WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve the Windows TBS NV unavailable error handling.

pull/230/head
David Garske 2022-07-19 10:46:49 -07:00
parent 02e41c1673
commit 4982af8c2b
3 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/tpm2_wrap.c
View File

@ -2414,6 +2414,16 @@ int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,
rc = TPM2_EvictControl(&in); rc = TPM2_EvictControl(&in);
if (rc != TPM_RC_SUCCESS) { if (rc != TPM_RC_SUCCESS) {
#ifdef WOLFTPM_WINAPI
if (rc == TPM_E_COMMAND_BLOCKED) { /* 0x80280400 */
#ifdef DEBUG_WOLFTPM
printf("TPM2_EvictControl (storing key to NV) not allowed on "
"Windows TBS (err 0x%x)\n", rc);
#endif
rc = TPM_RC_NV_UNAVAILABLE;
}
#endif
#ifdef DEBUG_WOLFTPM #ifdef DEBUG_WOLFTPM
printf("TPM2_EvictControl failed %d: %s\n", rc, printf("TPM2_EvictControl failed %d: %s\n", rc,
wolfTPM2_GetRCString(rc)); wolfTPM2_GetRCString(rc));

24
wrapper/CSharp/wolfTPM-tests.cs
View File

@ -526,8 +526,10 @@ namespace tpm_csharp_test
rc = csr.SetCustomExtension(custOid, custOidVal, 0); rc = csr.SetCustomExtension(custOid, custOidVal, 0);
/* if custom OID support is not compiled in then test is /* if custom OID support is not compiled in then test is
* inconclusive */ * inconclusive */
if (rc == (int)Status.NOT_COMPILED_IN) if (rc == (int)Status.NOT_COMPILED_IN) {
device.UnloadHandle(keyBlob);
Assert.Inconclusive(); Assert.Inconclusive();
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output); rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
@ -566,18 +568,22 @@ namespace tpm_csharp_test
rc = device.LoadKey(keyBlob, parent_key); rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Store key */ /* Read public key */
rc = device.StoreKey(keyBlob, (ulong)TPM_RH.OWNER, testPersistentHandle); rc = device.ReadPublicKey(keyBlob,
if ((uint)rc == 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ device.GetHandleValue(keyBlob.GetHandle()));
/* Windows TBS does not allow storing keys to NV */ if (rc == (int)Status.TPM_RC_HANDLE) {
/* valid error if the handle is not found */
rc = 0; /* ignore error */ rc = 0; /* ignore error */
} }
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Read public key */ /* Store key */
rc = device.ReadPublicKey(keyBlob, testPersistentHandle); rc = device.StoreKey(keyBlob, (ulong)TPM_RH.OWNER, testPersistentHandle);
if (rc == (int)Status.TPM_RC_HANDLE) { if (rc == (int)Status.TPM_RC_NV_UNAVAILABLE) {
/* valid error if the handle is not found */ device.UnloadHandle(keyBlob);
Assert.Inconclusive();
/* Windows TBS does not allow storing keys to NV */
rc = 0; /* ignore error */ rc = 0; /* ignore error */
} }
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);

9
wrapper/CSharp/wolfTPM.cs
View File

@ -66,6 +66,7 @@ namespace wolfTPM
{ {
TPM_RC_SUCCESS = 0, TPM_RC_SUCCESS = 0,
TPM_RC_HANDLE = 0x8B, TPM_RC_HANDLE = 0x8B,
TPM_RC_NV_UNAVAILABLE = 0x923,
BAD_FUNC_ARG = -173, BAD_FUNC_ARG = -173,
NOT_COMPILED_IN = -174, NOT_COMPILED_IN = -174,
} }
@ -969,7 +970,7 @@ namespace wolfTPM
int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.key, int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.key,
persistentHandle); persistentHandle);
if (rc != (int)Status.TPM_RC_SUCCESS && if (rc != (int)Status.TPM_RC_SUCCESS &&
(uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ rc != (int)Status.TPM_RC_NV_UNAVAILABLE) {
throw new WolfTpm2Exception( throw new WolfTpm2Exception(
"wolfTPM2_NVStoreKey", rc); "wolfTPM2_NVStoreKey", rc);
} }
@ -980,7 +981,7 @@ namespace wolfTPM
int rc = wolfTPM2_NVStoreKey(device, primaryHandle, keyBlob.keyblob, int rc = wolfTPM2_NVStoreKey(device, primaryHandle, keyBlob.keyblob,
persistentHandle); persistentHandle);
if (rc != (int)Status.TPM_RC_SUCCESS && if (rc != (int)Status.TPM_RC_SUCCESS &&
(uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ rc != (int)Status.TPM_RC_NV_UNAVAILABLE) {
throw new WolfTpm2Exception( throw new WolfTpm2Exception(
"wolfTPM2_NVStoreKey", rc); "wolfTPM2_NVStoreKey", rc);
} }
@ -1218,8 +1219,8 @@ namespace wolfTPM
} }
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetHandleValue")] [DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetHandleValue")]
private static extern long wolfTPM2_GetHandleValue(IntPtr handle); private static extern uint wolfTPM2_GetHandleValue(IntPtr handle);
public long GetHandleValue(IntPtr handle) public uint GetHandleValue(IntPtr handle)
{ {
return wolfTPM2_GetHandleValue(handle); return wolfTPM2_GetHandleValue(handle);
} }