Hi Ken, On Mon, 2020-10-12 at 19:44 -0400, Ken Goldman wrote: > Replace the call out to the command line tools with C functions. > > The algorithm_string_to_algid() function supports only the digest > algorithms in use. The table has place holders for other agorithms as > they are needed and the C strings are defined. > > The table can also be used for an algrithm ID to string function if > it's ever needed. > > When using the IBM TSS, link in its library. > > Signed-off-by: Ken Goldman <kgoldman@xxxxxxxxxx> The code seems to be working properly, but needs to be cleaned up. There are simple formatting changes and some style changes. Simple formatting changes: - Tabs should be 8 characters. - Remove blank spaces before code. - 80 characater maximum line length. - Leave a blank line between variable definitions and code. - Long comments should start with "/*" and end with "*/" on separate lines: /* * multiple line comments * continued */ - When defining function variables, please use the format: term: <definition> Style changes: - There are valid reasons for having a common function exit (e.g. freeing memory), otherwise the function should exit early. The "if (rc == 0)" tests cause the code to unnecessarily be indented. Instead the test could be inverted "if (!rc)" followed by a "goto out". - Please do not use camel or Hungarian variable naming conventions. The variable definition can reference the spec name. thanks, Mimi > --- > src/Makefile.am | 1 + > src/pcr_tsspcrread.c | 156 +++++++++++++++++++++++++++++++++---------- > 2 files changed, 123 insertions(+), 34 deletions(-) > > diff --git a/src/Makefile.am b/src/Makefile.am > index d6c779f..bf18caf 100644 > --- a/src/Makefile.am > +++ b/src/Makefile.am > @@ -26,6 +26,7 @@ if USE_PCRTSS > evmctl_SOURCES += pcr_tss.c > else > evmctl_SOURCES += pcr_tsspcrread.c > +evmctl_LDADD += -libmtss > endif > > AM_CPPFLAGS = -I$(top_srcdir) -include config.h > diff --git a/src/pcr_tsspcrread.c b/src/pcr_tsspcrread.c > index 118c7d2..eae68b7 100644 > --- a/src/pcr_tsspcrread.c > +++ b/src/pcr_tsspcrread.c > @@ -50,6 +50,10 @@ > #include "utils.h" > #include "imaevm.h" > > +#define TPM_POSIX /* use Posix, not Windows constructs in TSS */ > +#undef MAX_DIGEST_SIZE /* imaevm uses a different value than the TSS */ > +#include <ibmtss/tss.h> > + > #define CMD "tsspcrread" > > static char path[PATH_MAX]; > @@ -68,44 +72,128 @@ int tpm2_pcr_supported(void) > return 1; > } > > -int tpm2_pcr_read(const char *algo_name, uint32_t pcrHandle, uint8_t *hwpcr, > - int len, char **errmsg) > -{ > - FILE *fp; > - char pcr[100]; /* may contain an error */ > - char cmd[PATH_MAX + 50]; > - int ret; > - > - sprintf(cmd, "%s -halg %s -ha %d -ns 2> /dev/null", > - path, algo_name, pcrHandle); > - fp = popen(cmd, "r"); > - if (!fp) { > - ret = asprintf(errmsg, "popen failed: %s", strerror(errno)); > - if (ret == -1) /* the contents of errmsg is undefined */ > - *errmsg = NULL; > - return -1; > - } > +/* Table mapping C strings to TCG algorithm identifiers */ > + > +typedef struct tdAlgorithm_Map { > + const char *algorithm_string; > + TPMI_ALG_HASH algid; > +} Algorithm_Map; > > - if (fgets(pcr, sizeof(pcr), fp) == NULL) { > - ret = asprintf(errmsg, "tsspcrread failed: %s", > - strerror(errno)); > - if (ret == -1) /* the contents of errmsg is undefined */ > - *errmsg = NULL; > - ret = pclose(fp); > - return -1; > +Algorithm_Map algorithm_map[] = { > + { "sha1", TPM_ALG_SHA1}, > + { "sha256", TPM_ALG_SHA256}, > +#if 0 /* uncomment as these digest algorithms are supported */ > + { "", TPM_ALG_SHA384}, > + { "", TPM_ALG_SHA512}, > + { "", TPM_ALG_SM3_256}, > + { "", TPM_ALG_SHA3_256}, > + { "", TPM_ALG_SHA3_384}, > + { "", TPM_ALG_SHA3_512}, > +#endif > +}; > + > +/* algorithm_string_to_algid() converts a digest algorithm from a C string to a TCG algorithm > + identifier as defined in the TCG Algorithm Regisrty.. > + > + Returns TPM_ALG_ERROR if the string has an unsupported value. > +*/ > + > +static TPMI_ALG_HASH algorithm_string_to_algid(const char *algorithm_string) > +{ > + size_t i; > + for (i=0 ; i < sizeof(algorithm_map)/sizeof(Algorithm_Map) ; i++) { > + if (strcmp(algorithm_string, algorithm_map[i].algorithm_string) == 0) { > + return algorithm_map[i].algid; /* if match */ > } > + } > + return TPM_ALG_ERROR; > +} > > - /* get the popen "cmd" return code */ > - ret = pclose(fp); > +/* tpm2_pcr_read() reads the PCR > > - /* Treat an unallocated bank as an error */ > - if (!ret && (strlen(pcr) < SHA_DIGEST_LENGTH)) > - ret = -1; > + algo_name is the PCR digest algorithm (the PCR bank) as a C string > + pcrHandle is the PCR number to read > + hwpcr is a buffer for the PCR output in binary > + len is the allocated size of hwpcr and should match the digest algorithm > +*/ > > - if (!ret) > - hex2bin(hwpcr, pcr, len); > - else > - *errmsg = strndup(pcr, strlen(pcr) - 1); /* remove newline */ > +int tpm2_pcr_read(const char *algo_name, uint32_t pcrHandle, uint8_t *hwpcr, > + int len, char **errmsg) > +{ > + int ret = 0; /* function return code */ > + TPM_RC rc = 0; /* TCG return code */ > + PCR_Read_In pcrReadIn; /* command input */ > + PCR_Read_Out pcrReadOut; /* response output */ > + TSS_CONTEXT *tssContext = NULL; > + TPMI_ALG_HASH alg_id; /* PCR algorithm */ > > - return ret; > + if (rc == 0) { /* map algorithm string to TCG value */ > + alg_id = algorithm_string_to_algid(algo_name); > + if (alg_id == TPM_ALG_ERROR) { > + ret = asprintf(errmsg, "tpm2_pcr_read: unknown algorithm %s", algo_name); > + if (ret == -1) { /* the contents of errmsg is undefined */ > + *errmsg = NULL; > + } > + rc = 1; > + } > + } > + if (rc == 0) { > + rc = TSS_Create(&tssContext); > + } > + /* call TSS to execute the command */ > + if (rc == 0) { > + pcrReadIn.pcrSelectionIn.count = 1; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].hash = alg_id; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].sizeofSelect = 3; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[0] = 0; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[1] = 0; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[2] = 0; > + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[pcrHandle / 8] = > + 1 << (pcrHandle % 8); > + rc = TSS_Execute(tssContext, > + (RESPONSE_PARAMETERS *)&pcrReadOut, > + (COMMAND_PARAMETERS *)&pcrReadIn, > + NULL, > + TPM_CC_PCR_Read, > + TPM_RH_NULL, NULL, 0); > + } > + if (rc == 0) { > + /* nothing read, bank missing */ > + if (pcrReadOut.pcrValues.count == 0) { > + ret = asprintf(errmsg, "tpm2_pcr_read: returned count 0 for %s", algo_name); > + if (ret == -1) { /* the contents of errmsg is undefined */ > + *errmsg = NULL; > + } > + rc = 1; > + } > + /* len parameter did not match the digest algorithm */ > + else if (pcrReadOut.pcrValues.digests[0].t.size != len) { > + ret = asprintf(errmsg, > + "tpm2_pcr_read: expected length %d actual %u for %s", > + len, pcrReadOut.pcrValues.digests[0].t.size, algo_name); > + if (ret == -1) { /* the contents of errmsg is undefined */ > + *errmsg = NULL; > + } > + rc = 1; > + } > + else { > + memcpy(hwpcr, > + pcrReadOut.pcrValues.digests[0].t.buffer, > + pcrReadOut.pcrValues.digests[0].t.size); > + } > + } > + { > + TPM_RC rc1 = TSS_Delete(tssContext); > + if (rc == 0) { > + rc = rc1; > + } > + } > + /* map TCG return code to function return code */ > + if (rc == 0) { > + return 0; > + } > + else { > + return -1; > + } > } > +