.travis.yml

@@ -27,6 +27,7 @@ addons:
     - libdbus-1-dev
     - libglib2.0-dev
     - clang-3.8
+    - ruby-dev
 
 env:
   global:
@@ -36,7 +37,16 @@ env:
 
 before_install:
     - echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
-    - pip install --user cpp-coveralls
+    - pip install --user cpp-coveralls pyyaml
+    - rvm list
+    # RVM didn't play nicely with the redcarpet and kept stating that the library it was loading
+    # was invalid, so we nuke it here. Note that you may need new invocations of shell to avoid
+    # a polluted rvm environment.
+    - rvm implode --force
+    - gem uninstall --force rvm || true
+    - bash -c 'sudo gem install md2man'
+    # Fail early if ruby is acting up.
+    - bash -c 'echo "foo\n===" | md2man-roff'
 
 install: 
     - wget https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm532.tar

CHANGELOG

@@ -1,4 +1,6 @@
 next
+- tpm2_pcrlist: support yaml output for parsing.
+* tpm2_pcrevent: new tool for hashing and extending pcrs.
 * Make tpm2_{createprimary,create,load,pcrlist,hmac} tools to support the --quiet option.
 * Support for a --quiet option to suppress messages printed by tools to standard output.
 * tpm2_hmac: support for files greater than 1024 bytes, changes in options and arguments.

Makefile.am

@@ -84,7 +84,8 @@ bin_PROGRAMS = \
     tools/tpm2_unseal \
     tools/tpm2_dictionarylockout \
     tools/tpm2_createpolicy \
-    tools/tpm2_pcrextend
+    tools/tpm2_pcrextend \
+    tools/tpm2_pcrevent
 
 noinst_LIBRARIES = $(LIB_COMMON)
 lib_libcommon_a_SOURCES = \
@@ -162,6 +163,7 @@ tools_tpm2_unseal_SOURCES = tools/tpm2_unseal.c $(TOOL_SRC)
 tools_tpm2_dictionarylockout_SOURCES = tools/tpm2_dictionarylockout.c $(TOOL_SRC)
 tools_tpm2_createpolicy_SOURCES = tools/tpm2_createpolicy.c $(TOOL_SRC)
 tools_tpm2_pcrextend_SOURCES = tools/tpm2_pcrextend.c $(TOOL_SRC)
+tools_tpm2_pcrevent_SOURCES = tools/tpm2_pcrevent.c $(TOOL_SRC)
 
 # rc_decode does not use common main, since it does not need a dynamic TCTI.
 tools_tpm2_rc_decode_SOURCES = lib/rc-decode.c tools/tpm2_rc_decode.c
@@ -259,14 +261,16 @@ man8_MANS = \
     man/man8/tpm2_rc_decode.8 \
     man/man8/tpm2_dictionarylockout.8 \
     man/man8/tpm2_createpolicy.8 \
-    man/man8/tpm2_pcrextend.8
+    man/man8/tpm2_pcrextend.8 \
+    man/man8/tpm2_pcrevent.8
 
 MAN_DEPS := man/common-options.troff man/tcti-options.troff \
            man/tcti-environment.troff man/alg-common.troff \
            man/hash-alg-common.troff man/object-alg-common.troff \
            man/sign-alg-common.troff man/password-fmt-common.troff \
            man/alg-notes-common.troff
 
+# DEPRECATED - No more raw troff files for manpages, use markdown (below).
 man/man8/%.8 : man/%.8.in $(MAN_DEPS)
 	rm -f $@
 	mkdir -p man/man8
@@ -296,4 +300,17 @@ endif
 	    -e '/@ALG_NOTES_COMMON_INCLUDE@/d' \
 	    < $< >> $@
 
+MARKDOWN_COMMON_DEPS = \
+	man/common/options.md \
+	man/common/tcti.md
+
+man/man8/%.8 : man/%.8.md $(MARKDOWN_COMMON_DEPS)
+	rm -f $@
+	mkdir -p man/man8
+	sed -e '/@COMMON_OPTIONS@/r man/common/options.md' \
+	    -e '/@COMMON_OPTIONS@/d' \
+	    -e '/@COMMON_TCTI@/r man/common/tcti.md' \
+	    -e '/@COMMON_TCTI@/d' \
+	    < $< | md2man-roff > $@
+
 CLEANFILES = $(man8_MANS)

lib/options.h

@@ -130,10 +130,34 @@ showArgMismatch (const char *name)
     printf("Please type \"%s -h\" get the usage!\n", name);
 }
 
+#ifndef VERSION
+  #warning "VERSION Not known at compile time, not embedding..."
+  #define VERSION "UNKNOWN"
+#endif
+
 static inline void
-showVersion (const char *name)
-{
-    printf("%s, version %s\n", name, VERSION);
+showVersion (const char *name) {
+    #ifdef HAVE_TCTI_TABRMD
+      #define TCTI_TABRMD_CONF "tabrmd,"
+    #else
+      #define TCTI_TABRMD_CONF ""
+    #endif
+
+    #ifdef HAVE_TCTI_SOCK
+      #define TCTI_SOCK_CONF "socket,"
+    #else
+      #define TCTI_SOCK_CONF ""
+    #endif
+
+    #ifdef HAVE_TCTI_DEV
+      #define TCTI_DEV_CONF "device,"
+    #else
+      #define TCTI_DEV_CONF ""
+    #endif
+
+    static const char *tcti_conf = TCTI_TABRMD_CONF TCTI_SOCK_CONF TCTI_DEV_CONF;
+    printf("tool=\"%s\" version=\"%s\" tctis=\"%s\"\n", name, VERSION,
+            tcti_conf);
 }
 
 #endif /* OPTIONS_H */

lib/tpm2_util.h

@@ -11,7 +11,8 @@
 #define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->t.field)))
 
 #define TPM2B_TYPE_INIT(type, field) { .t = { .size = BUFFER_SIZE(type, field), }, }
-#define TPM2B_EMPTY_INIT { .t = { .size = 0, }, }
+#define TPM2B_INIT(xsize) { .t = { .size = xsize, }, }
+#define TPM2B_EMPTY_INIT TPM2B_INIT(0)
 #define SESSION_ATTRIBUTES_INIT(mask) { .val = mask }
 
 #define TPMS_AUTH_COMMAND_INIT(session_handle) { \
@@ -44,6 +45,11 @@
 		.digest = TPM2B_EMPTY_INIT \
     }
 
+#define TSS2_SYS_CMD_AUTHS_INIT(array) { \
+        .cmdAuthsCount = ARRAY_LEN(array), \
+        .cmdAuths = array, \
+    }
+
 int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLenth, BYTE *byteBuffer);
 
 /**

man/common/options.md

@@ -0,0 +1,18 @@
+## COMMON OPTIONS
+
+This collection of options are common to many programs and provide
+information that many users may expect.
+
+  * `-h`, `--help`:
+    Display the tools manpage. This requires the manpages to be installed or on
+    _MANPATH_, See man(1) for more details.
+
+  * `-v`, `--version`:
+	Display version information for this tool, supported tctis and exit.
+
+  * `-V`, `--verbose`:
+	Increase the information that the tool prints to the console during its
+	execution. When using this option the file and line number are printed.
+
+  * `-Q`, `--quiet`:
+    Silence normal tool output to stdout.

man/common/tcti.md

@@ -0,0 +1,59 @@
+TCTI ENVIRONMENT
+----------------
+
+This collection of environment variables that may be used to configure the
+various TCTI modules available.
+
+The values passed through these variables can be overridden on a per-command
+basis using the available command line options, see the _TCTI_OPTIONS_ section.
+
+The variables respected depend on how the software was configured.
+
+  * _TPM2TOOLS\_TCTI\_NAME_:
+	Select the TCTI used for communication with the next component down the TSS
+	stack. In most configurations this will be the TPM but it could be a simulator
+	or proxy. The current known TCTIs are:
+
+	* tabrmd - The new resource manager, called
+	           [tabrmd](https://github.com/01org/tpm2-abrmd).
+	* socket - Typically used with the old resource manager, or talking directly to
+	           a simulator.
+	* device - Used when talking directly to a TPM device file.
+
+  * _TPM2TOOLS\_DEVICE\_FILE_:
+	When using the device TCTI, specify the TPM device file. The default is
+	"/dev/tpm0".
+
+	Note: Using the tpm directly requires the users to ensure that concurrent
+	access does not occur and that they manage the tpm resources. These tasks are
+	usually managed by a resource manager. Linux 4.12 and greater supports an in
+	kernel resource manager at "/dev/tpmrm`<num>`",	typically "/dev/tpmrm0".
+
+  * _TPM2TOOLS\_SOCKET\_ADDRESS_:
+    When using the socket TCTI, specify the domain name or IP address used. The
+    default is 127.0.0.1.
+
+  * _TPM2TOOLS\_SOCKET\_PORT_:
+	When using the socket TCTI, specify the port number used. The default is 2321.
+
+TCTI OPTIONS
+------------
+
+This collection of options are used to configure the varous TCTI modules
+available. They override any environment variables.
+
+  * `-T`, `--tcti`=_TCTI_NAME_:
+	Select the TCTI used for communication with the next component down the TSS
+	stack. In most configurations this will be the resource manager:
+	[tabrmd](https://github.com/01org/tpm2-abrmd)
+
+  * `-d`, `--device-file`=_DEVICE_FILE_:
+	Specify the TPM device file for use by the device TCTI. The default is
+	/dev/tpm0.
+
+  * `-R`, `--socket-address`=_SOCKET_ADDRESS_:
+	Specify the domain name or IP address used by the socket TCTI. The default
+	is 127.0.0.1.
+
+  * `-p`, `--socket-port`=_SOCKET_PORT_:
+	Specify the port number used by the socket TCTI. The default is 2321.

man/tpm2_pcrevent.8.md

@@ -0,0 +1,76 @@
+tpm2_pcrevent 8 "AUGUST 2017" Linux "User Manuals"
+==================================================
+
+NAME
+----
+
+tpm2_pcrevent(8) - hashes a file and optionally extends a pcr.
+
+SYNOPSIS
+--------
+
+`tpm2_pcrevent` [OPTIONS] [_FILE_]
+
+DESCRIPTION
+-----------
+
+tpm2_pcrevent(8) hashes _FILE_ if specified or stdin. It uses all of the
+hashing algorithms that the tpm supports. Optionally, if a pcr index is
+specified, it extends that pcr for all supported algorithms with the hash
+digest. In either case, it outputs to stdout the hash algorithm used and the
+digest value, one per line:
+
+_alg_:_digest_
+
+Where _alg_ is the algorithm used (eg. sha1) and _digest_ is the digest
+resulting from the hash computation of _alg_ on the data.
+
+See sections 23.1 and sections 17 of the [TPM2.0 Specification](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf)
+
+OPTIONS
+-------
+
+These options control extending the pcr:
+
+  * `-i`, `--pcr-index`=_INDEX_:
+    Not only compute the hash digests on _FILE_, also extend the pcr given by
+    _INDEX_ for all supported hash algorithms.
+
+  * `-S`, `--input-session-handle`=_SESSION_HANDLE_:
+    Use _SESSION_HANDLE_ for providing an authorization session for the pcr
+    specified by _INDEX_.
+    It is an error to specify `-S` without specifying a pcr index with `-i`.
+
+  * `-P`, `--password`=_PASSWORD_:
+    Use _PASSWORD_ for providing an authorization value for the pcr specified
+    in _INDEX_.
+    It is an error to specify `-P` without specifying a pcr index with `-i`.
+
+@@COMMON_OPTIONS@@
+@@COMMON_TCTI@@
+
+EXAMPLES
+--------
+
+Hash a file:
+
+tpm2_pcrevent data
+
+Hash a file and extend pcr 8:
+
+tpm2_pcrevent -i 8 data
+
+RETURNS
+-------
+0 on success or 1 on failure.
+
+BUGS
+----
+[Github Issues](https://github.com/01org/tpm2-tools/issues)
+
+HELP
+----
+See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
+
+## AUTHOR
+William Roberts <william.c.roberts@intel.com>

test/system/test_all.sh

@@ -33,7 +33,9 @@
 #!/bin/bash
 
 SRC_DIR=`realpath ../../tools/`
+TEST_DIR=`realpath .`
 PATH=$SRC_DIR:$PATH
+PATH=$TEST_DIR:$PATH
 
 pass=0
 fail=0
@@ -53,7 +55,7 @@ test_wrapper()
   fi
 
   # Scripts are sloppy, perform cleanup
-  rm `find . -maxdepth 1 -type f ! -name '*.sh' ! -name 'README.md'` 2>/dev/null
+  rm `find . -maxdepth 1 -type f ! -name '*.sh' ! -name 'README.md' ! -name 'yaml_get.py'` 2>/dev/null
   sleep 1
 }
 
@@ -86,6 +88,7 @@ test_wrapper test_tpm2_verifysignature.sh
 test_wrapper test_tpm2_send_command.sh
 test_wrapper test_tpm2_dump_capability.sh
 test_wrapper test_tpm2_startup.sh
+test_wrapper test_tpm2_pcrevent.sh
 
 # Building with asan on clang, the leak sanitizier
 # portion (lsan) on ancient versions is: