6 changes: 3 additions & 3 deletions .travis.yml
View file
Expand Up @@ -38,9 +38,9 @@ before_install:
- pip install --user cpp-coveralls pyyaml

install:
- wget https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm532.tar
- sha256sum ibmtpm532.tar | grep -q abc0b420257917ccb42a9750588565d5e84a2b4e99a6f9f46c3dad1f9912864f
- mkdir ibmtpm532 && pushd ibmtpm532 && tar xzf ../ibmtpm532.tar && pushd ./src && make
- wget https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm974.tar.gz
- sha256sum ibmtpm974.tar.gz | grep -q 8e45d86129a0adb95fee4cee51f4b1e5b2d81ed3e55af875df53f98f39eb7ad7
- mkdir ibmtpm974 && pushd ibmtpm974 && tar axf ../ibmtpm974.tar.gz && pushd ./src && make
- ./tpm_server &
- popd && popd
- git clone https://github.com/01org/TPM2.0-TSS.git
Expand Down
13 changes: 13 additions & 0 deletions lib/tpm2_util.h
View file
Expand Up @@ -93,6 +93,19 @@
.rspAuths = array, \
}

/*
* This macro is useful as a wrapper around SAPI functions to automatically
* retry function calls when the RC is TPM_RC_RETRY.
*/
#define TSS2_RETRY_EXP(expression) \
({ \
TSS2_RC __result = 0; \
do { \
__result = (expression); \
} while ((__result & 0x0000ffff) == TPM_RC_RETRY); \
__result; \
})

int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLenth, BYTE *byteBuffer);

/**
Expand Down
10 changes: 5 additions & 5 deletions tools/tpm2_activatecredential.c
View file
Expand Up @@ -187,8 +187,8 @@ static bool activate_credential_and_output(TSS2_SYS_CONTEXT *sapi_context) {
return false;
}

rval = Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &cmd_auth_array_endorse, 0, 0, 0, 0, 0, 0, 0);
rval = TSS2_RETRY_EXP(Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &cmd_auth_array_endorse, 0, 0, 0, 0, 0, 0, 0));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Tss2_Sys_PolicySecret Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -198,16 +198,16 @@ static bool activate_credential_and_output(TSS2_SYS_CONTEXT *sapi_context) {
tmp_auth.sessionAttributes.continueSession = 1;
tmp_auth.hmac.t.size = 0;

rval = Tss2_Sys_ActivateCredential(sapi_context, ctx.handle.activate,
rval = TSS2_RETRY_EXP(Tss2_Sys_ActivateCredential(sapi_context, ctx.handle.activate,
ctx.handle.key, &cmd_auth_array_password, &ctx.credentialBlob, &ctx.secret,
&certInfoData, 0);
&certInfoData, 0));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("ActivateCredential failed. TPM Error:0x%x", rval);
return false;
}

// Need to flush the session here.
rval = Tss2_Sys_FlushContext(sapi_context, session->sessionHandle);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context, session->sessionHandle));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_Sys_FlushContext Error. TPM Error:0x%x", rval);
return false;
Expand Down
8 changes: 4 additions & 4 deletions tools/tpm2_certify.c
View file
Expand Up @@ -103,8 +103,8 @@ static bool get_key_type(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT object_h

TPM2B_NAME qualified_name = TPM2B_TYPE_INIT(TPM2B_NAME, name);

TPM_RC rval = Tss2_Sys_ReadPublic(sapi_context, object_handle, 0,
&out_public, &name, &qualified_name, &sessions_data_out);
TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_ReadPublic(sapi_context, object_handle, 0,
&out_public, &name, &qualified_name, &sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_ReadPublic failed. Error Code: 0x%x", rval);
return false;
Expand Down Expand Up @@ -191,9 +191,9 @@ static bool certify_and_save_data(TSS2_SYS_CONTEXT *sapi_context) {

TPMT_SIGNATURE signature;

TPM_RC rval = Tss2_Sys_Certify(sapi_context, ctx.handle.obj,
TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_Certify(sapi_context, ctx.handle.obj,
ctx.handle.key, &cmd_auth_array, &qualifying_data, &scheme,
&certify_info, &signature, &sessions_data_out);
&certify_info, &signature, &sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_Certify failed. Error Code: 0x%x", rval);
return false;
Expand Down
4 changes: 2 additions & 2 deletions tools/tpm2_create.c
View file
Expand Up @@ -209,9 +209,9 @@ int create(TSS2_SYS_CONTEXT *sapi_context)

creationPCR.count = 0;

rval = Tss2_Sys_Create(sapi_context, ctx.parent_handle, &sessionsData, &ctx.in_sensitive,
rval = TSS2_RETRY_EXP(Tss2_Sys_Create(sapi_context, ctx.parent_handle, &sessionsData, &ctx.in_sensitive,
&ctx.in_public, &outsideInfo, &creationPCR, &outPrivate,&outPublic,
&creationData, &creationHash, &creationTicket, &sessionsDataOut);
&creationData, &creationHash, &creationTicket, &sessionsDataOut));
if(rval != TPM_RC_SUCCESS) {
LOG_ERR("\nCreate Object Failed ! ErrorCode: 0x%0x\n",rval);
return -2;
Expand Down
4 changes: 2 additions & 2 deletions tools/tpm2_createprimary.c
View file
Expand Up @@ -188,10 +188,10 @@ int create_primary(TSS2_SYS_CONTEXT *sapi_context) {

creationPCR.count = 0;

rval = Tss2_Sys_CreatePrimary(sapi_context, ctx.hierarchy, &sessionsData,
rval = TSS2_RETRY_EXP(Tss2_Sys_CreatePrimary(sapi_context, ctx.hierarchy, &sessionsData,
&ctx.inSensitive, &ctx.in_public, &outsideInfo, &creationPCR,
&handle2048rsa, &outPublic, &creationData, &creationHash,
&creationTicket, &name, &sessionsDataOut);
&creationTicket, &name, &sessionsDataOut));
if(rval != TPM_RC_SUCCESS) {
LOG_ERR("\nCreatePrimary Failed ! ErrorCode: 0x%0x\n", rval);
return -2;
Expand Down
8 changes: 4 additions & 4 deletions tools/tpm2_dictionarylockout.c
View file
Expand Up @@ -80,8 +80,8 @@ bool dictionary_lockout_reset_and_parameter_setup(TSS2_SYS_CONTEXT *sapi_context
if (ctx.clear_lockout) {

LOG_INFO("Resetting dictionary lockout state.");
UINT32 rval = Tss2_Sys_DictionaryAttackLockReset(sapi_context,
TPM_RH_LOCKOUT, &sessionsData, &sessionsDataOut);
UINT32 rval = TSS2_RETRY_EXP(Tss2_Sys_DictionaryAttackLockReset(sapi_context,
TPM_RH_LOCKOUT, &sessionsData, &sessionsDataOut));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("0x%X Error clearing dictionary lockout.", rval);
return false;
Expand All @@ -90,10 +90,10 @@ bool dictionary_lockout_reset_and_parameter_setup(TSS2_SYS_CONTEXT *sapi_context

if (ctx.setup_parameters) {
LOG_INFO("Setting up Dictionary Lockout parameters.");
UINT32 rval = Tss2_Sys_DictionaryAttackParameters(sapi_context,
UINT32 rval = TSS2_RETRY_EXP(Tss2_Sys_DictionaryAttackParameters(sapi_context,
TPM_RH_LOCKOUT, &sessionsData, ctx.max_tries,
ctx.recovery_time, ctx.lockout_recovery_time,
&sessionsDataOut);
&sessionsDataOut));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR(
"0x%X Failed setting up dictionary_attack_lockout_reset params",
Expand Down
13 changes: 10 additions & 3 deletions tools/tpm2_encryptdecrypt.c
View file
Expand Up @@ -43,6 +43,7 @@
#include "tpm2_password_util.h"
#include "files.h"
#include "log.h"
#include "rc-decode.h"
#include "tpm2_tool.h"
#include "tpm2_util.h"

Expand Down Expand Up @@ -99,9 +100,15 @@ static bool encrypt_decrypt(TSS2_SYS_CONTEXT *sapi_context) {
},
};

TPM_RC rval = Tss2_Sys_EncryptDecrypt(sapi_context, ctx.key_handle,
&sessions_data, ctx.is_decrypt, TPM_ALG_NULL, &iv_in, &ctx.data, &out_data,
&iv_out, &sessions_data_out);
/* try EncryptDecrypt2 first, fallback to EncryptDecrypt if not supported */
TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_EncryptDecrypt2(sapi_context, ctx.key_handle,
&sessions_data, &ctx.data, ctx.is_decrypt, TPM_ALG_NULL, &iv_in, &out_data,
&iv_out, &sessions_data_out));
if (rval == TPM_RC_COMMAND_CODE) {
rval = TSS2_RETRY_EXP(Tss2_Sys_EncryptDecrypt(sapi_context, ctx.key_handle,
&sessions_data, ctx.is_decrypt, TPM_ALG_NULL, &iv_in, &ctx.data,
&out_data, &iv_out, &sessions_data_out));
}
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("EncryptDecrypt failed, error code: 0x%x", rval);
return false;
Expand Down
4 changes: 2 additions & 2 deletions tools/tpm2_evictcontrol.c
View file
Expand Up @@ -86,8 +86,8 @@ static int evict_control(TSS2_SYS_CONTEXT *sapi_context) {
sessions_data_out.rspAuthsCount = 1;
sessions_data.cmdAuthsCount = 1;

TPM_RC rval = Tss2_Sys_EvictControl(sapi_context, ctx.auth, ctx.handle.object,
&sessions_data, ctx.handle.persist,&sessions_data_out);
TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_EvictControl(sapi_context, ctx.auth, ctx.handle.object,
&sessions_data, ctx.handle.persist,&sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("EvictControl failed, error code: 0x%x", rval);
return false;
Expand Down
4 changes: 2 additions & 2 deletions tools/tpm2_getcap.c
View file
Expand Up @@ -749,14 +749,14 @@ get_tpm_capability_all (TSS2_SYS_CONTEXT *sapi_ctx,
TSS2_RC rc;
TPMI_YES_NO more_data;

rc = Tss2_Sys_GetCapability (sapi_ctx,
rc = TSS2_RETRY_EXP(Tss2_Sys_GetCapability (sapi_ctx,
NULL,
options.capability,
options.property,
options.count,
&more_data,
capability_data,
NULL);
NULL));
if (rc != TSS2_RC_SUCCESS) {
LOG_ERR("Failed to GetCapability: capability: 0x%x, property: 0x%x, "
"TSS2_RC: 0x%x\n", options.capability, options.property, rc);
Expand Down
12 changes: 6 additions & 6 deletions tools/tpm2_getmanufec.c
View file
Expand Up @@ -184,11 +184,11 @@ int createEKHandle(TSS2_SYS_CONTEXT *sapi_context)

creationPCR.count = 0;

rval = Tss2_Sys_CreatePrimary(sapi_context, TPM_RH_ENDORSEMENT, &sessionsData,
rval = TSS2_RETRY_EXP(Tss2_Sys_CreatePrimary(sapi_context, TPM_RH_ENDORSEMENT, &sessionsData,
&inSensitive, &inPublic, &outsideInfo,
&creationPCR, &handle2048ek, &outPublic,
&creationData, &creationHash, &creationTicket,
&name, &sessionsDataOut);
&name, &sessionsDataOut));
if (rval != TPM_RC_SUCCESS ) {
LOG_ERR("TPM2_CreatePrimary Error. TPM Error:0x%x", rval);
return 1;
Expand All @@ -204,17 +204,17 @@ int createEKHandle(TSS2_SYS_CONTEXT *sapi_context)

sessionDataArray[0] = &ctx.owner_session_data;

rval = Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, handle2048ek,
&sessionsData, ctx.persistent_handle, &sessionsDataOut);
rval = TSS2_RETRY_EXP(Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, handle2048ek,
&sessionsData, ctx.persistent_handle, &sessionsDataOut));
if (rval != TPM_RC_SUCCESS ) {
LOG_ERR("EvictControl:Make EK persistent Error. TPM Error:0x%x", rval);
return 1;
}
LOG_INFO("EvictControl EK persistent succ.");
}

rval = Tss2_Sys_FlushContext(sapi_context,
handle2048ek);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context,
handle2048ek));
if (rval != TPM_RC_SUCCESS ) {
LOG_ERR("Flush transient EK failed. TPM Error:0x%x", rval);
return 1;
Expand Down
26 changes: 13 additions & 13 deletions tools/tpm2_getpubak.c
View file
Expand Up @@ -266,8 +266,8 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {

LOG_INFO("tpm_session_start_auth_with_params succ");

rval = Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &sessions_data, 0, 0, 0, 0, 0, 0, 0);
rval = TSS2_RETRY_EXP(Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &sessions_data, 0, 0, 0, 0, 0, 0, 0));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Tss2_Sys_PolicySecret Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -279,18 +279,18 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {
session_data.sessionAttributes.continueSession = 1;
session_data.hmac.t.size = 0;

rval = Tss2_Sys_Create(sapi_context, handle_2048_rsa, &sessions_data,
rval = TSS2_RETRY_EXP(Tss2_Sys_Create(sapi_context, handle_2048_rsa, &sessions_data,
&inSensitive, &inPublic, &outsideInfo, &creation_pcr, &out_private,
&out_public, &creation_data, &creation_hash, &creation_ticket,
&sessions_data_out);
&sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_Create Error. TPM Error:0x%x", rval);
return false;
}
LOG_INFO("TPM2_Create succ");

// Need to flush the session here.
rval = Tss2_Sys_FlushContext(sapi_context, session->sessionHandle);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context, session->sessionHandle));
if (rval != TPM_RC_SUCCESS) {
LOG_INFO("TPM2_Sys_FlushContext Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -313,8 +313,8 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {
}
LOG_INFO("tpm_session_start_auth_with_params succ");

rval = Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &sessions_data, 0, 0, 0, 0, 0, 0, 0);
rval = TSS2_RETRY_EXP(Tss2_Sys_PolicySecret(sapi_context, TPM_RH_ENDORSEMENT,
session->sessionHandle, &sessions_data, 0, 0, 0, 0, 0, 0, 0));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Tss2_Sys_PolicySecret Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -326,8 +326,8 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {
session_data.hmac.t.size = 0;

TPM_HANDLE loaded_sha1_key_handle;
rval = Tss2_Sys_Load(sapi_context, handle_2048_rsa, &sessions_data, &out_private,
&out_public, &loaded_sha1_key_handle, &name, &sessions_data_out);
rval = TSS2_RETRY_EXP(Tss2_Sys_Load(sapi_context, handle_2048_rsa, &sessions_data, &out_private,
&out_public, &loaded_sha1_key_handle, &name, &sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_Load Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -347,7 +347,7 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {
}

// Need to flush the session here.
rval = Tss2_Sys_FlushContext(sapi_context, session->sessionHandle);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context, session->sessionHandle));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_Sys_FlushContext Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -363,16 +363,16 @@ static bool create_ak(TSS2_SYS_CONTEXT *sapi_context) {
// use the owner auth here.
memcpy(&session_data.hmac, &ctx.passwords.owner, sizeof(ctx.passwords.owner));

rval = Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, loaded_sha1_key_handle,
&sessions_data, ctx.persistent_handle.ak, &sessions_data_out);
rval = TSS2_RETRY_EXP(Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, loaded_sha1_key_handle,
&sessions_data, ctx.persistent_handle.ak, &sessions_data_out));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("\n......TPM2_EvictControl Error. TPM Error:0x%x......",
rval);
return false;
}
LOG_INFO("EvictControl: Make AK persistent succ.");

rval = Tss2_Sys_FlushContext(sapi_context, loaded_sha1_key_handle);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context, loaded_sha1_key_handle));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Flush transient AK error. TPM Error:0x%x", rval);
return false;
Expand Down
10 changes: 5 additions & 5 deletions tools/tpm2_getpubek.c
View file
Expand Up @@ -204,10 +204,10 @@ static bool create_ek_handle(TSS2_SYS_CONTEXT *sapi_context) {

/* Create EK and get a handle to the key */
TPM_HANDLE handle2048ek;
UINT32 rval = Tss2_Sys_CreatePrimary(sapi_context, TPM_RH_ENDORSEMENT,
UINT32 rval = TSS2_RETRY_EXP(Tss2_Sys_CreatePrimary(sapi_context, TPM_RH_ENDORSEMENT,
&sessionsData, &inSensitive, &inPublic, &outsideInfo, &creationPCR,
&handle2048ek, &outPublic, &creationData, &creationHash,
&creationTicket, &name, &sessionsDataOut);
&creationTicket, &name, &sessionsDataOut));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("TPM2_CreatePrimary Error. TPM Error:0x%x", rval);
return false;
Expand All @@ -217,8 +217,8 @@ static bool create_ek_handle(TSS2_SYS_CONTEXT *sapi_context) {

memcpy(&sessionData.hmac, &ctx.passwords.owner, sizeof(ctx.passwords.owner));

rval = Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, handle2048ek,
&sessionsData, ctx.persistent_handle, &sessionsDataOut);
rval = TSS2_RETRY_EXP(Tss2_Sys_EvictControl(sapi_context, TPM_RH_OWNER, handle2048ek,
&sessionsData, ctx.persistent_handle, &sessionsDataOut));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("EvictControl failed. Could not make EK persistent."
"TPM Error:0x%x", rval);
Expand All @@ -227,7 +227,7 @@ static bool create_ek_handle(TSS2_SYS_CONTEXT *sapi_context) {

LOG_INFO("EvictControl EK persistent success.");

rval = Tss2_Sys_FlushContext(sapi_context, handle2048ek);
rval = TSS2_RETRY_EXP(Tss2_Sys_FlushContext(sapi_context, handle2048ek));
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Flush transient EK failed. TPM Error:0x%x",
rval);
Expand Down
4 changes: 2 additions & 2 deletions tools/tpm2_getrandom.c
View file
Expand Up @@ -56,8 +56,8 @@ static bool get_random_and_save(TSS2_SYS_CONTEXT *sapi_context) {

TPM2B_DIGEST random_bytes = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer);

TPM_RC rval = Tss2_Sys_GetRandom(sapi_context, NULL, ctx.num_of_bytes,
&random_bytes, NULL);
TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_GetRandom(sapi_context, NULL, ctx.num_of_bytes,
&random_bytes, NULL));
if (rval != TSS2_RC_SUCCESS) {
LOG_ERR("TPM2_GetRandom Error. TPM Error:0x%x", rval);
return false;
Expand Down