Added new API `wolfTPM2_GetHandles` to get list of handles from the TPM capabilities. ZD 17328

2024-02-05 15:20:12 -08:00 · 2024-02-05 15:20:12 -08:00 · e078e15f56
parent b676415d18
commit e078e15f56
4 changed files with 80 additions and 2 deletions
--- a/examples/wrap/wrap_test.c
+++ b/examples/wrap/wrap_test.c
@ -194,6 +194,12 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
        caps.mfgStr, caps.mfg, caps.vendorStr, caps.fwVerMajor,
        caps.fwVerMinor, caps.fwVerVendor, caps.fips140_2, caps.cc_eal4);

+    /* List the active persistent handles */
+    rc = wolfTPM2_GetHandles(PERSISTENT_FIRST, NULL);
+    if (rc >= 0) {
+        printf("Found %d persistent handles\n", rc);
+    }
+
    if (resetTPM) {
        /* reset all content on TPM and reseed */
        rc = wolfTPM2_Clear(&dev);
--- a/src/tpm2.c
+++ b/src/tpm2.c
@ -844,7 +844,8 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
            TPM2_Packet_ParseU32(&packet, &out->capabilityData.capability);

            switch (out->capabilityData.capability) {
-                case TPM_CAP_TPM_PROPERTIES: {
+                case TPM_CAP_TPM_PROPERTIES:
+                {
                    TPML_TAGGED_TPM_PROPERTY* prop =
                        &out->capabilityData.data.tpmProperties;
                    TPM2_Packet_ParseU32(&packet, &prop->count);
@ -856,6 +857,16 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
                    }
                    break;
                }
+                case TPM_CAP_HANDLES:
+                {
+                    TPML_HANDLE* handles =
+                        &out->capabilityData.data.handles;
+                    TPM2_Packet_ParseU32(&packet, &handles->count);
+                    for (i=0; i<(int)handles->count; i++) {
+                        TPM2_Packet_ParseU32(&packet, &handles->handle[i]);
+                    }
+                    break;
+                }
                default:
            #ifdef DEBUG_WOLFTPM
                    printf("Unknown capability type 0x%x\n",
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@ -749,6 +749,42 @@ int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* cap)
    return wolfTPM2_GetCapabilities_NoDev(cap);
 }

+int wolfTPM2_GetHandles(TPM_HANDLE handle, TPML_HANDLE* handles)
+{
+    int rc;
+    GetCapability_In  in;
+    GetCapability_Out out;
+#ifdef DEBUG_WOLFTPM
+    UINT32 i;
+#endif
+
+    /* Get Capability TPM_CAP_HANDLES - PCR */
+    XMEMSET(&in, 0, sizeof(in));
+    in.capability = TPM_CAP_HANDLES;
+    in.property = handle;
+    in.propertyCount = MAX_CAP_HANDLES;
+    rc = TPM2_GetCapability(&in, &out);
+    if (rc != TPM_RC_SUCCESS) {
+    #ifdef DEBUG_WOLFTPM
+        printf("TPM2_GetCapability handles failed 0x%x: %s\n", rc,
+            TPM2_GetRCString(rc));
+    #endif
+        return rc;
+    }
+    if (handles != NULL) {
+        /* optionally return handles count/list */
+        XMEMCPY(handles, &out.capabilityData.data.handles, sizeof(TPML_HANDLE));
+    }
+    handles = &out.capabilityData.data.handles;
+#ifdef DEBUG_WOLFTPM
+    printf("Handles Cap: Start 0x%x, Count %d\n", handle, handles->count);
+    for (i=0; i<handles->count; i++) {
+        printf("\tHandle 0x%x\n", handles->handle[i]);
+    }
+#endif
+    return handles->count;
+}
+
 int wolfTPM2_UnsetAuth(WOLFTPM2_DEV* dev, int index)
 {
    TPM2_AUTH_SESSION* session;
--- a/wolftpm/tpm2_wrap.h
+++ b/wolftpm/tpm2_wrap.h
@ -323,7 +323,7 @@ WOLFTPM_API int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev);

 /*!
    \ingroup wolfTPM2_Wrappers
-    \brief Reported the available TPM capabilities
+    \brief Reports the available TPM capabilities

    \return TPM_RC_SUCCESS: successful
    \return TPM_RC_FAILURE: generic failure (check TPM IO communication and TPM return code)
@ -351,6 +351,31 @@ WOLFTPM_API int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev);
 */
 WOLFTPM_API int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* caps);

+
+/*!
+    \ingroup wolfTPM2_Wrappers
+    \brief Gets a list of handles
+
+    \return 0 or great: successful, count of handles
+    \return TPM_RC_FAILURE: generic failure (check TPM IO communication and TPM return code)
+    \return BAD_FUNC_ARG: check the provided arguments
+
+    \param handle handle to start from (example: PCR_FIRST, NV_INDEX_FIRST, HMAC_SESSION_FIRST, POLICY_SESSION_FIRST, PERMANENT_FIRST, TRANSIENT_FIRST or PERSISTENT_FIRST)
+    \param handles pointer to TPML_HANDLE to return handle results (optional)
+
+    _Example_
+    \code
+    int persistent_handle_count;
+
+    // get count of persistent handles
+    persistent_handle_count = wolfTPM2_GetHandles(&dev, PERSISTENT_FIRST, NULL);
+    \endcode
+
+    \sa wolfTPM2_GetCapabilities
+*/
+WOLFTPM_API int wolfTPM2_GetHandles(TPM_HANDLE handle, TPML_HANDLE* handles);
+
+
 /*!
    \ingroup wolfTPM2_Wrappers
    \brief Clears one of the TPM Authorization slots, pointed by its index number