tpm2_getpubak: add support for friendly algorithm names

Allow -g sha1 instead of -g 0x4. Update some of the tests to use the new method. Update the man page for the tool. Signed-off-by: William Roberts <william.c.roberts@intel.com>
tpm2-software · Jul 27, 2017 · ed1e66e · ed1e66e
1 parent 3aa51e9
commit ed1e66e
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 19 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -228,7 +228,7 @@ man8_MANS = \
     man/man8/tpm2_dictionarylockout.8 \
     man/man8/tpm2_createpolicy.8
 
-man/man8/%.8 : man/%.8.in man/common-options.troff man/tcti-options.troff man/tcti-environment.troff man/alg-common.troff man/hash-alg-common.troff man/object-alg-common.troff
+man/man8/%.8 : man/%.8.in man/common-options.troff man/tcti-options.troff man/tcti-environment.troff man/alg-common.troff man/hash-alg-common.troff man/object-alg-common.troff man/sign-alg-common.troff
 	rm -f $@
 	mkdir -p man/man8
 if HAVE_TCTI_DEV
@@ -249,6 +249,8 @@ endif
 	    -e '/@HASH_ALG_COMMON_INCLUDE@/d' \
 	    -e '/@OBJECT_ALG_COMMON_INCLUDE@/r man/object-alg-common.troff' \
 	    -e '/@OBJECT_ALG_COMMON_INCLUDE@/d' \
+	    -e '/@SIGN_ALG_COMMON_INCLUDE@/r man/sign-alg-common.troff' \
+	    -e '/@SIGN_ALG_COMMON_INCLUDE@/d' \
 	    < $< >> $@
 
 CLEANFILES = $(man8_MANS)
diff --git a/man/sign-alg-common.troff b/man/sign-alg-common.troff
@@ -0,0 +1,10 @@
+Supported algorithms are:
+  '0x5' or 'hmac' for TPM_ALG_HMAC (default)
+  '0x14' or 'rsassa' for TPM_ALG_RSASSA
+  '0x16' or 'rsapss' for TPM_ALG_RSAPSS
+  '0x18' or 'ecdsa' for TPM_ALG_ECDSA
+  '0x1A' or 'ecdaa' for TPM_ALG_ECDAA
+  '0x1B' or 'sm2' for TPM_ALG_SM2
+  '0x1C' or 'ecschnorr' for TPM_ALG_ECSCHNORR
+.br
+\fBNOTE\fR: Your TPM may not support all algorithms.
diff --git a/man/tpm2_getpubak.8.in b/man/tpm2_getpubak.8.in
@@ -65,14 +65,18 @@ specifies the handle of EK (hex).
 \fB\-k ,\-\-akHandle\fR
 specifies the handle used to make AK  persistent (hex). 
 .TP
-\fB\-g ,\-\-alg\fR
-specifies the algorithm type of AK  (default:0x01/TPM_ALG_RSA):   TPM_ALG_RSA 0x0001   TPM_ALG_KEYEDHASH 0x0008   TPM_ALG_ECC 0x0023 
+-\fB\-g ,\-\-alg\fR
+-specifies the algorithm type of AK.
+@ALG_COMMON_INCLUDE@
+@OBJECT_ALG_COMMON_INCLUDE@
 .TP
 \fB\-D ,\-\-digestAlg\fR
-specifies the algorithm of digest.  0x0004 TPM_ALG_SHA1   0x000B TPM_ALG_SHA256   0x000C TPM_ALG_SHA384   0x000D TPM_ALG_SHA512   0x0012 TPM_ALG_SM3_256 
+Like -g, but specifies the algorithm of digest.
+@HASH_ALG_COMMON_INCLUDE@
 .TP
 \fB\-s ,\-\-signAlg\fR
-specifies the algorithm of sign.  0x0005 TPM_ALG_HMAC   0x0014 TPM_ALG_RSASSA   0x0016 TPM_ALG_RSAPSS   0x0018 TPM_ALG_ECDSA   0x001A TPM_ALG_ECDAA   0x001B TPM_ALG_SM2   0x001C TPM_ALG_ECSCHNORR 
+Like -g, but specifies the algorithm of sign.
+@SIGN_ALG_COMMON_INCLUDE@
 .TP
 \fB\-f ,\-\-file\fR
 specifies the file used to save the public  portion of AK. 

diff --git a/test/system/test_algs_tpm2_getpubak.sh b/test/system/test_algs_tpm2_getpubak.sh
@@ -61,11 +61,11 @@ if [ $? != 0 ];then
 fi
 ##   ./tpm2_getpubak  -e "$handle_ek" -k $handle_ak  -g $ak_alg -D $digestAlg -s $signAlg -f ak.pub_"$kalg_p"_"$halg"_"$digestAlg"_"$signAlg" -n ak.name_"$kalg_p"_"$halg"_"$digestAlg"_"$signAlg"
 
-for  ak_alg in 0x0001 0x0008 0x0023  
- do
-   for  digestAlg in 0x0004 0x000B 0x000C 0x000D 0x0012
+for  ak_alg in rsa 0x0008 0x0023
+do
+   for  digestAlg in 0x0004 sha256 0x000C 0x000D 0x0012
    do 
-    for  signAlg in 0x0005 0x0014 0x0016 0x0018 0x001A 0x001B 0x001C
+    for  signAlg in hmac 0x0014 0x0016 0x0018 0x001A sm2 0x001C
     do
 
   tpm2_getpubak  -E "$handle_ek" -k $handle_ak  -g $ak_alg -D $digestAlg -s $signAlg -f ak.pub_"$ak_alg"_"$digestAlg"_"$signAlg" -n ak.name_"$ak_alg"_"$digestAlg"_"$signAlg"

diff --git a/tools/tpm2_getpubak.c b/tools/tpm2_getpubak.c
@@ -46,6 +46,7 @@
 #include "password_util.h"
 #include "tpm2_util.h"
 #include "tpm_session.h"
+#include "tpm2_alg_util.h"
 
 typedef struct getpubak_context getpubak_context;
 struct getpubak_context {
@@ -61,9 +62,9 @@ struct getpubak_context {
     bool hexPasswd;
     char *outputFile;
     char *aknameFile;
-    UINT32 algorithmType;
-    UINT32 digestAlg;
-    UINT32 signAlg;
+    TPM_ALG_ID algorithmType;
+    TPM_ALG_ID digestAlg;
+    TPM_ALG_ID signAlg;
     TSS2_SYS_CONTEXT *sapi_context;
 };
 
@@ -447,22 +448,22 @@ static bool init(int argc, char *argv[], getpubak_context *ctx) {
             }
             break;
         case 'g':
-            result = tpm2_util_string_to_uint32(optarg, &ctx->algorithmType);
-            if (!result) {
-                LOG_ERR("Could not convert algorithm.");
+            ctx->algorithmType = tpm2_alg_util_from_optarg(optarg);
+            if (ctx->algorithmType == TPM_ALG_ERROR) {
+                LOG_ERR("Could not convert algorithm. got: \"%s\".", optarg);
                 return false;
             }
             break;
         case 'D':
-            result = tpm2_util_string_to_uint32(optarg, &ctx->digestAlg);
-            if (!result) {
+            ctx->digestAlg = tpm2_alg_util_from_optarg(optarg);
+            if (ctx->digestAlg == TPM_ALG_ERROR) {
                 LOG_ERR("Could not convert digest algorithm.");
                 return false;
             }
             break;
         case 's':
-            result = tpm2_util_string_to_uint32(optarg, &ctx->signAlg);
-            if (!result) {
+            ctx->signAlg = tpm2_alg_util_from_optarg(optarg);
+            if (ctx->signAlg == TPM_ALG_ERROR) {
                 LOG_ERR("Could not convert signing algorithm.");
                 return false;
             }