diff options
| author | Dan Streetman <ddstreet@ieee.org> | 2022-12-06 19:16:43 +0100 |
|---|---|---|
| committer | Dan Streetman <ddstreet@ieee.org> | 2023-05-26 17:06:53 +0200 |
| commit | 409a65f82901ace5799da0f22f10056105e062fa (patch) | |
| tree | fc632967a4a7a00ec4fc0d2434671641104ab821 /src/shared/tpm2-util.c | |
| parent | tpm2: replace hash_pin() with tpm2_digest_*() functions (diff) | |
| download | systemd-409a65f82901ace5799da0f22f10056105e062fa.tar.xz systemd-409a65f82901ace5799da0f22f10056105e062fa.zip | |
tpm2: add tpm2_set_auth()
This provides a function to perform the SetAuth TPM function, which provides
the authValue for a key.
Diffstat (limited to '')
| -rw-r--r-- | src/shared/tpm2-util.c | 65 |
1 files changed, 38 insertions, 27 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index e7489edebc..a39a28351b 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1457,6 +1457,31 @@ int tpm2_digest_many_digests( return tpm2_digest_many(alg, digest, iovecs, n_data, extend); } +static int tpm2_set_auth(Tpm2Context *c, const Tpm2Handle *handle, const char *pin) { + TPM2B_AUTH auth = {}; + TSS2_RC rc; + int r; + + assert(c); + assert(handle); + + if (!pin) + return 0; + + CLEANUP_ERASE(auth); + + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false); + if (r < 0) + return r; + + rc = sym_Esys_TR_SetAuth(c->esys_context, handle->esys_handle, &auth); + if (rc != TSS2_RC_SUCCESS) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to load PIN in TPM: %s", sym_Tss2_RC_Decode(rc)); + + return 0; +} + static bool tpm2_is_encryption_session(Tpm2Context *c, const Tpm2Handle *session) { TPMA_SESSION flags = 0; TSS2_RC rc; @@ -1475,7 +1500,6 @@ static int tpm2_make_encryption_session( Tpm2Context *c, const Tpm2Handle *primary, const Tpm2Handle *bind_key, - const char *pin, Tpm2Handle **ret_session) { static const TPMT_SYM_DEF symmetric = { @@ -1491,30 +1515,6 @@ static int tpm2_make_encryption_session( assert(c); assert(ret_session); - /* - * if a pin is set for the seal object, use it to bind the session - * key to that object. This prevents active bus interposers from - * faking a TPM and seeing the unsealed value. An active interposer - * could fake a TPM, satisfying the encrypted session, and just - * forward everything to the *real* TPM. - */ - if (pin) { - TPM2B_AUTH auth = {}; - - CLEANUP_ERASE(auth); - - r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false); - if (r < 0) - return r; - - rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key->esys_handle, &auth); - if (rc != TSS2_RC_SUCCESS) - return log_error_errno( - SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to load PIN in TPM: %s", - sym_Tss2_RC_Decode(rc)); - } - log_debug("Starting HMAC encryption session."); /* Start a salted, unbound HMAC session with a well-known key (e.g. primary key) as tpmKey, which @@ -2122,7 +2122,7 @@ int tpm2_seal(const char *device, /* we cannot use the bind key before its created */ _cleanup_tpm2_handle_ Tpm2Handle *encryption_session = NULL; - r = tpm2_make_encryption_session(c, primary, &TPM2_HANDLE_NONE, NULL, &encryption_session); + r = tpm2_make_encryption_session(c, primary, &TPM2_HANDLE_NONE, &encryption_session); if (r < 0) return r; @@ -2419,8 +2419,19 @@ int tpm2_unseal(const char *device, sym_Tss2_RC_Decode(rc)); } + /* + * if a pin is set for the seal object, use it to bind the session + * key to that object. This prevents active bus interposers from + * faking a TPM and seeing the unsealed value. An active interposer + * could fake a TPM, satisfying the encrypted session, and just + * forward everything to the *real* TPM. + */ + r = tpm2_set_auth(c, hmac_key, pin); + if (r < 0) + return r; + _cleanup_tpm2_handle_ Tpm2Handle *encryption_session = NULL; - r = tpm2_make_encryption_session(c, primary, hmac_key, pin, &encryption_session); + r = tpm2_make_encryption_session(c, primary, hmac_key, &encryption_session); if (r < 0) return r; |