Skip to content

Commit bccb707

Browse files
SergiiDmytrukSergiiDmytruk
committed
tpm: setup "get pcr" callback on policy execution
It's a calculation callback, but not yet calculated policy is automatically calculated before execution. Signed-off-by: Sergii Dmytruk <[email protected]>
1 parent 03e9dd3 commit bccb707

File tree

1 file changed

+59
-0
lines changed

1 file changed

+59
-0
lines changed

src/lib/tpm.c

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4012,6 +4012,55 @@ CK_RV tpm2_getmechanisms(tpm_ctx *ctx, CK_MECHANISM_TYPE *mechanism_list, CK_ULO
40124012
}
40134013

40144014
#ifdef HAVE_POLICY
4015+
static TSS2_RC tpm2_policy_get_pcr(TSS2_POLICY_PCR_SELECTION *selection,
4016+
TPML_PCR_SELECTION *out_selection,
4017+
TPML_DIGEST *out_digest,
4018+
void *userdata)
4019+
{
4020+
4021+
TPML_PCR_SELECTION in_pcr_selection = {0};
4022+
if (selection->type == TSS2_POLICY_PCR_SELECTOR_PCR_SELECTION) {
4023+
in_pcr_selection = selection->selections.pcr_selection;
4024+
} else {
4025+
in_pcr_selection.count = 1;
4026+
4027+
TPMS_PCR_SELECTION *pcr_bank = &in_pcr_selection.pcrSelections[0];
4028+
TPMS_PCR_SELECT *pcr_select = &selection->selections.pcr_select;
4029+
4030+
pcr_bank->hash = TPM2_ALG_SHA256;
4031+
pcr_bank->sizeofSelect = pcr_select->sizeofSelect;
4032+
memcpy(pcr_bank->pcrSelect, pcr_select->pcrSelect, pcr_bank->sizeofSelect);
4033+
}
4034+
4035+
ESYS_CONTEXT *esys_ctx = userdata;
4036+
4037+
UINT32 pcr_update_counter;
4038+
TPML_PCR_SELECTION *pcr_selection = NULL;
4039+
TPML_DIGEST *pcr_values = NULL;
4040+
4041+
TSS2_RC rc = Esys_PCR_Read(esys_ctx,
4042+
ESYS_TR_NONE,
4043+
ESYS_TR_NONE,
4044+
ESYS_TR_NONE,
4045+
&in_pcr_selection,
4046+
&pcr_update_counter,
4047+
&pcr_selection,
4048+
&pcr_values);
4049+
if (rc != TSS2_RC_SUCCESS) {
4050+
LOGE("Esys_PCR_Read: %s:", Tss2_RC_Decode(rc));
4051+
free(pcr_selection);
4052+
free(pcr_values);
4053+
return rc;
4054+
}
4055+
4056+
*out_selection = *pcr_selection;
4057+
*out_digest = *pcr_values;
4058+
4059+
free(pcr_selection);
4060+
free(pcr_values);
4061+
return TSS2_RC_SUCCESS;
4062+
}
4063+
40154064
CK_RV tpm2_execute_policy(tpm_ctx *ctx, TSS2_POLICY_CTX *policy_ctx, uint32_t handle)
40164065
{
40174066

@@ -4025,8 +4074,18 @@ CK_RV tpm2_execute_policy(tpm_ctx *ctx, TSS2_POLICY_CTX *policy_ctx, uint32_t ha
40254074
.mode = { .aes = TPM2_ALG_CFB }
40264075
};
40274076

4077+
TSS2_POLICY_CALC_CALLBACKS calc_callbacks = {0};
4078+
calc_callbacks.cbpcr = &tpm2_policy_get_pcr;
4079+
calc_callbacks.cbpcr_userdata = ctx->esys_ctx;
4080+
40284081
TSS2_RC rc;
40294082

4083+
rc = Tss2_PolicySetCalcCallbacks(policy_ctx, &calc_callbacks);
4084+
if (rc != TSS2_RC_SUCCESS) {
4085+
LOGE("Tss2_PolicySetCalcCallbacks: %s:", Tss2_RC_Decode(rc));
4086+
return CKR_GENERAL_ERROR;
4087+
}
4088+
40304089
/* XXX should we cache the session or running multiple policies is unlikely? */
40314090
ESYS_TR policy_session = ESYS_TR_NONE;
40324091
rc = Esys_StartAuthSession(ctx->esys_ctx,

0 commit comments

Comments
 (0)