summaryrefslogtreecommitdiff
path: root/src/shared/tpm2-util.c
diff options
context:
space:
mode:
authorDan Streetman <ddstreet@ieee.org>2022-12-06 13:07:34 -0500
committerDan Streetman <ddstreet@ieee.org>2023-02-01 12:51:17 -0500
commit23e9ccc24ae0e7d3f3f609c69dbde171f1c55302 (patch)
tree122aa8d07ab25058f8f0bb530349be55705ce6c9 /src/shared/tpm2-util.c
parent68d084cee56e2686fb840106de20e267482183be (diff)
downloadsystemd-23e9ccc24ae0e7d3f3f609c69dbde171f1c55302.tar.gz
tpm2: use Tpm2Context* instead of ESYS_CONTEXT*
This is needed for later patches that use Tpm2Handle, which requires access to the Tpm2Context.
Diffstat (limited to 'src/shared/tpm2-util.c')
-rw-r--r--src/shared/tpm2-util.c90
1 files changed, 45 insertions, 45 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 0b02d7978c..43c760576c 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -119,13 +119,13 @@ static Tpm2Context *tpm2_context_free(Tpm2Context *c) {
DEFINE_TRIVIAL_REF_UNREF_FUNC(Tpm2Context, tpm2_context, tpm2_context_free);
-ESYS_TR tpm2_flush_context_verbose(ESYS_CONTEXT *c, ESYS_TR handle) {
+ESYS_TR tpm2_flush_context_verbose(Tpm2Context *c, ESYS_TR handle) {
TSS2_RC rc;
- if (!c || handle == ESYS_TR_NONE)
+ if (!c || !c->esys_context || handle == ESYS_TR_NONE)
return ESYS_TR_NONE;
- rc = sym_Esys_FlushContext(c, handle);
+ rc = sym_Esys_FlushContext(c->esys_context, handle);
if (rc != TSS2_RC_SUCCESS) /* We ignore failures here (besides debug logging), since this is called
* in error paths, where we cannot do anything about failures anymore. And
* when it is called in successful codepaths by this time we already did
@@ -248,7 +248,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
#define TPM2_CREDIT_RANDOM_FLAG_PATH "/run/systemd/tpm-rng-credited"
-static int tpm2_credit_random(ESYS_CONTEXT *c) {
+static int tpm2_credit_random(Tpm2Context *c) {
size_t rps, done = 0;
TSS2_RC rc;
usec_t t;
@@ -275,7 +275,7 @@ static int tpm2_credit_random(ESYS_CONTEXT *c) {
_cleanup_(Esys_Freep) TPM2B_DIGEST *buffer = NULL;
rc = sym_Esys_GetRandom(
- c,
+ c->esys_context,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -307,7 +307,7 @@ static int tpm2_credit_random(ESYS_CONTEXT *c) {
}
static int tpm2_make_primary(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
ESYS_TR *ret_primary,
TPMI_ALG_PUBLIC alg,
TPMI_ALG_PUBLIC *ret_alg) {
@@ -364,7 +364,7 @@ static int tpm2_make_primary(
if (IN_SET(alg, 0, TPM2_ALG_ECC)) {
rc = sym_Esys_CreatePrimary(
- c,
+ c->esys_context,
ESYS_TR_RH_OWNER,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
@@ -393,7 +393,7 @@ static int tpm2_make_primary(
if (IN_SET(alg, 0, TPM2_ALG_RSA)) {
rc = sym_Esys_CreatePrimary(
- c,
+ c->esys_context,
ESYS_TR_RH_OWNER,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
@@ -469,7 +469,7 @@ static unsigned find_nth_bit(uint32_t mask, unsigned n) {
}
static int tpm2_pcr_mask_good(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
TPMI_ALG_HASH bank,
uint32_t mask) {
@@ -487,7 +487,7 @@ static int tpm2_pcr_mask_good(
tpm2_pcr_mask_to_selection(mask, bank, &selection);
rc = sym_Esys_PCR_Read(
- c,
+ c->esys_context,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -551,7 +551,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) {
}
static int tpm2_get_best_pcr_bank(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
uint32_t pcr_mask,
TPMI_ALG_HASH *ret) {
@@ -564,7 +564,7 @@ static int tpm2_get_best_pcr_bank(
assert(c);
rc = sym_Esys_GetCapability(
- c,
+ c->esys_context,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -648,7 +648,7 @@ static int tpm2_get_best_pcr_bank(
}
int tpm2_get_good_pcr_banks(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
uint32_t pcr_mask,
TPMI_ALG_HASH **ret) {
@@ -663,7 +663,7 @@ int tpm2_get_good_pcr_banks(
assert(ret);
rc = sym_Esys_GetCapability(
- c,
+ c->esys_context,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -727,7 +727,7 @@ int tpm2_get_good_pcr_banks(
}
int tpm2_get_good_pcr_banks_strv(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
uint32_t pcr_mask,
char ***ret) {
@@ -785,7 +785,7 @@ static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) {
}
static int tpm2_make_encryption_session(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
ESYS_TR primary,
ESYS_TR bind_key,
const char *pin,
@@ -817,7 +817,7 @@ static int tpm2_make_encryption_session(
hash_pin(pin, strlen(pin), &auth);
- rc = sym_Esys_TR_SetAuth(c, bind_key, &auth);
+ rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key, &auth);
if (rc != TSS2_RC_SUCCESS)
return log_error_errno(
SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -831,7 +831,7 @@ static int tpm2_make_encryption_session(
* means that the random salt will be encrypted with the well-known key. That way, only the TPM can
* recover the salt, which is then used for key derivation. */
rc = sym_Esys_StartAuthSession(
- c,
+ c->esys_context,
primary,
bind_key,
ESYS_TR_NONE,
@@ -849,7 +849,7 @@ static int tpm2_make_encryption_session(
/* Enable parameter encryption/decryption with AES in CFB mode. Together with HMAC digests (which are
* always used for sessions), this provides confidentiality, integrity and replay protection for
* operations that use this session. */
- rc = sym_Esys_TRSess_SetAttributes(c, session, sessionAttributes, 0xff);
+ rc = sym_Esys_TRSess_SetAttributes(c->esys_context, session, sessionAttributes, 0xff);
if (rc != TSS2_RC_SUCCESS)
return log_error_errno(
SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -1048,7 +1048,7 @@ static int find_signature(
#endif
static int tpm2_make_policy_session(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
ESYS_TR primary,
ESYS_TR parent_session,
TPM2_SE session_type,
@@ -1125,7 +1125,7 @@ static int tpm2_make_policy_session(
#endif
rc = sym_Esys_StartAuthSession(
- c,
+ c->esys_context,
primary,
ESYS_TR_NONE,
parent_session,
@@ -1151,7 +1151,7 @@ static int tpm2_make_policy_session(
goto finish;
rc = sym_Esys_LoadExternal(
- c,
+ c->esys_context,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1174,7 +1174,7 @@ static int tpm2_make_policy_session(
/* Acquire the "name" of what we just loaded */
_cleanup_(Esys_Freep) TPM2B_NAME *pubkey_name = NULL;
rc = sym_Esys_TR_GetName(
- c,
+ c->esys_context,
pubkey_handle,
&pubkey_name);
if (rc != TSS2_RC_SUCCESS) {
@@ -1187,7 +1187,7 @@ static int tpm2_make_policy_session(
TPML_PCR_SELECTION pcr_selection;
tpm2_pcr_mask_to_selection(pubkey_pcr_mask, pcr_bank, &pcr_selection);
rc = sym_Esys_PolicyPCR(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1203,7 +1203,7 @@ static int tpm2_make_policy_session(
/* Get the policy hash of the PCR policy */
_cleanup_(Esys_Freep) TPM2B_DIGEST *approved_policy = NULL;
rc = sym_Esys_PolicyGetDigest(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1256,7 +1256,7 @@ static int tpm2_make_policy_session(
memcpy(policy_signature.signature.rsassa.sig.buffer, signature_raw, signature_size);
rc = sym_Esys_VerifySignature(
- c,
+ c->esys_context,
pubkey_handle,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1282,7 +1282,7 @@ static int tpm2_make_policy_session(
}
rc = sym_Esys_PolicyAuthorize(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1307,7 +1307,7 @@ static int tpm2_make_policy_session(
TPML_PCR_SELECTION pcr_selection;
tpm2_pcr_mask_to_selection(hash_pcr_mask, pcr_bank, &pcr_selection);
rc = sym_Esys_PolicyPCR(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1325,7 +1325,7 @@ static int tpm2_make_policy_session(
log_debug("Configuring PIN policy.");
rc = sym_Esys_PolicyAuthValue(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1342,7 +1342,7 @@ static int tpm2_make_policy_session(
log_debug("Acquiring policy digest.");
rc = sym_Esys_PolicyGetDigest(
- c,
+ c->esys_context,
session,
ESYS_TR_NONE,
ESYS_TR_NONE,
@@ -1456,17 +1456,17 @@ int tpm2_seal(const char *device,
if (r < 0)
return r;
- r = tpm2_make_primary(c->esys_context, &primary, 0, &primary_alg);
+ r = tpm2_make_primary(c, &primary, 0, &primary_alg);
if (r < 0)
return r;
/* we cannot use the bind key before its created */
- r = tpm2_make_encryption_session(c->esys_context, primary, ESYS_TR_NONE, NULL, &session);
+ r = tpm2_make_encryption_session(c, primary, ESYS_TR_NONE, NULL, &session);
if (r < 0)
goto finish;
r = tpm2_make_policy_session(
- c->esys_context,
+ c,
primary,
session,
TPM2_SE_TRIAL,
@@ -1506,7 +1506,7 @@ int tpm2_seal(const char *device,
assert(sizeof(hmac_sensitive.sensitive.data.buffer) >= hmac_sensitive.sensitive.data.size);
- (void) tpm2_credit_random(c->esys_context);
+ (void) tpm2_credit_random(c);
log_debug("Generating secret key data.");
@@ -1600,8 +1600,8 @@ int tpm2_seal(const char *device,
r = 0;
finish:
- primary = tpm2_flush_context_verbose(c->esys_context, primary);
- session = tpm2_flush_context_verbose(c->esys_context, session);
+ primary = tpm2_flush_context_verbose(c, primary);
+ session = tpm2_flush_context_verbose(c, session);
return r;
}
@@ -1678,7 +1678,7 @@ int tpm2_unseal(const char *device,
if (r < 0)
return r;
- r = tpm2_make_primary(c->esys_context, &primary, primary_alg, NULL);
+ r = tpm2_make_primary(c, &primary, primary_alg, NULL);
if (r < 0)
return r;
@@ -1714,13 +1714,13 @@ int tpm2_unseal(const char *device,
goto finish;
}
- r = tpm2_make_encryption_session(c->esys_context, primary, hmac_key, pin, &hmac_session);
+ r = tpm2_make_encryption_session(c, primary, hmac_key, pin, &hmac_session);
if (r < 0)
goto finish;
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
r = tpm2_make_policy_session(
- c->esys_context,
+ c,
primary,
hmac_session,
TPM2_SE_POLICY,
@@ -1755,7 +1755,7 @@ int tpm2_unseal(const char *device,
&unsealed);
if (rc == TPM2_RC_PCR_CHANGED && i > 0) {
log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
- session = tpm2_flush_context_verbose(c->esys_context, session);
+ session = tpm2_flush_context_verbose(c, session);
continue;
}
if (rc != TSS2_RC_SUCCESS) {
@@ -1783,9 +1783,9 @@ int tpm2_unseal(const char *device,
r = 0;
finish:
- primary = tpm2_flush_context_verbose(c->esys_context, primary);
- session = tpm2_flush_context_verbose(c->esys_context, session);
- hmac_key = tpm2_flush_context_verbose(c->esys_context, hmac_key);
+ primary = tpm2_flush_context_verbose(c, primary);
+ session = tpm2_flush_context_verbose(c, session);
+ hmac_key = tpm2_flush_context_verbose(c, hmac_key);
return r;
}
@@ -1917,7 +1917,7 @@ int tpm2_find_device_auto(
#if HAVE_TPM2
int tpm2_extend_bytes(
- ESYS_CONTEXT *c,
+ Tpm2Context *c,
char **banks,
unsigned pcr_index,
const void *data,
@@ -1978,7 +1978,7 @@ int tpm2_extend_bytes(
}
rc = sym_Esys_PCR_Extend(
- c,
+ c->esys_context,
ESYS_TR_PCR0 + pcr_index,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
View Lorry Controller Status