Skip to content

tpm2_makecredential: Fix usage of name parameter. #3519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JuergenReppSIT merged 1 commit into from
Oct 30, 2025
+16 −6
Merged

tpm2_makecredential: Fix usage of name parameter. #3519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions man/tpm2_makecredential.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,10 @@ TCTI option.

The secret which will be protected by the key derived from the random seed. It can be specified as a file or passed from stdin.

* **-n**, **\--name**=_FILE_:
* **-n**, **\--name**=_FILE\_OR\_HEX_:

The name of the key for which certificate is to be created.
The name of the key for which certificate is to be created. Can either be
a path or hex string.

* **-o**, **\--credential-blob**=_FILE_:

Expand Down
5 changes: 5 additions & 0 deletions test/integration/tests/makecredential.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ output_ek_pub=ek_pub.out
output_ak_pub=ak_pub.out
output_ak_pub_name=ak_name_pub.out
output_mkcredential=mkcredential.out
output_mkcredential2=mkcredentiali2.out

cleanup() {
rm -f $output_ek_pub $output_ak_pub $output_ak_pub_name \
Expand Down Expand Up @@ -45,6 +46,10 @@ Loadkeyname=`cat $output_ak_pub_name | xxd -p -c $file_size`
tpm2 makecredential -Q -u $output_ek_pub -s $file_input_data -n $Loadkeyname \
-o $output_mkcredential

# Check usage of name file instead of hex string
tpm2 makecredential -Q -u $output_ek_pub -s $file_input_data -n $output_ak_pub_name \
-o $output_mkcredential2

# use no tpm backend
tpm2 makecredential -T none -Q -u $output_ek_pub -s $file_input_data \
-n $Loadkeyname -o $output_mkcredential
Expand Down
12 changes: 8 additions & 4 deletions tools/tpm2_makecredential.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ static tool_rc make_credential_and_save(ESYS_CONTEXT *ectx) {

static bool on_option(char key, char *value) {

tool_rc rc;
switch (key) {
case 'u':
if (ctx.flags.e) {
Expand All @@ -226,12 +227,15 @@ static bool on_option(char key, char *value) {
break;
case 'n':
ctx.object_name.size = BUFFER_SIZE(TPM2B_NAME, name);
int q;
if ((q = tpm2_util_hex_to_byte_structure(value, &ctx.object_name.size,
ctx.object_name.name)) != 0) {
LOG_ERR("FAILED: %d", q);
rc = tpm2_util_bin_from_hex_or_file(value,
&ctx.object_name.size, ctx.object_name.name) ?
tool_rc_success : tool_rc_general_error;

if (rc != tool_rc_success) {
LOG_ERR("Could not load name data");
return false;
}

ctx.flags.n = 1;
break;
case 'o':
Expand Down
Loading