Skip to content

Commit 2882f37

Browse files
tpm2_makecredential: Fix usage of name parameter.
The man page for tpm2_makecredential states that the -name parameter can be a file. However, a hex string of the name is expected. Similar to the procedure used with tpm2_certifycreation, a file with the name or a hex string can now be passed. Fixes: #3274 Signed-off-by: Juergen Repp <juergen_repp@web.de>
1 parent 48cf2aa commit 2882f37

File tree

3 files changed

+16
-6
lines changed

3 files changed

+16
-6
lines changed

man/tpm2_makecredential.1.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,10 @@ TCTI option.
5555

5656
The secret which will be protected by the key derived from the random seed. It can be specified as a file or passed from stdin.
5757

58-
* **-n**, **\--name**=_FILE_:
58+
* **-n**, **\--name**=_FILE\_OR\_HEX_:
5959

60-
The name of the key for which certificate is to be created.
60+
The name of the key for which certificate is to be created. Can either be
61+
a path or hex string.
6162

6263
* **-o**, **\--credential-blob**=_FILE_:
6364

test/integration/tests/makecredential.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ output_ek_pub=ek_pub.out
1414
output_ak_pub=ak_pub.out
1515
output_ak_pub_name=ak_name_pub.out
1616
output_mkcredential=mkcredential.out
17+
output_mkcredential2=mkcredentiali2.out
1718

1819
cleanup() {
1920
rm -f $output_ek_pub $output_ak_pub $output_ak_pub_name \
@@ -45,6 +46,10 @@ Loadkeyname=`cat $output_ak_pub_name | xxd -p -c $file_size`
4546
tpm2 makecredential -Q -u $output_ek_pub -s $file_input_data -n $Loadkeyname \
4647
-o $output_mkcredential
4748

49+
# Check usage of name file instead of hex string
50+
tpm2 makecredential -Q -u $output_ek_pub -s $file_input_data -n $output_ak_pub_name \
51+
-o $output_mkcredential2
52+
4853
# use no tpm backend
4954
tpm2 makecredential -T none -Q -u $output_ek_pub -s $file_input_data \
5055
-n $Loadkeyname -o $output_mkcredential

tools/tpm2_makecredential.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,7 @@ static tool_rc make_credential_and_save(ESYS_CONTEXT *ectx) {
203203

204204
static bool on_option(char key, char *value) {
205205

206+
tool_rc rc;
206207
switch (key) {
207208
case 'u':
208209
if (ctx.flags.e) {
@@ -226,12 +227,15 @@ static bool on_option(char key, char *value) {
226227
break;
227228
case 'n':
228229
ctx.object_name.size = BUFFER_SIZE(TPM2B_NAME, name);
229-
int q;
230-
if ((q = tpm2_util_hex_to_byte_structure(value, &ctx.object_name.size,
231-
ctx.object_name.name)) != 0) {
232-
LOG_ERR("FAILED: %d", q);
230+
rc = tpm2_util_bin_from_hex_or_file(value,
231+
&ctx.object_name.size, ctx.object_name.name) ?
232+
tool_rc_success : tool_rc_general_error;
233+
234+
if (rc != tool_rc_success) {
235+
LOG_ERR("Could not load name data");
233236
return false;
234237
}
238+
235239
ctx.flags.n = 1;
236240
break;
237241
case 'o':

0 commit comments

Comments
 (0)