CHANGELOG

@@ -1,4 +1,5 @@
 next
+* Install is now to bin vs sbin. Ensure that sbin tools get removed!
 * make dist and distcheck are now working.
 * installation into customized locations are now working, see issue #402 for details.
 * tpm2_pcrlist: renamed from tpm2_listpcrs.

Makefile.am

@@ -45,7 +45,7 @@ LDADD = \
     $(LIB_COMMON) $(SAPI_LIBS) $(TCTI_SOCK_LIBS) $(TCTI_TABRMD_LIBS) \
     $(TCTI_DEV_LIBS) $(CRYPTO_LIBS)
 
-sbin_PROGRAMS = \
+bin_PROGRAMS = \
     tools/tpm2_create \
     tools/tpm2_createprimary \
     tools/tpm2_load \
@@ -96,8 +96,6 @@ lib_libcommon_a_SOURCES = \
     lib/log.h \
     lib/options.c \
     lib/options.h \
-    lib/password_util.c \
-    lib/password_util.h \
     lib/pcr.c \
     lib/pcr.h \
     lib/rc-decode.c \
@@ -107,6 +105,8 @@ lib_libcommon_a_SOURCES = \
     lib/tpm2_header.h \
     lib/tpm2_nv_util.c \
     lib/tpm2_nv_util.h \
+    lib/tpm2_password_util.c \
+    lib/tpm2_password_util.h \
     lib/tpm2_policy.c \
     lib/tpm2_policy.h \
     lib/tpm2_util.c \
@@ -176,7 +176,8 @@ check_PROGRAMS = \
     test/unit/test_tpm2_header \
     test/unit/test_tpm2_nv_util \
     test/unit/test_tpm2_alg_util \
-    test/unit/test_pcr
+    test/unit/test_pcr \
+    test/unit/test_tpm2_password_util
 
 test_unit_tpm2_rc_decode_unit_CFLAGS  = $(AM_CFLAGS) $(CMOCKA_CFLAGS)
 test_unit_tpm2_rc_decode_unit_LDADD   = $(CMOCKA_LIBS) $(LIB_COMMON)
@@ -211,6 +212,10 @@ test_unit_test_pcr_CFLAGS   = $(AM_CFLAGS) $(CMOCKA_CFLAGS)
 test_unit_test_pcr_LDADD    = $(CMOCKA_LIBS) $(LIB_COMMON)
 test_unit_test_pcr_SOURCES  = test/unit/test_pcr.c
 
+test_unit_test_tpm2_password_util_CFLAGS   = $(AM_CFLAGS) $(CMOCKA_CFLAGS)
+test_unit_test_tpm2_password_util_LDADD    = $(CMOCKA_LIBS) $(LIB_COMMON)
+test_unit_test_tpm2_password_util_SOURCES  = test/unit/test_tpm2_password_util.c
+
 endif
 
 EXTRA_DIST = $(top_srcdir)/man
@@ -256,7 +261,12 @@ man8_MANS = \
     man/man8/tpm2_createpolicy.8 \
     man/man8/tpm2_pcrextend.8
 
-man/man8/%.8 : man/%.8.in man/common-options.troff man/tcti-options.troff man/tcti-environment.troff man/alg-common.troff man/hash-alg-common.troff man/object-alg-common.troff man/sign-alg-common.troff
+MAN_DEPS := man/common-options.troff man/tcti-options.troff \
+           man/tcti-environment.troff man/alg-common.troff \
+           man/hash-alg-common.troff man/object-alg-common.troff \
+           man/sign-alg-common.troff man/password-fmt-common.troff
+
+man/man8/%.8 : man/%.8.in $(MAN_DEPS)
 	rm -f $@
 	mkdir -p man/man8
 if HAVE_TCTI_DEV
@@ -279,6 +289,8 @@ endif
 	    -e '/@OBJECT_ALG_COMMON_INCLUDE@/d' \
 	    -e '/@SIGN_ALG_COMMON_INCLUDE@/r man/sign-alg-common.troff' \
 	    -e '/@SIGN_ALG_COMMON_INCLUDE@/d' \
+	    -e '/@PASSWORD_FORMAT_COMMON_INCLUDE@/r man/password-fmt-common.troff' \
+	    -e '/@PASSWORD_FORMAT_COMMON_INCLUDE@/d' \
 	    < $< >> $@
 
 CLEANFILES = $(man8_MANS)

lib/tpm2_password_util.c

@@ -0,0 +1,52 @@
+#include <stdbool.h>
+
+#include <sapi/tpm20.h>
+
+#include "log.h"
+#include "tpm2_password_util.h"
+#include "tpm2_util.h"
+
+#define HEX_PREFIX "hex:"
+#define HEX_PREFIX_LEN sizeof(HEX_PREFIX) - 1
+
+#define STR_PREFIX "str:"
+#define STR_PREFIX_LEN sizeof(STR_PREFIX) - 1
+
+bool tpm2_password_util_from_optarg(const char *password, TPM2B_AUTH *dest) {
+
+    bool is_hex = !strncmp(password, HEX_PREFIX, HEX_PREFIX_LEN);
+    if (!is_hex) {
+
+        /* str may or may not have the str: prefix */
+        bool is_str_prefix = !strncmp(password, STR_PREFIX, STR_PREFIX_LEN);
+        if (is_str_prefix) {
+            password += STR_PREFIX_LEN;
+        }
+
+        /*
+         * Per the man page:
+         * "a return value of size or more means that the output was  truncated."
+         */
+        size_t wrote = snprintf((char *)&dest->t.buffer, BUFFER_SIZE(typeof(*dest), buffer), "%s", password);
+        if (wrote >= BUFFER_SIZE(typeof(*dest), buffer)) {
+            dest->t.size = 0;
+            return false;
+        }
+
+        dest->t.size = wrote;
+
+        return true;
+    }
+
+    /* if it is hex, then skip the prefix */
+    password += HEX_PREFIX_LEN;
+
+    dest->t.size = BUFFER_SIZE(typeof(*dest), buffer);
+    int rc = tpm2_util_hex_to_byte_structure(password, &dest->t.size, dest->t.buffer);
+    if (rc) {
+        dest->t.size = 0;
+        return false;
+    }
+
+    return true;
+}

lib/tpm2_password_util.h

@@ -0,0 +1,36 @@
+#ifndef SRC_PASSWORD_UTIL_H_
+#define SRC_PASSWORD_UTIL_H_
+
+#include <sapi/tpm20.h>
+
+/**
+ * Convert a password argument to a valid TPM2B_AUTH structure. Passwords can
+ * be specified in two forms: string and hex-string and are identified by a
+ * prefix of str: and hex: respectively. No prefix assumes the str form.
+ *
+ * For example, a string can be specified as:
+ * "1234"
+ * "str:1234"
+ *
+ * And a hexstring via:
+ * "hex:1234abcd"
+ *
+ * Strings are copied verbatim to the TPM2B_AUTH buffer without the terminating NULL byte,
+ * Hex strings differ only from strings in that they are converted to a byte array when
+ * storing. At the end of storing, the size field is set to the size of bytes of the
+ * password.
+ *
+ * If your password starts with a hex: prefix and you need to escape it, just use the string
+ * prefix to escape it, like so:
+ * "str:hex:password"
+ *
+ * @param password
+ *  The optarg containing the password string.
+ * @param dest
+ *  The TPM2B_AUTH structure to copy the string into.
+ * @return
+ *  true on success, false on failure.
+ */
+bool tpm2_password_util_from_optarg(const char *password, TPM2B_AUTH *dest);
+
+#endif /* SRC_PASSWORD_UTIL_H_ */

man/password-fmt-common.troff

@@ -0,0 +1,11 @@
+
+Passwords are interpreted in two forms, string and hex-string. A string password is not
+interpreted, and is directly used for authorization. A hex-string, is converted from
+a hexidecimal form into a byte array form, thus allowing passwords with non-printable
+and/or terminal un-friendly characters.
+
+By default passwords are assumed to be in the string form. Password form is specified
+with special prefix values, they are:
+  str: - Used to indicate it is a raw string. Useful for escaping a password that starts
+         with the "hex:" prefix.
+  hex: - Used when specifying a password in hex string format.

man/tpm2_activatecredential.8.in

@@ -60,19 +60,17 @@ Loaded key used to decrypt the the random seed
 filename for keyHandle context
 .TP
 \fB\-P ,\-\-Password\fR
-the handle's password, optional
+the handle's password, optional.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-e ,\-\-endorsePasswd\fR
-the endorsement password, optional
+the endorsement password, optional. Follows the same formating guidelines as the handle password option -P.
 .TP
 \fB\-f ,\-\-inFile\fR
 Input file path, containing the two structures  needed by tpm2_activatecredential function 
 .TP
 \fB\-o ,\-\-outFile\fR
 Output file path, record the secret to decrypt  the certificate 
-.TP
-\fB\-X ,\-\-passwdInHex\fR
-passwords given by any options are hex format.
 @COMMON_OPTIONS_INCLUDE@
 @TCTI_OPTIONS_INCLUDE@
 .SH ENVIRONMENT\@TCTI_ENVIRONMENT_INCLUDE@

man/tpm2_certify.8.in

@@ -69,20 +69,19 @@ handle of the key used to sign the attestation  structure
 filename of the key context used to sign the  attestation structure 
 .TP
 \fB\-P ,\-\-pwdo\fR
-the object handle's password, optional
+the object handle's password, optional.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-K ,\-\-pwdk\fR
-the keyHandle's password, optional
+the keyHandle's password, optional. Follows the same formatting guidelines
+as the object handle password or -P option.
 @HALG_COMMON_INCLUDE@
 .TP
 \fB\-a ,\-\-attestFile\fR
 output file name, record the attestation structure
 .TP
 \fB\-s ,\-\-sigFile\fR
 output file name, record the signature structure
-.TP
-\fB\-X ,\-\-passwdInHex\fR
-passwords given by any options are hex format.
 @COMMON_OPTIONS_INCLUDE@
 @TCTI_OPTIONS_INCLUDE@
 .SH ENVIRONMENT\@TCTI_ENVIRONMENT_INCLUDE@

man/tpm2_create.8.in

@@ -48,10 +48,11 @@ parent handle
 filename for parent context
 .TP
 \fB\-P ,\-\-pwdp\fR
-password for parent key, optional
+password for parent key, optional.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-K ,\-\-pwdk\fR
-password for key, optional
+password for key, optional. Follows the password formatting of the "password for parent key" option: -P.
 .TP
 \fB\-g ,\-\-halg\fR
 The hash algorithm to use.
@@ -81,9 +82,6 @@ the output file which contains the public key,  optional
 \fB\-O ,\-\-opr\fR
 the output file which contains the private key,  optional 
 .TP
-\fB\-X ,\-\-passwdInHex\fR
-passwords given by any options are hex format.
-.TP
 \fB\-S ,\-\-input-session-handle\fR
 Optional Input session handle from a policy session for authorization.
 @COMMON_OPTIONS_INCLUDE@

man/tpm2_createprimary.8.in

@@ -48,9 +48,11 @@ Supported options are:
 .TP
 \fB\-P\fR,\ \fB\-\-pwdp\fR=[string]
 Optional authorization string if authorization is required to create object under the specified hierarchy.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-K\fR,\ \fB\-\-pwdk\fR=[string]
-Optional authorization string for the newly created object.
+Optional authorization string for the newly created object. Follows the same password formating guidelines
+as the parent authorization string under the -P option.
 .TP
 \fB\-g\fR,\ \fB\-\-halg\fR
 Hash algorithm used in the computation of the object name.

man/tpm2_dictionarylockout.8.in

@@ -44,8 +44,9 @@ specifies the tool should operate to setup dictionary-attack-lockout parameters.
 \fB\-c ,\-\-clear-lockout\fR
 specifies the tool should operate to clear dictionary-attack-lockout state.
 .TP
-\fB\-p ,\-\-lockout-passwd\fR
+\fB\-P ,\-\-lockout-passwd\fR
 specifies the password of TPM_RH_LOCKOUT required for both setting up parameters / clearing dictionary-attack-lockout state.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-l ,\-\-lockout-recovery-time\fR
 specifies the wait time in seconds before another TPM_RH_LOCKOUT authentication attempt can be made after a failed authentication. 

man/tpm2_encryptdecrypt.8.in

@@ -48,7 +48,8 @@ the symmetric key used for the operation  (encryption/decryption)
 filename of the key context used for the  operation 
 .TP
 \fB\-P ,\-\-pwdk\fR
-the password of key, optional
+the key password, optional.
+@PASSWORD_FORMAT_COMMON_INCLUDE@
 .TP
 \fB\-D ,\-\-decrypt\fR
 the operation type, default NO, optional  YES the operation is decryption   NO the operation is encryption 
@@ -59,9 +60,6 @@ Input file path, containing the data to be  operated
 \fB\-o ,\-\-outFile\fR
 Output file path, record the operated data
 .TP
-\fB\-X ,\-\-passwdInHex\fR
-passwords given by any options are hex format.
-.TP
 \fB\-S ,\-\-input-session-handle\fR
 Optional Input session handle from a policy session for authorization.
 @COMMON_OPTIONS_INCLUDE@