Merge remote-tracking branch 'origin/master' into coverity_scan

JuergenReppSIT · Mar 11, 2024 · bab0105 · bab0105
2 parents 292cff5 + c55288f
commit bab0105
Show file tree

Hide file tree

Showing 8 changed files with 142 additions and 7 deletions.
diff --git a/docs/RELEASE.md b/docs/RELEASE.md
@@ -136,10 +136,13 @@ Version tags after v1.1.0 shall be signed.
 Valid known public keys can be reached by
 referencing the annotated tags listed below:
 
-- william-roberts-pub
-- javier-martinez-pub
-- joshua-lock-pub
-- idesai-pub
+| Tag | Fingerprint |
+| ------------- | ------------- |
+| idesai-pub | [6313e6dc41aafc315a8760a414986f6944b1f72b](https://keys.openpgp.org/vks/v1/by-fingerprint/6313E6DC41AAFC315A8760A414986F6944B1F72B) |
+| william-roberts-pub | [5b482b8e3e19da7c978e1d016de2e9078e1f50c1](https://keys.openpgp.org/vks/v1/by-fingerprint/5B482B8E3E19DA7C978E1D016DE2E9078E1F50C1)|
+| javier-martinez-pub | [D75ED7AA24E50CD645C6F457C751E590D63F3D69](https://keys.openpgp.org/vks/v1/by-fingerprint/D75ED7AA24E50CD645C6F457C751E590D63F3D69)|
+| joshua-lock-pub | [5BEC526CE3A61CAF07E7A7DA49BCAE5443FFFC34](https://keys.openpgp.org/vks/v1/by-fingerprint/5BEC526CE3A61CAF07E7A7DA49BCAE5443FFFC34)|
+| ajay-kish-pub |[6f72a30eea41b9b548570ad20d0db2b265493e29](http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6f72a30eea41b9b548570ad20d0db2b265493e29)|
 
 or via a PGP public keyring server like:
  - http://keyserver.pgp.com/vkd/GetWelcomeScreen.event

diff --git a/test/integration/tests/certify.sh b/test/integration/tests/certify.sh
@@ -41,6 +41,8 @@ tpm2 certify \
 
 verify_signature_with_ssl
 
+tpm2 print -t TPMS_ATTEST attest.out
+
 # Test with full options
 
 tpm2 certify \

diff --git a/test/integration/tests/certifycreation.sh b/test/integration/tests/certifycreation.sh
@@ -30,6 +30,8 @@ tpm2 certifycreation -C signing_key.ctx -c primary.ctx -d creation.digest \
 -t creation.ticket -g sha256 -o signature.bin --attestation attestation.bin \
 -f plain -s rsassa
 
+tpm2 print -t TPMS_ATTEST attestation.bin
+
 openssl dgst -verify sslpub.pem -keyform pem -sha256 -signature signature.bin \
 attestation.bin
 

diff --git a/test/integration/tests/commandaudit.sh b/test/integration/tests/commandaudit.sh
@@ -65,6 +65,7 @@ diff -B \
 xxd -r -p | openssl dgst -sha256 -binary ) \
 <( tail -c 32 att.data )
 
+tpm2 print -t TPMS_ATTEST att.data
 #
 # Check TPM2_CC_GetRandom is removed from the audit list
 #

diff --git a/test/integration/tests/gettime.sh b/test/integration/tests/gettime.sh
@@ -20,4 +20,6 @@ tpm2 load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx
 
 tpm2 gettime -c rsa.ctx -o attest.sig --attestation attest.data
 
+tpm2 print -t TPMS_ATTEST attest.data
+
 exit 0
diff --git a/test/integration/tests/nvcertify.sh b/test/integration/tests/nvcertify.sh
@@ -43,6 +43,8 @@ dd if=/dev/urandom of=qual.dat bs=1 count=32
 tpm2 nvcertify -C signing_key.ctx -g sha256 -f plain -s rsassa \
 -o signature.bin --attestation attestation.bin --size 32 -q qual.dat 1
 
+tpm2 print -t TPMS_ATTEST attestation.bin
+
 openssl dgst -verify sslpub.pem -keyform pem -sha256 -signature signature.bin \
 attestation.bin
 

diff --git a/test/integration/tests/sessionaudit.sh b/test/integration/tests/sessionaudit.sh
@@ -35,6 +35,8 @@ tpm2 getrandom 8 -S session.ctx --cphash cp.hash --rphash rp.hash
 tpm2 getsessionauditdigest -c signing_key.ctx -m att.data -s att.sig \
 -S session.ctx
 
+tpm2 print -t TPMS_ATTEST att.data
+
 tpm2 flushcontext session.ctx
 
 dd if=/dev/zero bs=1 count=32 status=none of=zero.bin

diff --git a/tools/misc/tpm2_print.c b/tools/misc/tpm2_print.c
@@ -103,6 +103,97 @@ static bool print_TPMS_QUOTE_INFO(TPMS_QUOTE_INFO *info, size_t indent_count) {
  return true;
 }
 
+static void print_TPMS_CERTIFY_INFO(TPMS_CERTIFY_INFO *certify_info, size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("name: ");
+ tpm2_util_print_tpm2b(&certify_info->name);
+ tpm2_tool_output("\n");
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("qualifiedName: ");
+ tpm2_util_print_tpm2b(&certify_info->qualifiedName);
+ tpm2_tool_output("\n");
+}
+
+static void print_TPMS_CREATION_INFO(TPMS_CREATION_INFO *creation_info, size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("objectName: ");
+ tpm2_util_print_tpm2b(&creation_info->objectName);
+ tpm2_tool_output("\n");
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("creationHash: ");
+ tpm2_util_print_tpm2b(&creation_info->creationHash);
+ tpm2_tool_output("\n");
+}
+
+static void print_TPMS_COMMAND_AUDIT_INFO(TPMS_COMMAND_AUDIT_INFO *command_audit_info,
+ size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("auditCounter: %"PRIu64"\n", command_audit_info->auditCounter);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("digestAlg: %s\n", tpm2_alg_util_algtostr(command_audit_info->digestAlg,
+ tpm2_alg_util_flags_hash));
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("auditDigest: ");
+ tpm2_util_print_tpm2b(&command_audit_info->auditDigest);
+ tpm2_tool_output("\n");
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("commandDigest: ");
+ tpm2_util_print_tpm2b(&command_audit_info->commandDigest);
+ tpm2_tool_output("\n");
+}
+
+static void print_TPMS_SESSION_AUDIT_INFO(TPMS_SESSION_AUDIT_INFO *session_audit_info,
+ size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("exclusiveSession: %s\n", session_audit_info->exclusiveSession ? "yes" : "no"); 
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("sessionDigest: ");
+ tpm2_util_print_tpm2b(&session_audit_info->sessionDigest);
+ tpm2_tool_output("\n");
+}
+
+static void print_TPMS_CLOCK_INFO(TPMS_CLOCK_INFO *clock_info, size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("clock: %"PRIu64"\n", clock_info->clock);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("resetCount: %"PRIu32"\n", clock_info->resetCount);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("restartCount: %"PRIu32"\n", clock_info->restartCount);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("safe: %s\n", clock_info->safe ? "yes" : "no"); 
+}
+
+static void print_TPMS_TIME_INFO(TPMS_TIME_INFO *time_info, size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("time: %"PRIu64"\n", time_info->time);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("clockInfo:\n");
+ print_TPMS_CLOCK_INFO(&time_info->clockInfo, indent_count + 1);
+}
+
+static void print_TPMS_TIME_ATTEST_INFO(TPMS_TIME_ATTEST_INFO *time_info, size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("time:\n");
+ print_TPMS_TIME_INFO(&time_info->time, indent_count + 1);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("firmwareVersion: %"PRIu64"\n", time_info->firmwareVersion);
+ tpm2_tool_output("\n");
+}
+
+static void print_TPMS_NV_CERTIFY_INFO(TPMS_NV_CERTIFY_INFO *nv_certify_info,
+ size_t indent_count) {
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("indexName: ");
+ tpm2_util_print_tpm2b(&nv_certify_info->indexName);
+ tpm2_tool_output("\n");
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("offset: %"PRIu32"\n", nv_certify_info->offset);
+ print_yaml_indent(indent_count);
+ tpm2_tool_output("nvContents: ");
+ tpm2_util_print_tpm2b(&nv_certify_info->nvContents);
+ tpm2_tool_output("\n");
+}
+
 static bool print_TPMS_ATTEST(FILE* fd) {
 
  TPMS_ATTEST attest = { 0 };
@@ -149,14 +240,44 @@ static bool print_TPMS_ATTEST(FILE* fd) {
  sizeof(attest.firmwareVersion));
  tpm2_tool_output("\n");
 
+ tpm2_tool_output("attested:\n");
+ print_yaml_indent(1);
+
  switch (attest.type) {
  case TPM2_ST_ATTEST_QUOTE:
- tpm2_tool_output("attested:\n");
- print_yaml_indent(1);
  tpm2_tool_output("quote:\n");
  return print_TPMS_QUOTE_INFO(&attest.attested.quote, 2);
  break;
-
+ case TPM2_ST_ATTEST_CERTIFY:
+ tpm2_tool_output("certify:\n");
+ print_TPMS_CERTIFY_INFO(&attest.attested.certify, 2);
+ return true;
+ break;
+ case TPM2_ST_ATTEST_CREATION:
+ tpm2_tool_output("creation:\n");
+ print_TPMS_CREATION_INFO(&attest.attested.creation, 2);
+ return true;
+ break;
+ case TPM2_ST_ATTEST_COMMAND_AUDIT:
+ tpm2_tool_output("commandAudit:\n");
+ print_TPMS_COMMAND_AUDIT_INFO(&attest.attested.commandAudit, 2);
+ return true;
+ break;
+ case TPM2_ST_ATTEST_SESSION_AUDIT:
+ tpm2_tool_output("sessiondAudit:\n");
+ print_TPMS_SESSION_AUDIT_INFO(&attest.attested.sessionAudit, 2);
+ return true;
+ break;
+ case TPM2_ST_ATTEST_TIME:
+ tpm2_tool_output("time:\n");
+ print_TPMS_TIME_ATTEST_INFO(&attest.attested.time, 2);
+ return true;
+ break;
+ case TPM2_ST_ATTEST_NV :
+ tpm2_tool_output("nv:\n");
+ print_TPMS_NV_CERTIFY_INFO(&attest.attested.nv, 2);
+ return true;
+ break;
  default:
  LOG_ERR("Cannot print unsupported type 0x%" PRIx16, attest.type);
  return false;