Topics

[PATCH 2/4] Make removal of key files from the temporary directory explicit

James Bottomley
 

We've been obscuring a bug in tpm2_rm_tssdir() for a while in that we
create a key file for the parent non volatile key but don't remove it
again. We fixed it up in tpm2_rm_tssdir() by hard coding the removal
of the key file belonging to 81000001. However, this won't work if we
can have an arbitrary NV parent, so make the key file removal
explicit.

Signed-off-by: James Bottomley <James.Bottomley@...>
---
create_tpm2_key.c | 3 ++-
e_tpm2.c | 3 ++-
tpm2-common.c | 13 ++++++-------
tpm2-common.h | 3 ++-
4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index 598ad61..5534fe3 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -1426,7 +1426,8 @@ int main(int argc, char **argv)
}
tpm2_flush_srk(tssContext, phandle);
TSS_Delete(tssContext);
- tpm2_rm_tssdir(dir, 0);
+ tpm2_rm_keyfile(dir, phandle);
+ tpm2_rm_tssdir(dir);

write_key:
buffer = pubkey;
diff --git a/e_tpm2.c b/e_tpm2.c
index 167c3bf..17e997f 100644
--- a/e_tpm2.c
+++ b/e_tpm2.c
@@ -710,7 +710,8 @@ void tpm2_delete(struct app_data *app_data)
OPENSSL_free(app_data->priv);
OPENSSL_free(app_data->pub);

- tpm2_rm_tssdir(app_data->dir, app_data->key);
+ tpm2_rm_keyfile(app_data->dir, app_data->parent);
+ tpm2_rm_tssdir(app_data->dir);

OPENSSL_free((void *)app_data->dir);

diff --git a/tpm2-common.c b/tpm2-common.c
index bf950ec..1152777 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -852,7 +852,7 @@ const char *tpm2_set_unique_tssdir(void)
return dir;
}

-static void tpm2_rm_keyfile(const char *dir, TPM_HANDLE key)
+void tpm2_rm_keyfile(const char *dir, TPM_HANDLE key)
{
char keyfile[1024];

@@ -862,13 +862,12 @@ static void tpm2_rm_keyfile(const char *dir, TPM_HANDLE key)
unlink(keyfile);
}

-void tpm2_rm_tssdir(const char *dir, TPM_HANDLE extrakey)
+void tpm2_rm_tssdir(const char *dir)
{
- if (extrakey)
- tpm2_rm_keyfile(dir, extrakey);
- tpm2_rm_keyfile(dir, 0x81000001);
- if (rmdir(dir) < 0)
- perror("Unlinking TPM_DATA_DIR");
+ if (rmdir(dir) < 0) {
+ fprintf(stderr, "Unlinking %s", dir);
+ perror(":");
+ }
}

TPM_RC tpm2_create(TSS_CONTEXT **tsscp, const char *dir)
diff --git a/tpm2-common.h b/tpm2-common.h
index 6111243..f22422b 100644
--- a/tpm2-common.h
+++ b/tpm2-common.h
@@ -32,7 +32,8 @@ const char *tpm2_set_unique_tssdir(void);
TPM_RC tpm2_create(TSS_CONTEXT **tsscp, const char *dir);
TPM_RC tpm2_readpublic(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
TPMT_PUBLIC *pub);
-void tpm2_rm_tssdir(const char *dir, TPM_HANDLE extrakey);
+void tpm2_rm_tssdir(const char *dir);
+void tpm2_rm_keyfile(const char *dir, TPM_HANDLE key);
int tpm2_get_public_point(TPM2B_ECC_POINT *tpmpt, const EC_GROUP *group,
const EC_POINT *pt);
#endif
--
2.16.4