diff --git a/Makefile.am b/Makefile.am index 2327266f1..e556af01f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -707,7 +707,9 @@ tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in fapiprofilesdir = @sysconfdir@/tpm2-tss/fapi-profiles fapiprofiles_DATA = dist/fapi-profiles/P_RSA2048SHA256.json \ - dist/fapi-profiles/P_ECCP256SHA256.json + dist/fapi-profiles/P_ECCP256SHA256.json \ + dist/fapi-profiles/P_RSA3072SHA384.json \ + dist/fapi-profiles/P_ECCP384SHA384.json libtss2_fapi = src/tss2-fapi/libtss2-fapi.la tss2_HEADERS += $(srcdir)/include/tss2/tss2_fapi.h @@ -717,6 +719,8 @@ EXTRA_DIST += \ dist/fapi-config.json.in \ dist/fapi-profiles/P_RSA2048SHA256.json \ dist/fapi-profiles/P_ECCP256SHA256.json \ + dist/fapi-profiles/P_RSA3072SHA384.json \ + dist/fapi-profiles/P_ECCP384SHA384.json \ dist/sysusers.d/tpm2-tss.conf \ dist/tmpfiles.d/tpm2-tss-fapi.conf.in \ doc/fapi-config.md \ diff --git a/dist/fapi-profiles/P_ECCP256SHA256.json b/dist/fapi-profiles/P_ECCP256SHA256.json index 348f92a0f..cd16508d7 100644 --- a/dist/fapi-profiles/P_ECCP256SHA256.json +++ b/dist/fapi-profiles/P_ECCP256SHA256.json @@ -10,7 +10,7 @@ "scheme":"TPM2_ALG_ECDSA", "details":{ "hashAlg":"TPM2_ALG_SHA256" - }, + } }, "sym_mode":"TPM2_ALG_CFB", "sym_parameters": { @@ -21,7 +21,7 @@ "sym_block_size": 16, "pcr_selection": [ { "hash": "TPM2_ALG_SHA1", - "pcrSelect": [ ], + "pcrSelect": [ ] }, { "hash": "TPM2_ALG_SHA256", "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ] diff --git a/dist/fapi-profiles/P_ECCP384SHA384.json b/dist/fapi-profiles/P_ECCP384SHA384.json new file mode 100644 index 000000000..b0612e2e5 --- /dev/null +++ b/dist/fapi-profiles/P_ECCP384SHA384.json @@ -0,0 +1,99 @@ +{ + "type": "TPM2_ALG_ECC", + "nameAlg":"TPM2_ALG_SHA384", + "srk_template": "system,restricted,decrypt,0x81000001", + "srk_description": "Storage root key SRK", + "srk_persistent": 0, + "ek_template": "system,restricted,decrypt,user", + "ek_description": "Endorsement key EK", + "ecc_signing_scheme": { + "scheme":"TPM2_ALG_ECDSA", + "details":{ + "hashAlg":"TPM2_ALG_SHA384" + } + }, + "sym_mode":"TPM2_ALG_CFB", + "sym_parameters": { + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "sym_block_size": 16, + "pcr_selection": [ + { "hash": "TPM2_ALG_SHA1", + "pcrSelect": [ ] + }, + { "hash": "TPM2_ALG_SHA256", + "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ] + } + ], + "curveID": "TPM2_ECC_NIST_P384", + "session_symmetric":{ + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "ek_policy": { + "description": "Endorsement hierarchy used for policy secret.", + "policy":[ + { + "type": "PolicyOR", + "branches": [ + { + "name": "A", + "description": "", + "policy": [ + { + "type":"POLICYSECRET", + "objectName": "4000000b" + } + ] + }, + { + "name": "B", + "description": "", + "policy": [ + { + "type":"AUTHORIZENV", + "nvPublic": { + "size": 60, + "nvPublic": { + "nvIndex": 29392642, + "nameAlg":"SHA384", + "attributes":{ + "PPWRITE":0, + "OWNERWRITE":0, + "AUTHWRITE":0, + "POLICYWRITE":1, + "POLICY_DELETE":0, + "WRITELOCKED":0, + "WRITEALL":1, + "WRITEDEFINE":0, + "WRITE_STCLEAR":0, + "GLOBALLOCK":0, + "PPREAD":1, + "OWNERREAD":1, + "AUTHREAD":1, + "POLICYREAD":1, + "NO_DA":1, + "ORDERLY":0, + "CLEAR_STCLEAR":0, + "READLOCKED":0, + "WRITTEN":1, + "PLATFORMCREATE":0, + "READ_STCLEAR":0, + "TPM2_NT":"ORDINARY" + }, + "authPolicy":"8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53", + "dataSize":50 + } + } + + } + ] + } + ] + } + ] + } +} diff --git a/dist/fapi-profiles/P_RSA2048SHA256.json b/dist/fapi-profiles/P_RSA2048SHA256.json index 47ac6881d..d64a13473 100644 --- a/dist/fapi-profiles/P_RSA2048SHA256.json +++ b/dist/fapi-profiles/P_RSA2048SHA256.json @@ -35,7 +35,6 @@ ], "exponent": 0, "keyBits": 2048, - "session_hash_alg": "TPM2_ALG_SHA256", "session_symmetric":{ "algorithm":"TPM2_ALG_AES", "keyBits":"128", diff --git a/dist/fapi-profiles/P_RSA3072SHA384.json b/dist/fapi-profiles/P_RSA3072SHA384.json new file mode 100644 index 000000000..50486c4c2 --- /dev/null +++ b/dist/fapi-profiles/P_RSA3072SHA384.json @@ -0,0 +1,107 @@ +{ + "type": "TPM2_ALG_RSA", + "nameAlg":"TPM2_ALG_SHA384", + "srk_template": "system,restricted,decrypt,0x81000001", + "srk_description": "Storage root key SRK", + "srk_persistent": 1, + "ek_template": "system,restricted,decrypt,user", + "ek_description": "Endorsement key EK", + "rsa_signing_scheme": { + "scheme":"TPM2_ALG_RSAPSS", + "details":{ + "hashAlg":"TPM2_ALG_SHA384" + } + }, + "rsa_decrypt_scheme": { + "scheme":"TPM2_ALG_OAEP", + "details":{ + "hashAlg":"TPM2_ALG_SHA384" + } + }, + "sym_mode":"TPM2_ALG_CFB", + "sym_parameters": { + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "sym_block_size": 16, + "pcr_selection": [ + { "hash": "TPM2_ALG_SHA1", + "pcrSelect": [ ] + }, + { "hash": "TPM2_ALG_SHA256", + "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ] + } + ], + "exponent": 0, + "keyBits": 3072, + "session_symmetric":{ + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "ek_policy": { + "description": "Endorsement hierarchy used for policy secret.", + "policy":[ + { + "type": "PolicyOR", + "branches": [ + { + "name": "A", + "description": "", + "policy": [ + { + "type":"POLICYSECRET", + "objectName": "4000000b" + } + ] + }, + { + "name": "B", + "description": "", + "policy": [ + { + "type":"AUTHORIZENV", + "nvPublic": { + "size": 60, + "nvPublic": { + "nvIndex": 29392642, + "nameAlg":"SHA384", + "attributes":{ + "PPWRITE":0, + "OWNERWRITE":0, + "AUTHWRITE":0, + "POLICYWRITE":1, + "POLICY_DELETE":0, + "WRITELOCKED":0, + "WRITEALL":1, + "WRITEDEFINE":0, + "WRITE_STCLEAR":0, + "GLOBALLOCK":0, + "PPREAD":1, + "OWNERREAD":1, + "AUTHREAD":1, + "POLICYREAD":1, + "NO_DA":1, + "ORDERLY":0, + "CLEAR_STCLEAR":0, + "READLOCKED":0, + "WRITTEN":1, + "PLATFORMCREATE":0, + "READ_STCLEAR":0, + "TPM2_NT":"ORDINARY" + }, + "authPolicy":"8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53", + "dataSize":50 + } + } + + } + ] + } + ] + } + ] + } + +} diff --git a/src/tss2-fapi/api/Fapi_Encrypt.c b/src/tss2-fapi/api/Fapi_Encrypt.c index 187291157..e4e236a55 100644 --- a/src/tss2-fapi/api/Fapi_Encrypt.c +++ b/src/tss2-fapi/api/Fapi_Encrypt.c @@ -435,7 +435,8 @@ Fapi_Encrypt_Finish( error_cleanup: /* Cleanup any intermediate results and state stored in the context. */ - if (command->key_handle != ESYS_TR_NONE) + if (command->key_handle != ESYS_TR_NONE && + command->key_object && !command->key_object->misc.key.persistent_handle) Esys_FlushContext(context->esys, command->key_handle); if (r) SAFE_FREE(command->cipherText); diff --git a/src/tss2-fapi/api/Fapi_ExportKey.c b/src/tss2-fapi/api/Fapi_ExportKey.c index 86eb88d04..87bc5a9cd 100644 --- a/src/tss2-fapi/api/Fapi_ExportKey.c +++ b/src/tss2-fapi/api/Fapi_ExportKey.c @@ -430,6 +430,8 @@ Fapi_ExportKey_Finish( return_try_again(r); goto_if_error(r, "Flush key", cleanup); + command->key_object->public.handle = ESYS_TR_NONE; + fallthrough; statecase(context->state, EXPORT_KEY_WAIT_FOR_FLUSH2); @@ -438,6 +440,8 @@ Fapi_ExportKey_Finish( return_try_again(r); goto_if_error(r, "Flush key", cleanup); + command->handle_ext_key = ESYS_TR_NONE; + fallthrough; statecase(context->state, EXPORT_KEY_CLEANUP) diff --git a/src/tss2-fapi/api/Fapi_GetEsysBlob.c b/src/tss2-fapi/api/Fapi_GetEsysBlob.c index 43f7d1114..2da663aca 100644 --- a/src/tss2-fapi/api/Fapi_GetEsysBlob.c +++ b/src/tss2-fapi/api/Fapi_GetEsysBlob.c @@ -337,10 +337,6 @@ Fapi_GetEsysBlob_Finish( SAFE_FREE(key_context); goto_if_error(r, "Marshaling context", error_cleanup); - /* Cleanup policy session if an error did occur. */ - ifapi_flush_policy_session(context, context->policy.session, r); - goto_if_error(r, "Cleanup policy session", error_cleanup); - /* Flush current object used for blob computation. */ if (!key_object->misc.key.persistent_handle) { r = Esys_FlushContext_Async(context->esys, key_object->public.handle); diff --git a/src/tss2-fapi/api/Fapi_Import.c b/src/tss2-fapi/api/Fapi_Import.c index ab6c34516..2aa5ed79f 100644 --- a/src/tss2-fapi/api/Fapi_Import.c +++ b/src/tss2-fapi/api/Fapi_Import.c @@ -652,6 +652,8 @@ Fapi_Import_Finish( if (!command->parent_object->misc.key.persistent_handle) { r = ifapi_flush_object(context, command->parent_object->public.handle); return_try_again(r); + + command->parent_object->public.handle = ESYS_TR_NONE; ifapi_cleanup_ifapi_object(command->parent_object); goto_if_error(r, "Flush key", error_cleanup); } else { diff --git a/src/tss2-fapi/api/Fapi_NvExtend.c b/src/tss2-fapi/api/Fapi_NvExtend.c index 237125815..ca174c627 100644 --- a/src/tss2-fapi/api/Fapi_NvExtend.c +++ b/src/tss2-fapi/api/Fapi_NvExtend.c @@ -410,7 +410,9 @@ Fapi_NvExtend_Finish( /* libjson-c does not deliver an array if array has only one element */ if (jsoType != json_type_array) { json_object *jsonArray = json_object_new_array(); - json_object_array_add(jsonArray, command->jso_event_log); + if (json_object_array_add(jsonArray, command->jso_event_log)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } command->jso_event_log = jsonArray; } } else { @@ -423,7 +425,9 @@ Fapi_NvExtend_Finish( r = ifapi_json_IFAPI_EVENT_serialize(&command->pcr_event, &jso); goto_if_error(r, "Error serialize event", error_cleanup); - json_object_array_add(command->jso_event_log, jso); + if (json_object_array_add(command->jso_event_log, jso)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } SAFE_FREE(object->misc.nv.event_log); strdup_check(object->misc.nv.event_log, json_object_to_json_string_ext(command->jso_event_log, diff --git a/src/tss2-fapi/fapi_int.h b/src/tss2-fapi/fapi_int.h index 6201fd598..843526840 100644 --- a/src/tss2-fapi/fapi_int.h +++ b/src/tss2-fapi/fapi_int.h @@ -240,6 +240,7 @@ typedef struct { TPM2B_AUTH auth; /**< The Password */ IFAPI_NV nv_obj; /**< The NV Object */ ESYS_TR auth_index; /**< The ESAPI handle of the authorization object */ + ESYS_TR auth_session; /**< The autorization session for a nv object */ uint64_t bitmap; /**< The bitmask for the SetBits command */ IFAPI_NV_TEMPLATE public_templ; /**< The template for nv creation, adjusted appropriate by the passed flags */ diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c index f09d500e4..26be81708 100644 --- a/src/tss2-fapi/fapi_util.c +++ b/src/tss2-fapi/fapi_util.c @@ -1156,7 +1156,6 @@ ifapi_session_init(FAPI_CONTEXT *context) context->session1 = ESYS_TR_NONE; context->session2 = ESYS_TR_NONE; - context->policy.session = ESYS_TR_NONE; context->srk_handle = ESYS_TR_NONE; return TSS2_RC_SUCCESS; } @@ -1185,7 +1184,6 @@ ifapi_non_tpm_mode_init(FAPI_CONTEXT *context) context->session1 = ESYS_TR_NONE; context->session2 = ESYS_TR_NONE; - context->policy.session = ESYS_TR_NONE; context->srk_handle = ESYS_TR_NONE; return TSS2_RC_SUCCESS; } @@ -1200,9 +1198,6 @@ ifapi_non_tpm_mode_init(FAPI_CONTEXT *context) void ifapi_session_clean(FAPI_CONTEXT *context) { - if (context->policy_session && context->policy_session != ESYS_TR_NONE) { - Esys_FlushContext(context->esys, context->policy_session); - } if (context->session1 != ESYS_TR_NONE && context->session1 != ESYS_TR_PASSWORD) { if (context->session1 == context->session2) { context->session2 = ESYS_TR_NONE; @@ -1246,7 +1241,6 @@ ifapi_cleanup_session(FAPI_CONTEXT *context) TSS2_RC r; /* Policy sessions were closed after successful execution. */ - context->policy_session = ESYS_TR_NONE; switch (context->cleanup_state) { statecase(context->cleanup_state, CLEANUP_INIT); @@ -2096,27 +2090,6 @@ get_name_alg(FAPI_CONTEXT *context, IFAPI_OBJECT *object) } } -/** Check whether policy session has to be flushed. - * - * Policy sessions with cleared continue session flag are not flushed in error - * cases. Therefore the return code will be checked and if a policy session was - * used the session will be flushed if the command was not executed successfully. - * - * @param[in,out] context for storing all state information. - * @param[in] session the session to be checked whether flush is needed. - * @param[in] r The return code of the command using the session. - */ -void -ifapi_flush_policy_session(FAPI_CONTEXT *context, ESYS_TR session, TSS2_RC r) -{ - if (session != context->session1) { - /* A policy session was used instead auf the default session. */ - if (r != TSS2_RC_SUCCESS) { - Esys_FlushContext(context->esys, session); - } - } -} - /** State machine to authorize a key, a NV object of a hierarchy. * * @param[in,out] context for storing all state information. @@ -2229,6 +2202,7 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses error: /* No policy call was executed session can be flushed */ Esys_FlushContext(context->esys, *session); + *session = ESYS_TR_NONE; return r; } @@ -2370,6 +2344,8 @@ ifapi_nv_write( r = ifapi_authorize_object(context, auth_object, &auth_session); FAPI_SYNC(r, "Authorize NV object.", error_cleanup); + context->nv_cmd.auth_session = auth_session; + /* Prepare the writing to NV ram. */ r = Esys_NV_Write_Async(context->esys, context->nv_cmd.auth_index, @@ -2409,11 +2385,8 @@ ifapi_nv_write( r = Esys_NV_Write_Async(context->esys, context->nv_cmd.auth_index, nv_index, - (!context->policy.session - || context->policy.session == ESYS_TR_NONE) ? context->session1 : - context->policy.session, - (context->policy.session && context->policy.session != ESYS_TR_NONE) ? - context->session2 : ESYS_TR_NONE, + context->nv_cmd.auth_session, + ENC_SESSION_IF_POLICY(context->nv_cmd.auth_session), ESYS_TR_NONE, aux_data, context->nv_cmd.data_idx); @@ -2975,9 +2948,7 @@ ifapi_key_sign( context->Key_Sign.handle = sig_key_object->public.handle; r = ifapi_authorize_object(context, sig_key_object, &session); - FAPI_SYNC(r, "Authorize signature key.", cleanup); - - context->policy.session = session; + return_try_again(r); r = ifapi_get_sig_scheme(context, sig_key_object, padding, digest, &sig_scheme); goto_if_error(r, "Get signature scheme", cleanup); @@ -3000,7 +2971,6 @@ ifapi_key_sign( &context->Key_Sign.signature); return_try_again(r); context->session2 = ESYS_TR_NONE; - ifapi_flush_policy_session(context, context->policy.session, r); goto_if_error(r, "Error: Sign", cleanup); /* Prepare the flushing of the signing key. */ @@ -3717,6 +3687,8 @@ ifapi_key_create( r = ifapi_flush_object(context, context->loadKey.handle); return_try_again(r); goto_if_error(r, "Flush key", error_cleanup); + + context->loadKey.handle = ESYS_TR_NONE; } fallthrough; @@ -4892,6 +4864,8 @@ ifapi_create_primary( return_try_again(r); goto_if_error(r, "Flush key", error_cleanup); + context->cmd.Key_Create.handle = ESYS_TR_NONE; + fallthrough; statecase(context->cmd.Key_Create.state, KEY_CREATE_PRIMARY_WRITE_PREPARE); diff --git a/src/tss2-fapi/fapi_util.h b/src/tss2-fapi/fapi_util.h index f9974be96..871825109 100644 --- a/src/tss2-fapi/fapi_util.h +++ b/src/tss2-fapi/fapi_util.h @@ -125,12 +125,6 @@ ifapi_nv_read( uint8_t **data, size_t *size); -void -ifapi_flush_policy_session( - FAPI_CONTEXT *context, - ESYS_TR session, - TSS2_RC r); - TSS2_RC ifapi_nv_write( FAPI_CONTEXT *context, diff --git a/src/tss2-fapi/ifapi_eventlog.c b/src/tss2-fapi/ifapi_eventlog.c index c641ba4bf..51aae0f0a 100644 --- a/src/tss2-fapi/ifapi_eventlog.c +++ b/src/tss2-fapi/ifapi_eventlog.c @@ -123,7 +123,9 @@ ifapi_eventlog_get_async( r = ifapi_json_IFAPI_EVENT_serialize(&cel_event, &jso); goto_if_error(r, "Error serialize event", error); - json_object_array_add(eventlog->log, jso); + if (json_object_array_add(eventlog->log, jso)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } } } @@ -155,7 +157,9 @@ ifapi_eventlog_get_async( r = ifapi_json_IFAPI_EVENT_serialize(&cel_event, &jso); goto_if_error(r, "Error serialize event", error); - json_object_array_add(eventlog->log, jso); + if (json_object_array_add(eventlog->log, jso)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } } } if (eventlog->ima_log_file) { @@ -286,7 +290,9 @@ ifapi_eventlog_get_finish( json_type jso_type = json_object_get_type(logpart); if (jso_type != json_type_array) { /* libjson-c does not deliver an array if array has only one element */ - json_object_array_add(eventlog->log, logpart); + if (json_object_array_add(eventlog->log, logpart)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } } else { /* Iterate through the array of logpart and add each item to the eventlog */ /* The return type of json_object_array_length() was changed, thus the case */ @@ -294,7 +300,9 @@ ifapi_eventlog_get_finish( jso_event = json_object_array_get_idx(logpart, i); /* Increment the refcount of event so it does not get freed on put(logpart) below */ json_object_get(jso_event); - json_object_array_add(eventlog->log, jso_event); + if (json_object_array_add(eventlog->log, jso_event)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } } json_object_put(logpart); } @@ -365,7 +373,9 @@ ifapi_eventlog_append_check( json_type jso_type = json_object_get_type(eventlog->log); if (jso_type != json_type_array) { json_object *json_array = json_object_new_array(); - json_object_array_add(json_array, eventlog->log); + if (json_object_array_add(json_array, eventlog->log)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } eventlog->log = json_array; } } else { @@ -444,7 +454,9 @@ ifapi_eventlog_append_finish( goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Error serializing event data", error_cleanup); } - json_object_array_add(eventlog->log, event); + if (json_object_array_add(eventlog->log, event)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } logstr2 = json_object_to_json_string_ext(eventlog->log, JSON_C_TO_STRING_PRETTY); /* Construct the filename for the eventlog file */ diff --git a/src/tss2-fapi/ifapi_policy_execute.c b/src/tss2-fapi/ifapi_policy_execute.c index e2fb4c2c6..99ca51426 100644 --- a/src/tss2-fapi/ifapi_policy_execute.c +++ b/src/tss2-fapi/ifapi_policy_execute.c @@ -574,8 +574,10 @@ execute_policy_signed( SAFE_FREE(current_policy->buffer); SAFE_FREE(current_policy->pem_key); /* In error cases object might not have been flushed. */ - if (current_policy->object_handle != ESYS_TR_NONE) + if (current_policy->object_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->object_handle); + current_policy->object_handle = ESYS_TR_NONE; + } return r; } @@ -745,9 +747,10 @@ execute_policy_authorize( } cleanup: /* In error cases object might not have been flushed. */ - if (current_policy->object_handle != ESYS_TR_NONE) + if (current_policy->object_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->object_handle); - + current_policy->object_handle = ESYS_TR_NONE; + } return r; } @@ -955,6 +958,7 @@ execute_policy_secret( statecase(current_policy->state, POLICY_FLUSH_KEY); r = Esys_FlushContext_Finish(esys_ctx); try_again_or_error(r, "Flush key finish."); + current_policy->auth_handle = ESYS_TR_NONE; current_policy->state = POLICY_EXECUTE_INIT; break; @@ -964,8 +968,9 @@ execute_policy_secret( return r; cleanup: - if (current_policy->flush_handle) { + if (current_policy->flush_handle && current_policy->auth_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->auth_handle); + current_policy->auth_handle = ESYS_TR_NONE; } SAFE_FREE(current_policy->nonceTPM); return r; @@ -1907,7 +1912,6 @@ ifapi_policyeval_execute( if (r != TSS2_RC_SUCCESS) { if (do_flush) { Esys_FlushContext(esys_ctx, current_policy->session); - current_policy->session = ESYS_TR_NONE; } ifapi_free_node_list(current_policy->policy_elements); diff --git a/src/tss2-fapi/ifapi_policyutil_execute.c b/src/tss2-fapi/ifapi_policyutil_execute.c index 450a1a2e6..b0925f0f5 100644 --- a/src/tss2-fapi/ifapi_policyutil_execute.c +++ b/src/tss2-fapi/ifapi_policyutil_execute.c @@ -122,8 +122,13 @@ create_session( case WAIT_FOR_CREATE_SESSION: r = Esys_StartAuthSession_Finish(context->esys, session); - if (r != TSS2_RC_SUCCESS) + if (r == TSS2_FAPI_RC_TRY_AGAIN) { return r; + } + if (r != TSS2_RC_SUCCESS) { + context->policy.create_session_state = CREATE_SESSION_INIT; + return r; + } context->policy.create_session_state = CREATE_SESSION_INIT; break; @@ -284,8 +289,6 @@ ifapi_policyutil_execute(FAPI_CONTEXT *context, ESYS_TR *session) goto_if_error(r, "Create policy session", error); pol_util_ctx->pol_exec_ctx->session = pol_util_ctx->policy_session; - /* Save policy session for cleanup in error case. */ - context->policy_session = pol_util_ctx->policy_session; } else { pol_util_ctx->pol_exec_ctx->session = *session; } @@ -299,6 +302,18 @@ ifapi_policyutil_execute(FAPI_CONTEXT *context, ESYS_TR *session) context->policy.util_current_policy = pol_util_ctx->prev; return TSS2_FAPI_RC_TRY_AGAIN; } + + if (r) { + /* Cleanup stack */ + IFAPI_POLICYUTIL_STACK *utl_ctx = pol_util_ctx->prev; + while (utl_ctx) { + if (utl_ctx->pol_exec_ctx->session == pol_util_ctx->pol_exec_ctx->session) { + utl_ctx->pol_exec_ctx->session = ESYS_TR_NONE; + } + utl_ctx = utl_ctx->prev; + } + pol_util_ctx->pol_exec_ctx->session = ESYS_TR_NONE; + } goto_if_error(r, "Execute policy.", error); break; @@ -306,6 +321,7 @@ ifapi_policyutil_execute(FAPI_CONTEXT *context, ESYS_TR *session) statecasedefault(pol_util_ctx->state); } *session = pol_util_ctx->policy_session; + pol_util_ctx->state = POLICY_UTIL_INIT; pol_util_ctx = pol_util_ctx->prev; @@ -318,6 +334,7 @@ ifapi_policyutil_execute(FAPI_CONTEXT *context, ESYS_TR *session) return r; error: + pol_util_ctx->state = POLICY_UTIL_INIT; pol_util_ctx = pol_util_ctx->prev; if (context->policy.util_current_policy) clear_current_policy(context); diff --git a/src/tss2-fapi/tpm_json_deserialize.c b/src/tss2-fapi/tpm_json_deserialize.c index 97833c2e6..3edc4b717 100644 --- a/src/tss2-fapi/tpm_json_deserialize.c +++ b/src/tss2-fapi/tpm_json_deserialize.c @@ -3578,7 +3578,7 @@ ifapi_json_TPMI_RSA_KEY_BITS_deserialize(json_object *jso, TPMI_RSA_KEY_BITS *out) { SUBTYPE_FILTER(TPMI_RSA_KEY_BITS, UINT16, - 1024, 2048); + 1024, 2048, 3072, 4096); } /** Deserialize a TPM2B_ECC_PARAMETER json object. diff --git a/src/tss2-fapi/tpm_json_serialize.c b/src/tss2-fapi/tpm_json_serialize.c index b87e39d4f..812c70d08 100644 --- a/src/tss2-fapi/tpm_json_serialize.c +++ b/src/tss2-fapi/tpm_json_serialize.c @@ -3452,7 +3452,7 @@ ifapi_json_TPM2B_PUBLIC_KEY_RSA_serialize(const TPM2B_PUBLIC_KEY_RSA *in, json_o TSS2_RC ifapi_json_TPMI_RSA_KEY_BITS_serialize(const TPMI_RSA_KEY_BITS in, json_object **jso) { - CHECK_IN_LIST(TPMI_RSA_KEY_BITS, in, 1024, 2048); + CHECK_IN_LIST(TPMI_RSA_KEY_BITS, in, 1024, 2048, 3072, 4096); return ifapi_json_UINT16_serialize(in, jso); } diff --git a/test/data/fapi/P_RSA3072.json b/test/data/fapi/P_RSA3072.json new file mode 100644 index 000000000..50486c4c2 --- /dev/null +++ b/test/data/fapi/P_RSA3072.json @@ -0,0 +1,107 @@ +{ + "type": "TPM2_ALG_RSA", + "nameAlg":"TPM2_ALG_SHA384", + "srk_template": "system,restricted,decrypt,0x81000001", + "srk_description": "Storage root key SRK", + "srk_persistent": 1, + "ek_template": "system,restricted,decrypt,user", + "ek_description": "Endorsement key EK", + "rsa_signing_scheme": { + "scheme":"TPM2_ALG_RSAPSS", + "details":{ + "hashAlg":"TPM2_ALG_SHA384" + } + }, + "rsa_decrypt_scheme": { + "scheme":"TPM2_ALG_OAEP", + "details":{ + "hashAlg":"TPM2_ALG_SHA384" + } + }, + "sym_mode":"TPM2_ALG_CFB", + "sym_parameters": { + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "sym_block_size": 16, + "pcr_selection": [ + { "hash": "TPM2_ALG_SHA1", + "pcrSelect": [ ] + }, + { "hash": "TPM2_ALG_SHA256", + "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ] + } + ], + "exponent": 0, + "keyBits": 3072, + "session_symmetric":{ + "algorithm":"TPM2_ALG_AES", + "keyBits":"256", + "mode":"TPM2_ALG_CFB" + }, + "ek_policy": { + "description": "Endorsement hierarchy used for policy secret.", + "policy":[ + { + "type": "PolicyOR", + "branches": [ + { + "name": "A", + "description": "", + "policy": [ + { + "type":"POLICYSECRET", + "objectName": "4000000b" + } + ] + }, + { + "name": "B", + "description": "", + "policy": [ + { + "type":"AUTHORIZENV", + "nvPublic": { + "size": 60, + "nvPublic": { + "nvIndex": 29392642, + "nameAlg":"SHA384", + "attributes":{ + "PPWRITE":0, + "OWNERWRITE":0, + "AUTHWRITE":0, + "POLICYWRITE":1, + "POLICY_DELETE":0, + "WRITELOCKED":0, + "WRITEALL":1, + "WRITEDEFINE":0, + "WRITE_STCLEAR":0, + "GLOBALLOCK":0, + "PPREAD":1, + "OWNERREAD":1, + "AUTHREAD":1, + "POLICYREAD":1, + "NO_DA":1, + "ORDERLY":0, + "CLEAR_STCLEAR":0, + "READLOCKED":0, + "WRITTEN":1, + "PLATFORMCREATE":0, + "READ_STCLEAR":0, + "TPM2_NT":"ORDINARY" + }, + "authPolicy":"8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53", + "dataSize":50 + } + } + + } + ] + } + ] + } + ] + } + +} diff --git a/test/integration/fapi-data-crypt.int.c b/test/integration/fapi-data-crypt.int.c index 439e3522a..07437b62d 100644 --- a/test/integration/fapi-data-crypt.int.c +++ b/test/integration/fapi-data-crypt.int.c @@ -96,9 +96,11 @@ signatureCallback( UNUSED(publicKey); UNUSED(publicKeyHint); uint8_t *aux_signature = NULL; + size_t profile_len = strlen(FAPI_PROFILE); - if (strcmp(objectPath, "P_RSA/HS/SRK/myRsaCryptKey") != 0) { - return_error(TSS2_FAPI_RC_BAD_VALUE, "Unexpected path"); + if (strcmp(objectPath + profile_len, "/HS/SRK/myRsaCryptKey") || + strncmp(objectPath, "P_RSA", 5)) + return_error(TSS2_FAPI_RC_BAD_VALUE, "Unexpected path") { } if (userData != userDataTest) { diff --git a/test/integration/fapi-get-esys-blobs.int.c b/test/integration/fapi-get-esys-blobs.int.c index 77903f8c6..ef7f12c1f 100644 --- a/test/integration/fapi-get-esys-blobs.int.c +++ b/test/integration/fapi-get-esys-blobs.int.c @@ -72,6 +72,7 @@ auth_callback( * @param[in,out] context The FAPI_CONTEXT. * @retval EXIT_FAILURE * @retval EXIT_SUCCESS + * @retval EXIT_SKIP */ int test_fapi_get_esys_blobs(FAPI_CONTEXT *context) @@ -90,6 +91,11 @@ test_fapi_get_esys_blobs(FAPI_CONTEXT *context) ESYS_TR esys_handle; uint8_t type; + if (strncmp(FAPI_PROFILE,"P_ECC", 5)) { + LOG_WARNING("Profile %s is no ECC profile.", FAPI_PROFILE); + return EXIT_SKIP; + } + /* We need to reset the passwords again, in order to not brick physical TPMs */ r = Fapi_Provision(context, NULL, NULL, NULL); goto_if_error(r, "Error Fapi_Provision", error); diff --git a/test/integration/fapi-key-create-policy-authorize-nv-sign.int.c b/test/integration/fapi-key-create-policy-authorize-nv-sign.int.c index d31e1190a..47a131646 100644 --- a/test/integration/fapi-key-create-policy-authorize-nv-sign.int.c +++ b/test/integration/fapi-key-create-policy-authorize-nv-sign.int.c @@ -141,7 +141,7 @@ test_fapi_key_create_policy_authorize_nv(FAPI_CONTEXT *context) return EXIT_SKIP; } - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { if (snprintf(&extended_name[0], 1023, "%s_sha384", POLICY_AUTHORIZE_NV) < 0) { LOG_ERROR("snprint failed"); return EXIT_FAILURE; @@ -158,7 +158,7 @@ test_fapi_key_create_policy_authorize_nv(FAPI_CONTEXT *context) if (strcmp(FAPI_PROFILE, "P_ECC") == 0) { policy_nv_auth_size = 34; - } else if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + } else if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { policy_nv_auth_size = 50; } else { LOG_ERROR("No appropriate policy file exists!"); diff --git a/test/integration/fapi-key-create-policy-authorize-pem-sign.int.c b/test/integration/fapi-key-create-policy-authorize-pem-sign.int.c index 13d8f81dd..b17bf8e8c 100644 --- a/test/integration/fapi-key-create-policy-authorize-pem-sign.int.c +++ b/test/integration/fapi-key-create-policy-authorize-pem-sign.int.c @@ -53,8 +53,8 @@ test_fapi_key_create_policy_authorize_pem_sign(FAPI_CONTEXT *context) { TSS2_RC r; char *policy_pcr = "/policy/pol_pcr"; - char *policy_file_pcr; - char *policy_file_authorize; + char *policy_file_pcr = NULL; + char *policy_file_authorize = NULL; char *policy_name_authorize = "/policy/pol_authorize"; // uint8_t policyRef[] = { 1, 2, 3, 4, 5 }; FILE *stream = NULL; @@ -69,9 +69,12 @@ test_fapi_key_create_policy_authorize_pem_sign(FAPI_CONTEXT *context) if (strcmp(FAPI_PROFILE, "P_ECC") == 0) { policy_file_authorize = TOP_SOURCEDIR "/test/data/fapi/policy/pol_authorize_ecc_pem.json"; policy_file_pcr = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0_ecc_authorized.json"; - } else if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + } else if (strcmp(FAPI_PROFILE, "P_ECC384" ) == 0) { policy_file_authorize = TOP_SOURCEDIR "/test/data/fapi/policy/pol_authorize_ecc_pem_sha384.json"; policy_file_pcr = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0_ecc_authorized_sha384.json"; + } else { + LOG_ERROR("Profule can't be used for test: %s", FAPI_PROFILE); + return EXIT_SKIP; } #else policy_file_pcr = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0_rsa_authorized.json"; diff --git a/test/integration/fapi-key-create-policy-pcr-sign.int.c b/test/integration/fapi-key-create-policy-pcr-sign.int.c index a74fef120..74eae0297 100644 --- a/test/integration/fapi-key-create-policy-pcr-sign.int.c +++ b/test/integration/fapi-key-create-policy-pcr-sign.int.c @@ -281,7 +281,7 @@ test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT *context) ASSERT(policy != NULL); LOG_INFO("\nTEST_JSON\nPolicy_sha256:\n%s\nEND_JSON", policy); - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { CHECK_JSON(policy, policy_sha384_check, error); } else { CHECK_JSON(policy, policy_sha256_check, error); @@ -296,7 +296,7 @@ test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT *context) goto_if_error(r, "Error Fapi_ExportPolicy", error); ASSERT(policy != NULL); LOG_INFO("\nTEST_JSON\nPolicy export1:\n%s\nEND_JSON", policy); - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { CHECK_JSON(policy, policy_sha384_export_check, error) } else { CHECK_JSON(policy, policy_sha256_export_check, error) @@ -427,7 +427,7 @@ test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT *context) goto_if_error(r, "Error Fapi_ExportPolicy", error); ASSERT(policy != NULL); - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0){ CHECK_JSON(policy, policy_sha384_check, error); } else { CHECK_JSON(policy, policy_sha256_check, error); diff --git a/test/integration/fapi-key-create-policy-signed-keyedhash.int.c b/test/integration/fapi-key-create-policy-signed-keyedhash.int.c index d38fed128..f9f4131d7 100644 --- a/test/integration/fapi-key-create-policy-signed-keyedhash.int.c +++ b/test/integration/fapi-key-create-policy-signed-keyedhash.int.c @@ -206,7 +206,7 @@ test_fapi_key_create_policy_signed(FAPI_CONTEXT *context) char *publicKey = NULL; char *certificate = NULL; - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { policy_name = "/policy/pol_signed_keyedhash_sha384"; policy_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_signed_keyedhash_sha384.json"; } else { diff --git a/test/integration/fapi-nv-authorizenv-cphash.int.c b/test/integration/fapi-nv-authorizenv-cphash.int.c index 4a297f34e..8ecb660b0 100644 --- a/test/integration/fapi-nv-authorizenv-cphash.int.c +++ b/test/integration/fapi-nv-authorizenv-cphash.int.c @@ -96,7 +96,7 @@ test_fapi_nv_authorizenv_cphash(FAPI_CONTEXT *context) r = Fapi_Provision(context, NULL, NULL, NULL); goto_if_error(r, "Error Fapi_Provision", error); - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { policy2_name = "/policy/pol_cphash_sha384"; policy2_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_cphash_sha384.json"; policy_nv_auth_size = 50; diff --git a/test/integration/fapi-nv-extend.int.c b/test/integration/fapi-nv-extend.int.c index dfe864682..04488d245 100644 --- a/test/integration/fapi-nv-extend.int.c +++ b/test/integration/fapi-nv-extend.int.c @@ -91,7 +91,7 @@ test_fapi_nv_extend(FAPI_CONTEXT *context) LOG_INFO("\nTEST_JSON\nLog:\n%s\nEND_JSON", log); char *fields_log1[] = { "0", "digests", "0", "digest" }; - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { CHECK_JSON_FIELDS(log, fields_log1, "c8ffec7d7d70c61b16adaab88925a1759b94cf6b50669b04aef1a8427fabb131eafbf9a21e3b8bddd9c5d5e7", error); @@ -120,7 +120,7 @@ test_fapi_nv_extend(FAPI_CONTEXT *context) LOG_INFO("\nTEST_JSON\nLog:\n%s\nEND_JSON", log); char *fields_log2[] = { "1", "digests", "0", "digest" }; - if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { + if (strcmp(FAPI_PROFILE, "P_ECC384") == 0 || strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { CHECK_JSON_FIELDS(log, fields_log2, "c8ffec7d7d70c61b16adaab88925a1759b94cf6b50669b04aef1a8427fabb131eafbf9a21e3b8bddd9c5d5e7", error); diff --git a/test/integration/fapi-quote-destructive-eventlog.int.c b/test/integration/fapi-quote-destructive-eventlog.int.c index 172234227..060e21cbd 100644 --- a/test/integration/fapi-quote-destructive-eventlog.int.c +++ b/test/integration/fapi-quote-destructive-eventlog.int.c @@ -1001,6 +1001,7 @@ test_fapi_quote_destructive(FAPI_CONTEXT *context) size_t i; json_object *jso_log = NULL; json_object *jso_log2 = NULL; + bool sha1_bank_exists; uint8_t data[EVENT_SIZE] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9}; size_t signatureSize = 0; @@ -1010,6 +1011,13 @@ test_fapi_quote_destructive(FAPI_CONTEXT *context) return EXIT_SKIP; #endif + r = pcr_bank_sha1_exists(context, &sha1_bank_exists); + goto_if_error(r, "Test sha1 bank", error); + + if (!sha1_bank_exists) { + return EXIT_SKIP; + } + r = Fapi_Provision(context, NULL, NULL, NULL); goto_if_error(r, "Error Fapi_Provision", error); @@ -1083,7 +1091,9 @@ test_fapi_quote_destructive(FAPI_CONTEXT *context) jso_duplicate = json_object_get(jso_event); goto_if_null(jso_duplicate, "Out of memory.", TSS2_FAPI_RC_MEMORY, error); - json_object_array_add(jso_log2, jso_duplicate); + if (json_object_array_add(jso_log2, jso_duplicate)) { + return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Could not add json object."); + } } pcrEventLog2 = strdup(json_object_to_json_string_ext(jso_log2, JSON_C_TO_STRING_PRETTY)); diff --git a/test/integration/fapi-second-provisioning.int.c b/test/integration/fapi-second-provisioning.int.c index 8651a26d4..fbc7d2b43 100644 --- a/test/integration/fapi-second-provisioning.int.c +++ b/test/integration/fapi-second-provisioning.int.c @@ -63,6 +63,11 @@ test_fapi_test_second_provisioning(FAPI_CONTEXT *context) { TSS2_RC r; + if (strncmp(FAPI_PROFILE, "P_RSA", 5) == 0) { + LOG_WARNING("Default ECC profile needed for this test %s is used", FAPI_PROFILE); + return EXIT_SKIP; + } + /* We need to reset the passwords again, in order to not brick physical TPMs */ r = Fapi_Provision(context, PASSWORD, PASSWORD, NULL); goto_if_error(r, "Error Fapi_Provision", error); @@ -149,6 +154,8 @@ test_fapi_test_second_provisioning(FAPI_CONTEXT *context) rc = init_fapi("P_ECC", &context); } else if (strcmp(FAPI_PROFILE, "P_ECC384") == 0) { rc = init_fapi("P_ECC384", &context); + } else if (strcmp(FAPI_PROFILE, "P_RSA3072") == 0) { + rc = init_fapi("P_ECC384", &context); } else { LOG_ERROR("Profile %s not supported for this test!", FAPI_PROFILE); } diff --git a/test/integration/main-fapi.c b/test/integration/main-fapi.c index a0926f631..59b1913cd 100644 --- a/test/integration/main-fapi.c +++ b/test/integration/main-fapi.c @@ -216,6 +216,49 @@ pcr_reset(FAPI_CONTEXT *context, UINT32 pcr) return r; } +TSS2_RC +pcr_bank_sha1_exists(FAPI_CONTEXT *context, bool *exists) +{ + TSS2_RC r; + TSS2_TCTI_CONTEXT *tcti; + ESYS_CONTEXT *esys; + TPML_PCR_SELECTION pcrSelectionIn = { + .count = 1, + .pcrSelections = { + { .hash = TPM2_ALG_SHA1, + .sizeofSelect = 3, + .pcrSelect = { 1, 0, 0} + }, + } + }; + UINT32 pcrUpdateCounter; + TPML_PCR_SELECTION *pcrSelectionOut = NULL; + TPML_DIGEST *pcrValues = NULL; + + r = Fapi_GetTcti(context, &tcti); + goto_if_error(r, "Error Fapi_GetTcti", error); + + r = Esys_Initialize(&esys, tcti, NULL); + goto_if_error(r, "Error Fapi_GetTcti", error); + + r = Esys_PCR_Read(esys, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &pcrSelectionIn, &pcrUpdateCounter, &pcrSelectionOut, &pcrValues); + goto_if_error(r, "Error: PCR_Read", error); + if (!pcrSelectionOut->pcrSelections[0].pcrSelect[0]) { + *exists = false; + } else { + *exists = true; + } + Esys_Finalize(&esys); + goto_if_error(r, "Error Eys_PCR_Reset", error); + +error: + SAFE_FREE(pcrSelectionOut); + SAFE_FREE(pcrValues); + return r; +} + + TSS2_RC pcr_extend(FAPI_CONTEXT *context, UINT32 pcr, TPML_DIGEST_VALUES *digest_values) { diff --git a/test/integration/test-fapi.h b/test/integration/test-fapi.h index 64fd972a0..69253fba4 100644 --- a/test/integration/test-fapi.h +++ b/test/integration/test-fapi.h @@ -139,6 +139,9 @@ extern char *fapi_profile; TSS2_RC pcr_extend(FAPI_CONTEXT *context, UINT32 pcr, TPML_DIGEST_VALUES *digest_values); +TSS2_RC +pcr_bank_sha1_exists(FAPI_CONTEXT *context, bool *exists); + TSS2_RC pcr_reset(FAPI_CONTEXT *context, UINT32 pcr);