85 changes: 76 additions & 9 deletions test/unit/test_tpm2_hierarchy.c
View file
Expand Up @@ -39,55 +39,120 @@ static void test_tpm2_hierarchy_from_optarg_NULL(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg(NULL, &h);
bool result = tpm2_hierarchy_from_optarg(NULL, &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_false(result);
}

static void test_tpm2_hierarchy_from_optarg_empty(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("", &h);
bool result = tpm2_hierarchy_from_optarg("", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_false(result);
}

static void test_tpm2_hierarchy_from_optarg_invalid_id(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("q", &h);
bool result = tpm2_hierarchy_from_optarg("q", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_false(result);
}

static void test_tpm2_hierarchy_from_optarg_invalid_str(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("nope", &h);
bool result = tpm2_hierarchy_from_optarg("nope", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_false(result);
}

static void test_tpm2_hierarchy_from_optarg_valid_ids(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("o", &h);
bool result = tpm2_hierarchy_from_optarg("o", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, TPM2_RH_OWNER);

result = tpm2_hierarchy_from_optarg("p", &h);
result = tpm2_hierarchy_from_optarg("p", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, TPM2_RH_PLATFORM);

result = tpm2_hierarchy_from_optarg("e", &h);
result = tpm2_hierarchy_from_optarg("e", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, TPM2_RH_ENDORSEMENT);

result = tpm2_hierarchy_from_optarg("n", &h);
result = tpm2_hierarchy_from_optarg("n", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, TPM2_RH_NULL);

result = tpm2_hierarchy_from_optarg("0xBADC0DE", &h);
result = tpm2_hierarchy_from_optarg("0xBADC0DE", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, 0xBADC0DE);
}

static void test_tpm2_hierarchy_from_optarg_valid_ids_disabled(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("o", &h,
TPM2_HIERARCHY_FLAGS_N);
assert_false(result);

result = tpm2_hierarchy_from_optarg("p", &h,
TPM2_HIERARCHY_FLAGS_O);
assert_false(result);

result = tpm2_hierarchy_from_optarg("e", &h,
TPM2_HIERARCHY_FLAGS_P);
assert_false(result);

result = tpm2_hierarchy_from_optarg("n", &h,
TPM2_HIERARCHY_FLAGS_E);
assert_false(result);

result = tpm2_hierarchy_from_optarg("0xBADC0DE", &h,
TPM2_HIERARCHY_FLAGS_NONE);
assert_true(result);
assert_int_equal(h, 0xBADC0DE);
}

static void test_tpm2_hierarchy_from_optarg_valid_ids_enabled(void **state) {
UNUSED(state);

TPMI_RH_PROVISION h;
bool result = tpm2_hierarchy_from_optarg("o", &h,
TPM2_HIERARCHY_FLAGS_O);
assert_true(result);
assert_int_equal(h, TPM2_RH_OWNER);

result = tpm2_hierarchy_from_optarg("p", &h,
TPM2_HIERARCHY_FLAGS_P);
assert_true(result);
assert_int_equal(h, TPM2_RH_PLATFORM);

result = tpm2_hierarchy_from_optarg("e", &h,
TPM2_HIERARCHY_FLAGS_E);
assert_true(result);
assert_int_equal(h, TPM2_RH_ENDORSEMENT);

result = tpm2_hierarchy_from_optarg("n", &h,
TPM2_HIERARCHY_FLAGS_N);
assert_true(result);
assert_int_equal(h, TPM2_RH_NULL);

result = tpm2_hierarchy_from_optarg("0xBADC0DE", &h,
TPM2_HIERARCHY_FLAGS_ALL);
assert_true(result);
assert_int_equal(h, 0xBADC0DE);
}
Expand All @@ -102,6 +167,8 @@ int main(int argc, char* argv[]) {
cmocka_unit_test(test_tpm2_hierarchy_from_optarg_invalid_id),
cmocka_unit_test(test_tpm2_hierarchy_from_optarg_invalid_str),
cmocka_unit_test(test_tpm2_hierarchy_from_optarg_valid_ids),
cmocka_unit_test(test_tpm2_hierarchy_from_optarg_valid_ids_disabled),
cmocka_unit_test(test_tpm2_hierarchy_from_optarg_valid_ids_enabled),
};

return cmocka_run_group_tests(tests, NULL, NULL);
Expand Down
33 changes: 3 additions & 30 deletions tools/tpm2_createprimary.c
View file
Expand Up @@ -43,6 +43,7 @@

#include "files.h"
#include "log.h"
#include "tpm2_hierarchy.h"
#include "tpm2_alg_util.h"
#include "tpm2_attr_util.h"
#include "tpm2_options.h"
Expand Down Expand Up @@ -189,42 +190,14 @@ int create_primary(TSS2_SYS_CONTEXT *sapi_context) {
return 0;
}

static bool hierarchy_value_from_string(const char *value, TPMI_RH_HIERARCHY *hierarchy) {

switch (value[0]) {
case 'e':
*hierarchy = TPM2_RH_ENDORSEMENT;
break;
case 'n':
*hierarchy = TPM2_RH_NULL;
break;
case 'o':
*hierarchy = TPM2_RH_OWNER;
break;
case 'p':
*hierarchy = TPM2_RH_PLATFORM;
break;
default:
return false;
}

bool result = value[1] == '\0';

if (!result) {
LOG_ERR("Incorrect hierarchy value, got: \"%s\", expected o|p|e|n",
value);
}

return result;
}

static bool on_option(char key, char *value) {

bool res;

switch(key) {
case 'H':
res = hierarchy_value_from_string(value, &ctx.hierarchy);
res = tpm2_hierarchy_from_optarg(value, &ctx.hierarchy,
TPM2_HIERARCHY_FLAGS_ALL);
if (!res) {
return false;
}
Expand Down
27 changes: 3 additions & 24 deletions tools/tpm2_evictcontrol.c
View file
Expand Up @@ -42,6 +42,7 @@

#include "files.h"
#include "log.h"
#include "tpm2_hierarchy.h"
#include "tpm2_options.h"
#include "tpm2_password_util.h"
#include "tpm2_tool.h"
Expand Down Expand Up @@ -87,36 +88,14 @@ static int evict_control(TSS2_SYS_CONTEXT *sapi_context) {
return true;
}

static bool auth_value_from_string(const char *value, TPMI_RH_PROVISION *auth) {

switch (value[0]) {
case 'o':
*auth = TPM2_RH_OWNER;
break;
case 'p':
*auth = TPM2_RH_PLATFORM;
break;
default:
return false;
}

bool result = value[1] == '\0';

if (!result) {
LOG_ERR("Incorrect auth value, got: \"%s\", expected o|p",
value);
}

return result;
}

static bool on_option(char key, char *value) {

bool result;

switch (key) {
case 'A':
result = auth_value_from_string(value, &ctx.auth);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
return false;
}
Expand Down
18 changes: 7 additions & 11 deletions tools/tpm2_nvdefine.c
View file
Expand Up @@ -40,6 +40,7 @@
#include "files.h"
#include "log.h"
#include "tpm2_attr_util.h"
#include "tpm2_hierarchy.h"
#include "tpm2_options.h"
#include "tpm2_password_util.h"
#include "tpm2_session.h"
Expand All @@ -49,7 +50,7 @@
typedef struct tpm_nvdefine_ctx tpm_nvdefine_ctx;
struct tpm_nvdefine_ctx {
UINT32 nvIndex;
UINT32 authHandle;
TPMI_RH_PROVISION auth;
UINT16 size;
TPMA_NV nvAttribute;
TPM2B_AUTH nvAuth;
Expand All @@ -58,7 +59,7 @@ struct tpm_nvdefine_ctx {
};

static tpm_nvdefine_ctx ctx = {
.authHandle = TPM2_RH_PLATFORM,
.auth = TPM2_RH_PLATFORM,
.nvAttribute = 0,
.session_data = TPMS_AUTH_COMMAND_INIT(TPM2_RS_PW),
.nvAuth = TPM2B_EMPTY_INIT,
Expand Down Expand Up @@ -93,7 +94,7 @@ static int nv_space_define(TSS2_SYS_CONTEXT *sapi_context) {

public_info.nvPublic.dataSize = ctx.size;

TSS2_RC rval = TSS2_RETRY_EXP(Tss2_Sys_NV_DefineSpace(sapi_context, ctx.authHandle,
TSS2_RC rval = TSS2_RETRY_EXP(Tss2_Sys_NV_DefineSpace(sapi_context, ctx.auth,
&sessions_data, &ctx.nvAuth, &public_info, &sessions_data_out));
if (rval != TPM2_RC_SUCCESS) {
LOG_ERR("Failed to define NV area at index 0x%x (%d).Error:0x%x",
Expand Down Expand Up @@ -125,15 +126,10 @@ static bool on_option(char key, char *value) {
}
break;
case 'a':
result = tpm2_util_string_to_uint32(value, &ctx.authHandle);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
LOG_ERR("Could not convert auth handle to number, got: \"%s\"",
value);
return false;
}

if (ctx.authHandle == 0) {
LOG_ERR("Auth handle cannot be 0");
LOG_ERR("get h failed");
return false;
}
break;
Expand Down
13 changes: 4 additions & 9 deletions tools/tpm2_nvread.c
View file
Expand Up @@ -39,6 +39,7 @@
#include "files.h"
#include "log.h"
#include "pcr.h"
#include "tpm2_hierarchy.h"
#include "tpm2_nv_util.h"
#include "tpm2_options.h"
#include "tpm2_password_util.h"
Expand All @@ -50,7 +51,7 @@
typedef struct tpm_nvread_ctx tpm_nvread_ctx;
struct tpm_nvread_ctx {
UINT32 nv_index;
UINT32 auth_handle;
TPMI_RH_PROVISION auth_handle;
UINT32 size_to_read;
UINT32 offset;
TPMS_AUTH_COMMAND session_data;
Expand Down Expand Up @@ -183,15 +184,9 @@ static bool on_option(char key, char *value) {
}
break;
case 'a':
result = tpm2_util_string_to_uint32(value, &ctx.auth_handle);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth_handle,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
LOG_ERR("Could not convert auth handle to number, got: \"%s\"",
value);
return false;
}

if (ctx.auth_handle == 0) {
LOG_ERR("Auth handle cannot be 0");
return false;
}
break;
Expand Down
13 changes: 4 additions & 9 deletions tools/tpm2_nvreadlock.c
View file
Expand Up @@ -39,6 +39,7 @@
#include <sapi/tpm20.h>

#include "log.h"
#include "tpm2_hierarchy.h"
#include "tpm2_options.h"
#include "tpm2_password_util.h"
#include "tpm2_session.h"
Expand All @@ -48,7 +49,7 @@
typedef struct tpm_nvreadlock_ctx tpm_nvreadlock_ctx;
struct tpm_nvreadlock_ctx {
UINT32 nv_index;
UINT32 auth_handle;
TPMI_RH_PROVISION auth_handle;
UINT32 size_to_read;
UINT32 offset;
TPMS_AUTH_COMMAND session_data;
Expand Down Expand Up @@ -95,15 +96,9 @@ static bool on_option(char key, char *value) {
}
break;
case 'a':
result = tpm2_util_string_to_uint32(value, &ctx.auth_handle);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth_handle,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
LOG_ERR("Could not convert auth handle to number, got: \"%s\"",
value);
return false;
}

if (ctx.auth_handle == 0) {
LOG_ERR("Auth handle cannot be 0");
return false;
}
break;
Expand Down
12 changes: 4 additions & 8 deletions tools/tpm2_nvrelease.c
View file
Expand Up @@ -37,6 +37,7 @@
#include <sapi/tpm20.h>

#include "log.h"
#include "tpm2_hierarchy.h"
#include "tpm2_options.h"
#include "tpm2_password_util.h"
#include "tpm2_session.h"
Expand All @@ -46,7 +47,7 @@
typedef struct tpm_nvrelease_ctx tpm_nvrelease_ctx;
struct tpm_nvrelease_ctx {
UINT32 nv_index;
UINT32 auth_handle;
TPMI_RH_PROVISION auth_handle;
TPMS_AUTH_COMMAND session_data;
};

Expand Down Expand Up @@ -91,17 +92,12 @@ static bool on_option(char key, char *value) {
}
break;
case 'a':
result = tpm2_util_string_to_uint32(value, &ctx.auth_handle);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth_handle,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
LOG_ERR("Could not convert auth handle to number, got: \"%s\"",
value);
return false;
}

if (ctx.auth_handle == 0) {
LOG_ERR("Auth handle cannot be 0");
return false;
}
break;
case 'S': {
tpm2_session *s = tpm2_session_restore(value);
Expand Down
13 changes: 4 additions & 9 deletions tools/tpm2_nvwrite.c
View file
Expand Up @@ -42,6 +42,7 @@
#include "files.h"
#include "log.h"
#include "pcr.h"
#include "tpm2_hierarchy.h"
#include "tpm2_nv_util.h"
#include "tpm2_password_util.h"
#include "tpm2_policy.h"
Expand All @@ -52,7 +53,7 @@
typedef struct tpm_nvwrite_ctx tpm_nvwrite_ctx;
struct tpm_nvwrite_ctx {
UINT32 nv_index;
UINT32 auth_handle;
TPMI_RH_PROVISION auth_handle;
UINT16 data_size;
UINT8 nv_buffer[TPM2_MAX_NV_BUFFER_SIZE];
TPMS_AUTH_COMMAND session_data;
Expand Down Expand Up @@ -160,15 +161,9 @@ static bool on_option(char key, char *value) {
}
break;
case 'a':
result = tpm2_util_string_to_uint32(value, &ctx.auth_handle);
result = tpm2_hierarchy_from_optarg(value, &ctx.auth_handle,
TPM2_HIERARCHY_FLAGS_O|TPM2_HIERARCHY_FLAGS_P);
if (!result) {
LOG_ERR("Could not convert auth handle to number, got: \"%s\"",
value);
return false;
}

if (ctx.auth_handle == 0) {
LOG_ERR("Auth handle cannot be 0");
return false;
}
break;
Expand Down