WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve the Windows TBS NV unavailable error handling.

pull/230/head
David Garske 2022-07-19 10:46:49 -07:00
parent 02e41c1673
commit 4982af8c2b
3 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/tpm2_wrap.c
View File

@ -2414,6 +2414,16 @@ int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,
rc = TPM2_EvictControl(&in);
if (rc != TPM_RC_SUCCESS) {
#ifdef WOLFTPM_WINAPI
if (rc == TPM_E_COMMAND_BLOCKED) { /* 0x80280400 */
#ifdef DEBUG_WOLFTPM
printf("TPM2_EvictControl (storing key to NV) not allowed on "
"Windows TBS (err 0x%x)\n", rc);
#endif
rc = TPM_RC_NV_UNAVAILABLE;
}
#endif
#ifdef DEBUG_WOLFTPM
printf("TPM2_EvictControl failed %d: %s\n", rc,
wolfTPM2_GetRCString(rc));

24
wrapper/CSharp/wolfTPM-tests.cs
View File

@ -526,8 +526,10 @@ namespace tpm_csharp_test
rc = csr.SetCustomExtension(custOid, custOidVal, 0);
/* if custom OID support is not compiled in then test is
* inconclusive */
if (rc == (int)Status.NOT_COMPILED_IN)
if (rc == (int)Status.NOT_COMPILED_IN) {
device.UnloadHandle(keyBlob);
Assert.Inconclusive();
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
@ -566,18 +568,22 @@ namespace tpm_csharp_test
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Store key */
rc = device.StoreKey(keyBlob, (ulong)TPM_RH.OWNER, testPersistentHandle);
if ((uint)rc == 0x80280400) { /* TPM_E_COMMAND_BLOCKED */
/* Windows TBS does not allow storing keys to NV */
/* Read public key */
rc = device.ReadPublicKey(keyBlob,
device.GetHandleValue(keyBlob.GetHandle()));
if (rc == (int)Status.TPM_RC_HANDLE) {
/* valid error if the handle is not found */
rc = 0; /* ignore error */
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Read public key */
rc = device.ReadPublicKey(keyBlob, testPersistentHandle);
if (rc == (int)Status.TPM_RC_HANDLE) {
/* valid error if the handle is not found */
/* Store key */
rc = device.StoreKey(keyBlob, (ulong)TPM_RH.OWNER, testPersistentHandle);
if (rc == (int)Status.TPM_RC_NV_UNAVAILABLE) {
device.UnloadHandle(keyBlob);
Assert.Inconclusive();
/* Windows TBS does not allow storing keys to NV */
rc = 0; /* ignore error */
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);

9
wrapper/CSharp/wolfTPM.cs
View File

@ -66,6 +66,7 @@ namespace wolfTPM
{
TPM_RC_SUCCESS = 0,
TPM_RC_HANDLE = 0x8B,
TPM_RC_NV_UNAVAILABLE = 0x923,
BAD_FUNC_ARG = -173,
NOT_COMPILED_IN = -174,
}
@ -969,7 +970,7 @@ namespace wolfTPM
int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.key,
persistentHandle);
if (rc != (int)Status.TPM_RC_SUCCESS &&
(uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */
rc != (int)Status.TPM_RC_NV_UNAVAILABLE) {
throw new WolfTpm2Exception(
"wolfTPM2_NVStoreKey", rc);
}
@ -980,7 +981,7 @@ namespace wolfTPM
int rc = wolfTPM2_NVStoreKey(device, primaryHandle, keyBlob.keyblob,
persistentHandle);
if (rc != (int)Status.TPM_RC_SUCCESS &&
(uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */
rc != (int)Status.TPM_RC_NV_UNAVAILABLE) {
throw new WolfTpm2Exception(
"wolfTPM2_NVStoreKey", rc);
}
@ -1218,8 +1219,8 @@ namespace wolfTPM
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetHandleValue")]
private static extern long wolfTPM2_GetHandleValue(IntPtr handle);
public long GetHandleValue(IntPtr handle)
private static extern uint wolfTPM2_GetHandleValue(IntPtr handle);
public uint GetHandleValue(IntPtr handle)
{
return wolfTPM2_GetHandleValue(handle);
}