Skip to content

Commit

Permalink
tpm: setup "get pcr" callback on policy execution
Browse files Browse the repository at this point in the history 
It's a calculation callback, but not yet calculated policy is
automatically calculated before execution.

Signed-off-by: Sergii Dmytruk <[email protected]>
  • Loading branch information
@SergiiDmytruk
SergiiDmytruk committed Apr 3, 2023
1 parent 03e9dd3 commit bccb707
Showing 1 changed file with 59 additions and 0 deletions.
59 changes: 59 additions & 0 deletions src/lib/tpm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4012,6 +4012,55 @@ CK_RV tpm2_getmechanisms(tpm_ctx *ctx, CK_MECHANISM_TYPE *mechanism_list, CK_ULO
}

#ifdef HAVE_POLICY
static TSS2_RC tpm2_policy_get_pcr(TSS2_POLICY_PCR_SELECTION *selection,
TPML_PCR_SELECTION *out_selection,
TPML_DIGEST *out_digest,
void *userdata)
{

TPML_PCR_SELECTION in_pcr_selection = {0};
if (selection->type == TSS2_POLICY_PCR_SELECTOR_PCR_SELECTION) {
in_pcr_selection = selection->selections.pcr_selection;
} else {
in_pcr_selection.count = 1;

TPMS_PCR_SELECTION *pcr_bank = &in_pcr_selection.pcrSelections[0];
TPMS_PCR_SELECT *pcr_select = &selection->selections.pcr_select;

pcr_bank->hash = TPM2_ALG_SHA256;
pcr_bank->sizeofSelect = pcr_select->sizeofSelect;
memcpy(pcr_bank->pcrSelect, pcr_select->pcrSelect, pcr_bank->sizeofSelect);
}

ESYS_CONTEXT *esys_ctx = userdata;

UINT32 pcr_update_counter;
TPML_PCR_SELECTION *pcr_selection = NULL;
TPML_DIGEST *pcr_values = NULL;

TSS2_RC rc = Esys_PCR_Read(esys_ctx,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&in_pcr_selection,
&pcr_update_counter,
&pcr_selection,
&pcr_values);
if (rc != TSS2_RC_SUCCESS) {
LOGE("Esys_PCR_Read: %s:", Tss2_RC_Decode(rc));
free(pcr_selection);
free(pcr_values);
return rc;
}

*out_selection = *pcr_selection;
*out_digest = *pcr_values;

free(pcr_selection);
free(pcr_values);
return TSS2_RC_SUCCESS;
}

CK_RV tpm2_execute_policy(tpm_ctx *ctx, TSS2_POLICY_CTX *policy_ctx, uint32_t handle)
{

Expand All @@ -4025,8 +4074,18 @@ CK_RV tpm2_execute_policy(tpm_ctx *ctx, TSS2_POLICY_CTX *policy_ctx, uint32_t ha
.mode = { .aes = TPM2_ALG_CFB }
};

TSS2_POLICY_CALC_CALLBACKS calc_callbacks = {0};
calc_callbacks.cbpcr = &tpm2_policy_get_pcr;
calc_callbacks.cbpcr_userdata = ctx->esys_ctx;

TSS2_RC rc;

rc = Tss2_PolicySetCalcCallbacks(policy_ctx, &calc_callbacks);
if (rc != TSS2_RC_SUCCESS) {
LOGE("Tss2_PolicySetCalcCallbacks: %s:", Tss2_RC_Decode(rc));
return CKR_GENERAL_ERROR;
}

/* XXX should we cache the session or running multiple policies is unlikely? */
ESYS_TR policy_session = ESYS_TR_NONE;
rc = Esys_StartAuthSession(ctx->esys_ctx,
Expand Down

0 comments on commit bccb707

Please sign in to comment.