rev162: fix PCRBelongsTCBGroup for PCClient (bugfix)

Fix PCRBelongsTCBGroup by adjusting the set of PCRs that belong to the TCB Group. The effect of this is that PCR changes to PCR 16 (for example) do not change the pcrUpdateCounter anymore. The effect *should not* have any negative side effects when using the TPM. We also need to update the test cases that now show a different pcrUpdateCounter in the responses. Also 'swtpm' test cases need to be fixed to expect the changed result. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Jun 29, 2020 · 0f5d791 · 0f5d791
1 parent bc60d19
commit 0f5d791
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/src/tpm2/PCR.c b/src/tpm2/PCR.c
@@ -3,7 +3,7 @@
 /*			   PCR access and manipulation 				*/
 /*			     Written by Ken Goldman				*/
 /*		       IBM Thomas J. Watson Research Center			*/
-/*            $Id: PCR.c 1594 2020-03-26 22:15:48Z kgoldman $			*/
+/*            $Id: PCR.c 1628 2020-05-27 19:35:29Z kgoldman $			*/
 /*										*/
 /*  Licenses and Notices							*/
 /*										*/
@@ -163,12 +163,19 @@ PCRBelongsTCBGroup(
 		   )
 {
 #if ENABLE_PCR_NO_INCREMENT == YES
+#if 0
     // Platform specification decides if a PCR belongs to a TCB group.  In this
     // implementation, we assume PCR[20-22] belong to TCB group.  If the platform
     // specification requires differently, the implementation should be
     // changed accordingly
     if(handle >= 20 && handle <= 22)
 	return TRUE;
+#endif
+    /* kgold - changed for PC Client, 16, 21-23 no increment */
+    if ((handle == 16) ||
+	((handle >= 21) && (handle <= 23))) {
+	return  TRUE;
+    }
 #endif
     return FALSE;
 }

diff --git a/tests/tpm2_pcr_read.c b/tests/tpm2_pcr_read.c
@@ -7,6 +7,19 @@
 #include <libtpms/tpm_error.h>
 #include <libtpms/tpm_memory.h>
 
+static void dump_array(const char *h, const unsigned char *d, size_t dlen)
+{
+    size_t i;
+
+    fprintf(stderr, "%s\n", h);
+    for (i = 0; i < dlen; i++) {
+        fprintf(stderr, "%02x ", d[i]);
+        if ((i & 0xf) == 0xf)
+            fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "\n");
+}
+
 int main(void)
 {
     unsigned char *rbuffer = NULL;
@@ -43,7 +56,7 @@ int main(void)
     };
     const unsigned char tpm2_pcr_read_exp_resp[] = {
         0x80, 0x01, 0x00, 0x00, 0x01, 0x86, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00,
         0x00, 0x04, 0x00, 0x04, 0x03, 0x01, 0x00, 0x10,
         0x00, 0x0b, 0x03, 0x01, 0x00, 0x10, 0x00, 0x0c,
         0x03, 0x01, 0x00, 0x10, 0x00, 0x0d, 0x03, 0x01,
@@ -127,6 +140,8 @@ int main(void)
 
     if (memcmp(rbuffer, tpm2_pcr_read_exp_resp, rlength)) {
         fprintf(stderr, "Expected response is different than received one.\n");
+        dump_array("actual:", rbuffer, rlength);
+        dump_array("expected:", tpm2_pcr_read_exp_resp, sizeof(tpm2_pcr_read_exp_resp));
         goto exit;
     }
 
@@ -167,7 +182,7 @@ int main(void)
 
     const unsigned char tpm2_pcr10_read_resp[] = {
         0x80, 0x01, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00,
         0x00, 0x01, 0x00, 0x0b, 0x03, 0x00, 0x04, 0x00,
         0x00, 0x00, 0x00, 0x01, 0x00, 0x20, 0x1f, 0x7f,
         0xb1, 0x00, 0xe1, 0xb2, 0xd1, 0x95, 0x19, 0x4b,
@@ -178,6 +193,8 @@ int main(void)
 
     if (memcmp(tpm2_pcr10_read_resp, rbuffer, rlength)) {
         fprintf(stderr, "TPM2_PCRRead(PCR10) did not return expected result\n");
+        dump_array("actual:", rbuffer, rlength);
+        dump_array("expected:", tpm2_pcr10_read_resp, sizeof(tpm2_pcr10_read_resp));
         goto exit;
     }