swtpm: Implement CheckState interface function for checking for state…

…blob Implement a CheckState interface function for checking for the TPM_PERMANENT_ALL_NAME blog. The dirctory backend does a simple stat on the file without actually reading it, which otherwise may require the (correct) key if it was encrypted. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Sep 25, 2021 · c8267b5 · c8267b5
1 parent 14fe028
commit c8267b5
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 4 deletions.
diff --git a/src/swtpm/swtpm_nvstore.c b/src/swtpm/swtpm_nvstore.c
@@ -1323,11 +1323,10 @@ int SWTPM_NVRAM_PrintJson(void)
 {
     TPM_RESULT rc = 0;
     int ret = 0, n;
-    unsigned char *nvdata = NULL;
-    uint32_t nvlen;
     uint32_t tpm_number = 0;
     char filename[FILENAME_MAX];
     char *state_str = NULL;
+    const char *backend_uri = NULL;
 
     if (rc == 0)
         rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
@@ -1337,7 +1336,8 @@ int SWTPM_NVRAM_PrintJson(void)
         rc = SWTPM_NVRAM_Init();
 
     if (rc == 0) {
-        rc = SWTPM_NVRAM_LoadData(&nvdata, &nvlen, tpm_number, TPM_PERMANENT_ALL_NAME);
+        backend_uri = tpmstate_get_backend_uri();
+        rc = g_nvram_backend_ops->check_state(backend_uri, TPM_PERMANENT_ALL_NAME);
         if (rc == TPM_SUCCESS) {
             n = asprintf(&state_str, " { \"name\": \"%s\" } ", filename);
             if (n < 0) {
@@ -1358,7 +1358,6 @@ int SWTPM_NVRAM_PrintJson(void)
 
 cleanup:
     free(state_str);
-    free(nvdata);
 
     return ret;
 }
diff --git a/src/swtpm/swtpm_nvstore.h b/src/swtpm/swtpm_nvstore.h
@@ -121,6 +121,8 @@ struct nvram_backend_ops {
                          const char *name,
                          TPM_BOOL mustExist,
                          const char *uri);
+    TPM_RESULT (*check_state)(const char *uri,
+                              const char *name);
     void (*cleanup)(void);
 };
 int SWTPM_NVRAM_PrintJson(void);

diff --git a/src/swtpm/swtpm_nvstore_dir.c b/src/swtpm/swtpm_nvstore_dir.c
@@ -174,6 +174,38 @@ SWTPM_NVRAM_GetFilepathForName(char *filepath,       /* output: rooted file path
     return rc;
 }
 
+static TPM_RESULT
+SWTPM_NVRAM_CheckState_Dir(const char *uri,
+                           const char *name)
+{
+    TPM_RESULT    rc = 0;
+    char          filepath[FILENAME_MAX]; /* rooted file path from name */
+    struct stat   statbuf;
+    const char   *tpm_state_path = NULL;
+    uint32_t      tpm_number = 0;
+    int           rc2;
+
+    tpm_state_path = SWTPM_NVRAM_Uri_to_Dir(uri);
+    if (rc == 0) {
+        /* map name to the rooted file path */
+        rc = SWTPM_NVRAM_GetFilepathForName(filepath, sizeof(filepath),
+                                            tpm_number, name, false,
+                                            tpm_state_path);
+    }
+
+    if (rc == 0) {
+        rc2 = stat(filepath, &statbuf);
+        if (rc2 != 0 && errno == ENOENT)
+            rc = TPM_RETRY;
+        else if (rc2 != 0)
+            rc = TPM_FAIL;
+        else if (!S_ISREG(statbuf.st_mode))
+            rc = TPM_FAIL;
+    }
+
+    return rc;
+}
+
 static TPM_RESULT
 SWTPM_NVRAM_Prepare_Dir(const char *uri)
 {
@@ -478,4 +510,5 @@ struct nvram_backend_ops nvram_dir_ops = {
     .store   = SWTPM_NVRAM_StoreData_Dir,
     .delete  = SWTPM_NVRAM_DeleteName_Dir,
     .cleanup = SWTPM_NVRAM_Cleanup_Dir,
+    .check_state = SWTPM_NVRAM_CheckState_Dir,
 };