Update to 3.1.3 release

397
tpm2_getcap-restore-tool-output-to-print-properties-.patch
View File

@ -1,397 +0,0 @@
From 3598de590a7e9812a2ff4eadfff87e15b5d010a8 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 11 Sep 2018 01:49:25 +0200
Subject: [PATCH] tpm2_getcap: restore tool output to print properties with
TPM_PT prefix
Commit ac9a5d787753 ("update to TSS version 2.0") updated tpm2-tss version
to 2.0. On tpm2-tss, the TPM_PT_* constants where renamed to TPM2_PT_* but
that commit also changed the output of the tpm2_getcap tool to match the
name of the properties.
Unfortunately this is a bacward incompatible change that could break users
that were relying on the tpm2_getcap tool output.
Restore the older output and also fix the tests that check these values.
Fixes: #1175
Reported-by: Vilem Marsik <vmarsik@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
test/system/test_tpm2_dictionarylockout.sh | 6 +-
test/system/test_tpm2_nv.sh | 2 +-
test/system/test_tpm2_quote.sh | 2 +-
tools/tpm2_getcap.c | 132 ++++++++++-----------
4 files changed, 71 insertions(+), 71 deletions(-)
diff --git a/test/system/test_tpm2_dictionarylockout.sh b/test/system/test_tpm2_dictionarylockout.sh
index a90854ac7ea6..d6dac227ed03 100755
--- a/test/system/test_tpm2_dictionarylockout.sh
+++ b/test/system/test_tpm2_dictionarylockout.sh
@@ -40,16 +40,16 @@ trap onerror ERR
tpm2_dictionarylockout -s -n 5 -t 6 -l 7
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_MAX_AUTH_FAIL | sed -e 's/TPM2_PT_MAX_AUTH_FAIL: \+//')" != "0x00000005" ];then
+if [ "$(tpm2_getcap -c properties-variable | grep TPM_PT_MAX_AUTH_FAIL | sed -e 's/TPM_PT_MAX_AUTH_FAIL: \+//')" != "0x00000005" ]; then
echo "Failure: setting up the number of allowed tries in the lockout parameters"
exit 1
fi
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_LOCKOUT_INTERVAL | sed -e 's/TPM2_PT_LOCKOUT_INTERVAL: \+//')" != "0x00000006" ];then
+if [ "$(tpm2_getcap -c properties-variable | grep TPM_PT_LOCKOUT_INTERVAL | sed -e 's/TPM_PT_LOCKOUT_INTERVAL: \+//')" != "0x00000006" ]; then
echo "Failure: setting up the lockout period in the lockout parameters"
fi
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_LOCKOUT_RECOVERY | sed -e 's/TPM2_PT_LOCKOUT_RECOVERY: \+//')" != "0x00000007" ];then
+if [ "$(tpm2_getcap -c properties-variable | grep TPM_PT_LOCKOUT_RECOVERY | sed -e 's/TPM_PT_LOCKOUT_RECOVERY: \+//')" != "0x00000007" ]; then
echo "Failure: setting up the lockout recovery period in the lockout parameters"
fi
diff --git a/test/system/test_tpm2_nv.sh b/test/system/test_tpm2_nv.sh
index 3b486cc7c4e2..2db6522aae28 100755
--- a/test/system/test_tpm2_nv.sh
+++ b/test/system/test_tpm2_nv.sh
@@ -153,7 +153,7 @@ tpm2_nvrelease -Q -x 0x1500016 -a 0x40000001
#
# Test large writes
#
-large_file_size=$(tpm2_getcap -c properties-fixed | grep TPM2_PT_NV_INDEX_MAX | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
+large_file_size=$(tpm2_getcap -c properties-fixed | grep TPM_PT_NV_INDEX_MAX | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
nv_test_index=0x1000000
# Create an nv space with attributes 1010 = TPMA_NV_PPWRITE and TPMA_NV_AUTHWRITE
diff --git a/test/system/test_tpm2_quote.sh b/test/system/test_tpm2_quote.sh
index 3c0a9af0acce..d845ea1bdb14 100755
--- a/test/system/test_tpm2_quote.sh
+++ b/test/system/test_tpm2_quote.sh
@@ -51,7 +51,7 @@ Handle_ak_quote=0x81010016
Handle_ek_quote=0x81010017
Handle_ak_quote2=0x81010018
-maxdigest=$(tpm2_getcap -c properties-fixed | grep TPM2_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
+maxdigest=$(tpm2_getcap -c properties-fixed | grep TPM_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
if ! [[ "$maxdigest" =~ ^(0x)*[0-9]+$ ]] ; then
echo "error: not a number, got: \"$maxdigest\"" >&2
exit 1
diff --git a/tools/tpm2_getcap.c b/tools/tpm2_getcap.c
index 6b3d8efbd620..29c6c3f9176f 100644
--- a/tools/tpm2_getcap.c
+++ b/tools/tpm2_getcap.c
@@ -196,7 +196,7 @@ get_uint32_as_chars (UINT32 value,
void
tpm2_tool_output_tpma_modes (TPMA_MODES modes)
{
- tpm2_tool_output ("TPM2_PT_MODES: 0x%08x\n", modes);
+ tpm2_tool_output ("TPM_PT_MODES: 0x%08x\n", modes);
if (modes & TPMA_MODES_FIPS_140_2)
tpm2_tool_output (" TPMA_MODES_FIPS_140_2\n");
if (modes& TPMA_MODES_RESERVED1_MASK)
@@ -208,7 +208,7 @@ tpm2_tool_output_tpma_modes (TPMA_MODES modes)
void
dump_permanent_attrs (TPMA_PERMANENT attrs)
{
- tpm2_tool_output ("TPM2_PT_PERSISTENT:\n");
+ tpm2_tool_output ("TPM_PT_PERSISTENT:\n");
tpm2_tool_output (" ownerAuthSet: %s\n", prop_str (attrs & TPMA_PERMANENT_OWNERAUTHSET));
tpm2_tool_output (" endorsementAuthSet: %s\n", prop_str (attrs & TPMA_PERMANENT_ENDORSEMENTAUTHSET));
tpm2_tool_output (" lockoutAuthSet: %s\n", prop_str (attrs & TPMA_PERMANENT_LOCKOUTAUTHSET));
@@ -224,7 +224,7 @@ dump_permanent_attrs (TPMA_PERMANENT attrs)
void
dump_startup_clear_attrs (TPMA_STARTUP_CLEAR attrs)
{
- tpm2_tool_output ("TPM2_PT_STARTUP_CLEAR:\n");
+ tpm2_tool_output ("TPM_PT_STARTUP_CLEAR:\n");
tpm2_tool_output (" phEnable: %s\n", prop_str (attrs & TPMA_STARTUP_CLEAR_PHENABLE));
tpm2_tool_output (" shEnable: %s\n", prop_str (attrs & TPMA_STARTUP_CLEAR_SHENABLE));
tpm2_tool_output (" ehEnable: %s\n", prop_str (attrs & TPMA_STARTUP_CLEAR_EHENABLE));
@@ -248,30 +248,30 @@ dump_tpm_properties_fixed (TPMS_TAGGED_PROPERTY properties[],
switch (property) {
case TPM2_PT_FAMILY_INDICATOR:
get_uint32_as_chars (value, buf);
- tpm2_tool_output ("TPM2_PT_FAMILY_INDICATOR:\n"
+ tpm2_tool_output ("TPM_PT_FAMILY_INDICATOR:\n"
" as UINT32: 0x08%x\n"
" as string: \"%s\"\n",
value,
buf);
break;
case TPM2_PT_LEVEL:
- tpm2_tool_output ("TPM2_PT_LEVEL: %d\n", value);
+ tpm2_tool_output ("TPM_PT_LEVEL: %d\n", value);
break;
case TPM2_PT_REVISION:
- tpm2_tool_output ("TPM2_PT_REVISION: %.2f\n", (float)value / 100);
+ tpm2_tool_output ("TPM_PT_REVISION: %.2f\n", (float)value / 100);
break;
case TPM2_PT_DAY_OF_YEAR:
- tpm2_tool_output ("TPM2_PT_DAY_OF_YEAR: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_DAY_OF_YEAR: 0x%08x\n", value);
break;
case TPM2_PT_YEAR:
- tpm2_tool_output ("TPM2_PT_YEAR: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_YEAR: 0x%08x\n", value);
break;
case TPM2_PT_MANUFACTURER:
- tpm2_tool_output ("TPM2_PT_MANUFACTURER: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MANUFACTURER: 0x%08x\n", value);
break;
case TPM2_PT_VENDOR_STRING_1:
get_uint32_as_chars (value, buf);
- tpm2_tool_output ("TPM2_PT_VENDOR_STRING_1:\n"
+ tpm2_tool_output ("TPM_PT_VENDOR_STRING_1:\n"
" as UINT32: 0x%08x\n"
" as string: \"%s\"\n",
value,
@@ -279,7 +279,7 @@ dump_tpm_properties_fixed (TPMS_TAGGED_PROPERTY properties[],
break;
case TPM2_PT_VENDOR_STRING_2:
get_uint32_as_chars (value, buf);
- tpm2_tool_output ("TPM2_PT_VENDOR_STRING_2:\n"
+ tpm2_tool_output ("TPM_PT_VENDOR_STRING_2:\n"
" as UINT32: 0x%08x\n"
" as string: \"%s\"\n",
value,
@@ -287,7 +287,7 @@ dump_tpm_properties_fixed (TPMS_TAGGED_PROPERTY properties[],
break;
case TPM2_PT_VENDOR_STRING_3:
get_uint32_as_chars (value, buf);
- tpm2_tool_output ("TPM2_PT_VENDOR_STRING_3:\n"
+ tpm2_tool_output ("TPM_PT_VENDOR_STRING_3:\n"
" as UINT32: 0x%08x\n"
" as string: \"%s\"\n",
value,
@@ -295,113 +295,113 @@ dump_tpm_properties_fixed (TPMS_TAGGED_PROPERTY properties[],
break;
case TPM2_PT_VENDOR_STRING_4:
get_uint32_as_chars (value, buf);
- tpm2_tool_output ("TPM2_PT_VENDOR_STRING_4:\n"
+ tpm2_tool_output ("TPM_PT_VENDOR_STRING_4:\n"
" as UINT32: 0x%08x\n"
" as string: \"%s\"\n",
value,
buf);
break;
case TPM2_PT_VENDOR_TPM_TYPE:
- tpm2_tool_output ("TPM2_PT_VENDOR_TPM_TYPE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_VENDOR_TPM_TYPE: 0x%08x\n", value);
break;
case TPM2_PT_FIRMWARE_VERSION_1:
- tpm2_tool_output ("TPM2_PT_FIRMWARE_VERSION_1: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_FIRMWARE_VERSION_1: 0x%08x\n", value);
break;
case TPM2_PT_FIRMWARE_VERSION_2:
- tpm2_tool_output ("TPM2_PT_FIRMWARE_VERSION_2: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_FIRMWARE_VERSION_2: 0x%08x\n", value);
break;
case TPM2_PT_INPUT_BUFFER:
- tpm2_tool_output ("TPM2_PT_INPUT_BUFFER: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_INPUT_BUFFER: 0x%08x\n", value);
break;
case TPM2_PT_TPM2_HR_TRANSIENT_MIN:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_TRANSIENT_MIN: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_TRANSIENT_MIN: 0x%08x\n", value);
break;
case TPM2_PT_TPM2_HR_PERSISTENT_MIN:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT_MIN: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_PERSISTENT_MIN: 0x%08x\n", value);
break;
case TPM2_PT_HR_LOADED_MIN:
- tpm2_tool_output ("TPM2_PT_HR_LOADED_MIN: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_HR_LOADED_MIN: 0x%08x\n", value);
break;
case TPM2_PT_ACTIVE_SESSIONS_MAX:
- tpm2_tool_output ("TPM2_PT_ACTIVE_SESSIONS_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_ACTIVE_SESSIONS_MAX: 0x%08x\n", value);
break;
case TPM2_PT_PCR_COUNT:
- tpm2_tool_output ("TPM2_PT_PCR_COUNT: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PCR_COUNT: 0x%08x\n", value);
break;
case TPM2_PT_PCR_SELECT_MIN:
- tpm2_tool_output ("TPM2_PT_PCR_SELECT_MIN: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PCR_SELECT_MIN: 0x%08x\n", value);
break;
case TPM2_PT_CONTEXT_GAP_MAX:
- tpm2_tool_output ("TPM2_PT_CONTEXT_GAP_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_CONTEXT_GAP_MAX: 0x%08x\n", value);
break;
case TPM2_PT_NV_COUNTERS_MAX:
- tpm2_tool_output ("TPM2_PT_NV_COUNTERS_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_COUNTERS_MAX: 0x%08x\n", value);
break;
case TPM2_PT_NV_INDEX_MAX:
- tpm2_tool_output ("TPM2_PT_NV_INDEX_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_INDEX_MAX: 0x%08x\n", value);
break;
case TPM2_PT_MEMORY:
- tpm2_tool_output ("TPM2_PT_MEMORY: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MEMORY: 0x%08x\n", value);
break;
case TPM2_PT_CLOCK_UPDATE:
- tpm2_tool_output ("TPM2_PT_CLOCK_UPDATE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_CLOCK_UPDATE: 0x%08x\n", value);
break;
case TPM2_PT_CONTEXT_HASH: /* this may be a TPM2_ALG_ID type */
- tpm2_tool_output ("TPM2_PT_CONTEXT_HASH: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_CONTEXT_HASH: 0x%08x\n", value);
break;
case TPM2_PT_CONTEXT_SYM: /* this is a TPM2_ALG_ID type */
- tpm2_tool_output ("TPM2_PT_CONTEXT_SYM: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_CONTEXT_SYM: 0x%08x\n", value);
break;
case TPM2_PT_CONTEXT_SYM_SIZE:
- tpm2_tool_output ("TPM2_PT_CONTEXT_SYM_SIZE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_CONTEXT_SYM_SIZE: 0x%08x\n", value);
break;
case TPM2_PT_ORDERLY_COUNT:
- tpm2_tool_output ("TPM2_PT_ORDERLY_COUNT: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_ORDERLY_COUNT: 0x%08x\n", value);
break;
case TPM2_PT_MAX_COMMAND_SIZE:
- tpm2_tool_output ("TPM2_PT_MAX_COMMAND_SIZE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_COMMAND_SIZE: 0x%08x\n", value);
break;
case TPM2_PT_MAX_RESPONSE_SIZE:
- tpm2_tool_output ("TPM2_PT_MAX_RESPONSE_SIZE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_RESPONSE_SIZE: 0x%08x\n", value);
break;
case TPM2_PT_MAX_DIGEST:
- tpm2_tool_output ("TPM2_PT_MAX_DIGEST: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_DIGEST: 0x%08x\n", value);
break;
case TPM2_PT_MAX_OBJECT_CONTEXT:
- tpm2_tool_output ("TPM2_PT_MAX_OBJECT_CONTEXT: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_OBJECT_CONTEXT: 0x%08x\n", value);
break;
case TPM2_PT_MAX_SESSION_CONTEXT:
- tpm2_tool_output ("TPM2_PT_MAX_SESSION_CONTEXT: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_SESSION_CONTEXT: 0x%08x\n", value);
break;
case TPM2_PT_PS_FAMILY_INDICATOR:
- tpm2_tool_output ("TPM2_PT_PS_FAMILY_INDICATOR: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PS_FAMILY_INDICATOR: 0x%08x\n", value);
break;
case TPM2_PT_PS_LEVEL:
- tpm2_tool_output ("TPM2_PT_PS_LEVEL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PS_LEVEL: 0x%08x\n", value);
break;
case TPM2_PT_PS_REVISION:
- tpm2_tool_output ("TPM2_PT_PS_REVISION: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PS_REVISION: 0x%08x\n", value);
break;
case TPM2_PT_PS_DAY_OF_YEAR:
- tpm2_tool_output ("TPM2_PT_PS_DAY_OF_YEAR: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PS_DAY_OF_YEAR: 0x%08x\n", value);
break;
case TPM2_PT_PS_YEAR:
- tpm2_tool_output ("TPM2_PT_PS_YEAR: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_PS_YEAR: 0x%08x\n", value);
break;
case TPM2_PT_SPLIT_MAX:
- tpm2_tool_output ("TPM2_PT_SPLIT_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_SPLIT_MAX: 0x%08x\n", value);
break;
case TPM2_PT_TOTAL_COMMANDS:
- tpm2_tool_output ("TPM2_PT_TOTAL_COMMANDS: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TOTAL_COMMANDS: 0x%08x\n", value);
break;
case TPM2_PT_LIBRARY_COMMANDS:
- tpm2_tool_output ("TPM2_PT_LIBRARY_COMMANDS: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_LIBRARY_COMMANDS: 0x%08x\n", value);
break;
case TPM2_PT_VENDOR_COMMANDS:
- tpm2_tool_output ("TPM2_PT_VENDOR_COMMANDS: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_VENDOR_COMMANDS: 0x%08x\n", value);
break;
case TPM2_PT_NV_BUFFER_MAX:
- tpm2_tool_output ("TPM2_PT_NV_BUFFER_MAX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_BUFFER_MAX: 0x%08x\n", value);
break;
case TPM2_PT_MODES:
tpm2_tool_output_tpma_modes ((TPMA_MODES)value);
@@ -429,61 +429,61 @@ dump_tpm_properties_var (TPMS_TAGGED_PROPERTY properties[],
dump_startup_clear_attrs ((TPMA_STARTUP_CLEAR)value);
break;
case TPM2_PT_TPM2_HR_NV_INDEX:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_NV_INDEX: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_NV_INDEX: 0x%08x\n", value);
break;
case TPM2_PT_HR_LOADED:
- tpm2_tool_output ("TPM2_PT_HR_LOADED: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_HR_LOADED: 0x%08x\n", value);
break;
case TPM2_PT_HR_LOADED_AVAIL:
- tpm2_tool_output ("TPM2_PT_HR_LOADED_AVAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_HR_LOADED_AVAIL: 0x%08x\n", value);
break;
case TPM2_PT_HR_ACTIVE:
- tpm2_tool_output ("TPM2_PT_HR_ACTIVE: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_HR_ACTIVE: 0x%08x\n", value);
break;
case TPM2_PT_HR_ACTIVE_AVAIL:
- tpm2_tool_output ("TPM2_PT_HR_ACTIVE_AVAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_HR_ACTIVE_AVAIL: 0x%08x\n", value);
break;
case TPM2_PT_TPM2_HR_TRANSIENT_AVAIL:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_TRANSIENT_AVAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_TRANSIENT_AVAIL: 0x%08x\n", value);
break;
case TPM2_PT_TPM2_HR_PERSISTENT:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_PERSISTENT: 0x%08x\n", value);
break;
case TPM2_PT_TPM2_HR_PERSISTENT_AVAIL:
- tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT_AVAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_TPM2_HR_PERSISTENT_AVAIL: 0x%08x\n", value);
break;
case TPM2_PT_NV_COUNTERS:
- tpm2_tool_output ("TPM2_PT_NV_COUNTERS: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_COUNTERS: 0x%08x\n", value);
break;
case TPM2_PT_NV_COUNTERS_AVAIL:
- tpm2_tool_output ("TPM2_PT_NV_COUNTERS_AVAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_COUNTERS_AVAIL: 0x%08x\n", value);
break;
case TPM2_PT_ALGORITHM_SET:
- tpm2_tool_output ("TPM2_PT_ALGORITHM_SET: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_ALGORITHM_SET: 0x%08x\n", value);
break;
case TPM2_PT_LOADED_CURVES:
- tpm2_tool_output ("TPM2_PT_LOADED_CURVES: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_LOADED_CURVES: 0x%08x\n", value);
break;
case TPM2_PT_LOCKOUT_COUNTER:
- tpm2_tool_output ("TPM2_PT_LOCKOUT_COUNTER: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_LOCKOUT_COUNTER: 0x%08x\n", value);
break;
case TPM2_PT_MAX_AUTH_FAIL:
- tpm2_tool_output ("TPM2_PT_MAX_AUTH_FAIL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_MAX_AUTH_FAIL: 0x%08x\n", value);
break;
case TPM2_PT_LOCKOUT_INTERVAL:
- tpm2_tool_output ("TPM2_PT_LOCKOUT_INTERVAL: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_LOCKOUT_INTERVAL: 0x%08x\n", value);
break;
case TPM2_PT_LOCKOUT_RECOVERY:
- tpm2_tool_output ("TPM2_PT_LOCKOUT_RECOVERY: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_LOCKOUT_RECOVERY: 0x%08x\n", value);
break;
case TPM2_PT_NV_WRITE_RECOVERY:
- tpm2_tool_output ("TPM2_PT_NV_WRITE_RECOVERY: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_NV_WRITE_RECOVERY: 0x%08x\n", value);
break;
case TPM2_PT_AUDIT_COUNTER_0:
- tpm2_tool_output ("TPM2_PT_AUDIT_COUNTER_0: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_AUDIT_COUNTER_0: 0x%08x\n", value);
break;
case TPM2_PT_AUDIT_COUNTER_1:
- tpm2_tool_output ("TPM2_PT_AUDIT_COUNTER_1: 0x%08x\n", value);
+ tpm2_tool_output ("TPM_PT_AUDIT_COUNTER_1: 0x%08x\n", value);
break;
default:
LOG_ERR("Unknown property: 0x%08x\n", properties[i].property);
--
2.17.1

89
tpm2_getmanufc-fix-OSSL-build-warnings.patch Normal file
View File

@ -0,0 +1,89 @@
From e43831512dad43ec5537d30911dba5f4c36fef59 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Wed, 17 Oct 2018 08:27:11 -0700
Subject: [PATCH] tpm2_getmanufc: fix OSSL build warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix the following reported error:
In file included from tools/tpm2_getmanufec.c:42:0:
tools/tpm2_getmanufec.c: In function Base64Encode:
/home/travis/build/AndreasFuchsSIT/tpm2-tss-engine/tpm2-tools/../installdir/usr/local/include/openssl/bio.h:596:34: error: value computed is not used [-Werror=unused-value]
# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
^
tools/tpm2_getmanufec.c:290:5: note: in expansion of macro BIO_flush
BIO_flush(bio);
^
/home/travis/build/AndreasFuchsSIT/tpm2-tss-engine/tpm2-tools/../installdir/usr/local/include/openssl/bio.h:589:34: error: value computed is not used [-Werror=unused-value]
# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
^
tools/tpm2_getmanufec.c:292:5: note: in expansion of macro BIO_set_close
BIO_set_close(bio, BIO_NOCLOSE);
^
cc1: all warnings being treated as errors
make: *** [tools/tpm2_getmanufec.o] Error 1
make: *** Waiting for unfinished jobs....
Fixes: #1200
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
tools/tpm2_getmanufec.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/tools/tpm2_getmanufec.c b/tools/tpm2_getmanufec.c
index 6ddf31eee5d..89702f9c78a 100644
--- a/tools/tpm2_getmanufec.c
+++ b/tools/tpm2_getmanufec.c
@@ -274,6 +274,7 @@ char *Base64Encode(const unsigned char* buffer)
{
BIO *bio, *b64;
BUF_MEM *bufferPtr;
+ char *final_string = NULL;
LOG_INFO("Calculating the Base64Encode of the hash of the Endorsement Public Key:");
@@ -287,9 +288,19 @@ char *Base64Encode(const unsigned char* buffer)
bio = BIO_push(b64, bio);
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
BIO_write(bio, buffer, SHA256_DIGEST_LENGTH);
- BIO_flush(bio);
+ int rc = BIO_flush(bio);
+ if (rc < 0) {
+ LOG_ERR("BIO_flush() failed");
+ goto bio_out;
+ }
+
BIO_get_mem_ptr(bio, &bufferPtr);
- BIO_set_close(bio, BIO_NOCLOSE);
+
+ rc = BIO_set_close(bio, BIO_NOCLOSE);
+ if (rc < 0) {
+ LOG_ERR("BIO_set_close() failed");
+ goto bio_out;
+ }
/* these are not NULL terminated */
char *b64text = bufferPtr->data;
@@ -305,8 +316,6 @@ char *Base64Encode(const unsigned char* buffer)
}
}
- char *final_string = NULL;
-
CURL *curl = curl_easy_init();
if (curl) {
char *output = curl_easy_escape(curl, b64text, len);
@@ -317,6 +326,7 @@ char *Base64Encode(const unsigned char* buffer)
}
curl_easy_cleanup(curl);
curl_global_cleanup();
+bio_out:
BIO_free_all(bio);
/* format to a proper NULL terminated string */
--
2.19.2

28
tpm2_rsaencrypt-fix-example-in-man-page.patch Normal file
View File

@ -0,0 +1,28 @@
From d9a30001c702d2e18378166ed6a13802fdf40b84 Mon Sep 17 00:00:00 2001
From: Joshua Lock <joshua.g.lock@intel.com>
Date: Fri, 19 Oct 2018 11:36:31 +0100
Subject: [PATCH] tpm2_rsaencrypt: fix example in man page
The -I option was removed and became an argument
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
---
man/tpm2_rsaencrypt.1.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/tpm2_rsaencrypt.1.md b/man/tpm2_rsaencrypt.1.md
index e213180ab52..638e533471b 100644
--- a/man/tpm2_rsaencrypt.1.md
+++ b/man/tpm2_rsaencrypt.1.md
@@ -55,7 +55,7 @@ The key referenced by keyHandle is **required** to be:
# EXAMPLES
```
-tpm2_rsaencrypt -k 0x81010001 -I plain.in -o encrypted.out
+tpm2_rsaencrypt -k 0x81010001 -o encrypted.out plain.in
```
# RETURNS
--
2.19.2