.ci/travis-build-and-run-tests.sh

@@ -133,7 +133,7 @@ popd
 pushd ./test/system
 
 # Run the tests on ALL device TCTIs configuration
-PATH=$(pwd)/../../build/tools:${PATH} ./test.sh --plain
+PATH=$(pwd)/../../build/tools:${PATH} ./test.sh -p -t abrmd
 
 # done go back to tpm2-tools directory
 popd

Makefile.am

@@ -81,13 +81,16 @@ bin_PROGRAMS = \
     tools/tpm2_pcrevent \
     tools/tpm2_pcrextend \
     tools/tpm2_pcrlist \
+    tools/tpm2_policypcr \
+    tools/tpm2_policyrestart \
     tools/tpm2_quote \
     tools/tpm2_rc_decode \
     tools/tpm2_readpublic \
     tools/tpm2_rsadecrypt \
     tools/tpm2_rsaencrypt \
     tools/tpm2_send \
     tools/tpm2_sign \
+    tools/tpm2_startauthsession \
     tools/tpm2_startup \
     tools/tpm2_unseal \
     tools/tpm2_verifysignature
@@ -197,6 +200,9 @@ tools_tpm2_pcrevent_SOURCES = tools/tpm2_pcrevent.c $(TOOL_SRC)
 tools_tpm2_rc_decode_SOURCES = tools/tpm2_rc_decode.c $(TOOL_SRC)
 tools_tpm2_import_SOURCES = tools/tpm2_import.c $(TOOL_SRC)
 tools_tpm2_flushcontext_SOURCES = tools/tpm2_flushcontext.c $(TOOL_SRC)
+tools_tpm2_startauthsession_SOURCES = tools/tpm2_startauthsession.c $(TOOL_SRC)
+tools_tpm2_policypcr_SOURCES = tools/tpm2_policypcr.c $(TOOL_SRC)
+tools_tpm2_policyrestart_SOURCES = tools/tpm2_policyrestart.c $(TOOL_SRC)
 
 if UNIT
 TESTS = $(check_PROGRAMS)
@@ -257,7 +263,11 @@ test_unit_test_tpm2_errata_LDADD    = $(CMOCKA_LIBS) $(LIB_COMMON)
 test_unit_test_tpm2_errata_SOURCES  = test/unit/test_tpm2_errata.c
 
 test_unit_test_tpm2_session_CFLAGS   = $(AM_CFLAGS) $(CMOCKA_CFLAGS)
-test_unit_test_tpm2_session_LDFLAGS  = -Wl,--wrap=Tss2_Sys_StartAuthSession
+test_unit_test_tpm2_session_LDFLAGS  = -Wl,--wrap=Tss2_Sys_StartAuthSession \
+                                       -Wl,--wrap=Tss2_Sys_ContextSave \
+                                       -Wl,--wrap=Tss2_Sys_ContextLoad \
+                                       -Wl,--wrap=Tss2_Sys_PolicyRestart
+
 test_unit_test_tpm2_session_LDADD    = $(CMOCKA_LIBS) $(LIB_COMMON) $(LDADD)
 test_unit_test_tpm2_session_SOURCES  = test/unit/test_tpm2_session.c
 
@@ -317,13 +327,16 @@ if HAVE_PANDOC
     man/man1/tpm2_pcrevent.1 \
     man/man1/tpm2_pcrextend.1 \
     man/man1/tpm2_pcrlist.1 \
+    man/man1/tpm2_policypcr.1 \
+    man/man1/tpm2_policyrestart.1 \
     man/man1/tpm2_quote.1 \
     man/man1/tpm2_rc_decode.1 \
     man/man1/tpm2_readpublic.1 \
     man/man1/tpm2_rsadecrypt.1 \
     man/man1/tpm2_rsaencrypt.1 \
     man/man1/tpm2_send.1 \
     man/man1/tpm2_sign.1 \
+    man/man1/tpm2_startauthsession.1 \
     man/man1/tpm2_startup.1 \
     man/man1/tpm2_unseal.1 \
     man/man1/tpm2_verifysignature.1

lib/files.c

@@ -154,7 +154,7 @@ bool files_save_bytes_to_file(const char *path, UINT8 *buf, UINT16 size) {
 #define CONTEXT_VERSION 1
 
 bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle,
-        const char *path) {
+        FILE *stream) {
 
     TPMS_CONTEXT context;
 
@@ -166,13 +166,6 @@ bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE ha
         return false;
     }
 
-    FILE *f = fopen(path, "w+b");
-    if (!f) {
-        LOG_ERR("Error opening file \"%s\" due to error: %s", path,
-                strerror(errno));
-        return false;
-    }
-
     /*
      * Saving the TPMS_CONTEXT structure to disk, format:
      * TPM2.0-TOOLS HEADER
@@ -182,64 +175,72 @@ bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE ha
      * U16 contextBlobLength
      * BYTE[] contextBlob
      */
-    bool result = files_write_header(f, CONTEXT_VERSION);
+    bool result = files_write_header(stream, CONTEXT_VERSION);
     if (!result) {
-        LOG_ERR("Could not write header for file: \"%s\"", path);
+        LOG_ERR("Could not write context file header");
         goto out;
     }
 
     // UINT32
-    result = files_write_32(f, context.hierarchy);
+    result = files_write_32(stream, context.hierarchy);
     if (!result) {
-        LOG_ERR("Could not write hierarchy for file: \"%s\"", path);
+        LOG_ERR("Could not write hierarchy");
         goto out;
     }
 
-    result = files_write_32(f, context.savedHandle);
+    result = files_write_32(stream, context.savedHandle);
     if (!result) {
-        LOG_ERR("Could not write savedHandle for file: \"%s\"", path);
+        LOG_ERR("Could not write savedHandle");
         goto out;
     }
 
     // UINT64
-    result = files_write_64(f, context.sequence);
+    result = files_write_64(stream, context.sequence);
     if (!result) {
-        LOG_ERR("Could not write sequence for file: \"%s\"", path);
+        LOG_ERR("Could not write sequence");
         goto out;
     }
 
     // U16 LENGTH
-    result = files_write_16(f, context.contextBlob.size);
+    result = files_write_16(stream, context.contextBlob.size);
     if (!result) {
-        LOG_ERR("Could not write contextBob size file: \"%s\"", path);
+        LOG_ERR("Could not write contextBob size");
         goto out;
     }
 
     // BYTE[] contextBlob
-    result = files_write_bytes(f, context.contextBlob.buffer,
+    result = files_write_bytes(stream, context.contextBlob.buffer,
             context.contextBlob.size);
     if (!result) {
-        LOG_ERR("Could not write contextBlob buffer for file: \"%s\"", path);
+        LOG_ERR("Could not write contextBlob buffer");
     }
     /* result is set by file_write_bytes() */
 
 out:
-    fclose(f);
     return result;
 }
 
-bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
-        TPM2_HANDLE *handle, const char *path) {
-
-    TSS2_RC rval;
+bool files_save_tpm_context_to_path(TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle,
+        const char *path) {
 
-    FILE *f = fopen(path, "rb");
+    FILE *f = fopen(path, "w+b");
     if (!f) {
         LOG_ERR("Error opening file \"%s\" due to error: %s", path,
                 strerror(errno));
         return false;
     }
 
+    bool result = files_save_tpm_context_to_file(sysContext, handle, f);
+    fclose(f);
+    return result;
+}
+
+
+bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
+        TPM2_HANDLE *handle, FILE *fstream) {
+
+    TSS2_RC rval;
+
     /*
      * Reading the TPMS_CONTEXT structure to disk, format:
      * TPM2.0-TOOLS HEADER
@@ -251,15 +252,15 @@ bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
      */
     UINT32 version;
     TPMS_CONTEXT context;
-    bool result = files_read_header(f, &version);
+    bool result = files_read_header(fstream, &version);
     if (!result) {
         LOG_WARN(
-                "The tpm context file \"%s\" does not appear in the proper format, assuming old format, this will be converted on the next save.",
-                path);
-        rewind(f);
-        result = files_read_bytes(f, (UINT8 *) &context, sizeof(context));
+            "The loaded tpm context does not appear to be in the proper format,"
+            "assuming old format, this will be converted on the next save.");
+        rewind(fstream);
+        result = files_read_bytes(fstream, (UINT8 *) &context, sizeof(context));
         if (!result) {
-            LOG_ERR("Could not load file \"%s\" into tpm context", path);
+            LOG_ERR("Could not load tpm context file");
             goto out;
         }
         /* Success load the context into the TPM */
@@ -273,25 +274,25 @@ bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
         goto out;
     }
 
-    result = files_read_32(f, &context.hierarchy);
+    result = files_read_32(fstream, &context.hierarchy);
     if (!result) {
         LOG_ERR("Error reading hierarchy!");
         goto out;
     }
 
-    result = files_read_32(f, &context.savedHandle);
+    result = files_read_32(fstream, &context.savedHandle);
     if (!result) {
         LOG_ERR("Error reading savedHandle!");
         goto out;
     }
 
-    result = files_read_64(f, &context.sequence);
+    result = files_read_64(fstream, &context.sequence);
     if (!result) {
         LOG_ERR("Error reading sequence!");
         goto out;
     }
 
-    result = files_read_16(f, &context.contextBlob.size);
+    result = files_read_16(fstream, &context.contextBlob.size);
     if (!result) {
         LOG_ERR("Error reading contextBlob.size!");
         goto out;
@@ -306,7 +307,7 @@ bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
         goto out;
     }
 
-    result = files_read_bytes(f, context.contextBlob.buffer,
+    result = files_read_bytes(fstream, context.contextBlob.buffer,
             context.contextBlob.size);
     if (!result) {
         LOG_ERR("Error reading contextBlob.size!");
@@ -324,6 +325,21 @@ bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
     result = true;
 
 out:
+    return result;
+}
+
+bool files_load_tpm_context_from_path(TSS2_SYS_CONTEXT *sapi_context,
+        TPM2_HANDLE *handle, const char *path) {
+
+    FILE *f = fopen(path, "rb");
+    if (!f) {
+        LOG_ERR("Error opening file \"%s\" due to error: %s", path,
+                strerror(errno));
+        return false;
+    }
+
+    bool result = files_load_tpm_context_from_file(sapi_context, handle, f);
+
     fclose(f);
     return result;
 }

lib/files.h

@@ -93,7 +93,21 @@ bool files_save_bytes_to_file(const char *path, UINT8 *buf, UINT16 size);
  * @return
  *  True on success, False on error.
  */
-bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle, const char *path);
+bool files_save_tpm_context_to_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle, const char *path);
+
+/**
+ * Like files_save_tpm_context_to_path() but saves a tpm session to a FILE stream.
+ * @param sapi_context
+ *  The system api context
+ * @param handle
+ *  The object handle for the object to save.
+ * @param stream
+ *  The FILE stream to save too.
+ * @return
+ *  True on success, False on error.
+ */
+bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle,
+        FILE *stream);
 
 /**
  * Loads a TPM object context from disk.
@@ -106,7 +120,21 @@ bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE
  * @return
  *  True on Success, false on error.
  */
-bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE *handle, const char *path);
+bool files_load_tpm_context_from_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE *handle, const char *path);
+
+/**
+ * Like files_load_tpm_context_from_path() but loads the context from a FILE stream.
+ * @param sapi_context
+ *  The system API context
+ * @param handle
+ *  The object handle that was saved.
+ * @param stream
+ *  The FILE stream to read from.
+ * @return
+ *  True on success, False on error.
+ */
+bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
+        TPM2_HANDLE *handle, FILE *stream);
 
 /**
  * Serializes a TPM2B_PUBLIC to the file path provided.

lib/tpm2_policy.c

@@ -166,7 +166,7 @@ static bool tpm2_policy_pcr_build(TSS2_SYS_CONTEXT *sapi_context,
     }
 
     // Call the PolicyPCR command
-    TPMI_SH_AUTH_SESSION handle = tpm2_session_get_session_handle(
+    TPMI_SH_AUTH_SESSION handle = tpm2_session_get_handle(
             policy_session);
 
     TSS2_RC rval = Tss2_Sys_PolicyPCR(sapi_context, handle,
@@ -199,7 +199,7 @@ bool tpm2_policy_get_digest(TSS2_SYS_CONTEXT *sapi_context,
         tpm2_session *session,
         TPM2B_DIGEST *policy_digest) {
 
-    TPMI_SH_AUTH_SESSION handle = tpm2_session_get_session_handle(session);
+    TPMI_SH_AUTH_SESSION handle = tpm2_session_get_handle(session);
 
     TPM2_RC rval = Tss2_Sys_PolicyGetDigest(sapi_context, handle,
     NULL, policy_digest, NULL);