mirror of
https://github.com/systemd/systemd
synced 2024-10-15 12:34:37 +00:00
Merge pull request #26357 from ddstreet/tpm2_policy_session
Tpm2 policy session
This commit is contained in:
commit
3be6943e07
|
@ -52,6 +52,7 @@ TSS2_RC (*sym_Esys_PolicyPCR)(ESYS_CONTEXT *esysContext, ESYS_TR policySession,
|
||||||
TSS2_RC (*sym_Esys_ReadPublic)(ESYS_CONTEXT *esysContext, ESYS_TR objectHandle, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, TPM2B_PUBLIC **outPublic, TPM2B_NAME **name, TPM2B_NAME **qualifiedName);
|
TSS2_RC (*sym_Esys_ReadPublic)(ESYS_CONTEXT *esysContext, ESYS_TR objectHandle, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, TPM2B_PUBLIC **outPublic, TPM2B_NAME **name, TPM2B_NAME **qualifiedName);
|
||||||
TSS2_RC (*sym_Esys_StartAuthSession)(ESYS_CONTEXT *esysContext, ESYS_TR tpmKey, ESYS_TR bind, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceCaller, TPM2_SE sessionType, const TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash, ESYS_TR *sessionHandle) = NULL;
|
TSS2_RC (*sym_Esys_StartAuthSession)(ESYS_CONTEXT *esysContext, ESYS_TR tpmKey, ESYS_TR bind, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceCaller, TPM2_SE sessionType, const TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash, ESYS_TR *sessionHandle) = NULL;
|
||||||
TSS2_RC (*sym_Esys_Startup)(ESYS_CONTEXT *esysContext, TPM2_SU startupType) = NULL;
|
TSS2_RC (*sym_Esys_Startup)(ESYS_CONTEXT *esysContext, TPM2_SU startupType) = NULL;
|
||||||
|
TSS2_RC (*sym_Esys_TRSess_GetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION *flags);
|
||||||
TSS2_RC (*sym_Esys_TRSess_SetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION flags, TPMA_SESSION mask);
|
TSS2_RC (*sym_Esys_TRSess_SetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION flags, TPMA_SESSION mask);
|
||||||
TSS2_RC (*sym_Esys_TR_GetName)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_NAME **name);
|
TSS2_RC (*sym_Esys_TR_GetName)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_NAME **name);
|
||||||
TSS2_RC (*sym_Esys_TR_Deserialize)(ESYS_CONTEXT *esys_context, uint8_t const *buffer, size_t buffer_size, ESYS_TR *esys_handle);
|
TSS2_RC (*sym_Esys_TR_Deserialize)(ESYS_CONTEXT *esys_context, uint8_t const *buffer, size_t buffer_size, ESYS_TR *esys_handle);
|
||||||
|
@ -93,6 +94,7 @@ int dlopen_tpm2(void) {
|
||||||
DLSYM_ARG(Esys_ReadPublic),
|
DLSYM_ARG(Esys_ReadPublic),
|
||||||
DLSYM_ARG(Esys_StartAuthSession),
|
DLSYM_ARG(Esys_StartAuthSession),
|
||||||
DLSYM_ARG(Esys_Startup),
|
DLSYM_ARG(Esys_Startup),
|
||||||
|
DLSYM_ARG(Esys_TRSess_GetAttributes),
|
||||||
DLSYM_ARG(Esys_TRSess_SetAttributes),
|
DLSYM_ARG(Esys_TRSess_SetAttributes),
|
||||||
DLSYM_ARG(Esys_TR_FromTPMPublic),
|
DLSYM_ARG(Esys_TR_FromTPMPublic),
|
||||||
DLSYM_ARG(Esys_TR_GetName),
|
DLSYM_ARG(Esys_TR_GetName),
|
||||||
|
@ -1393,6 +1395,20 @@ static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) {
|
||||||
sha256_finish_ctx(&hash, auth->buffer);
|
sha256_finish_ctx(&hash, auth->buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool tpm2_is_encryption_session(Tpm2Context *c, const Tpm2Handle *session) {
|
||||||
|
TPMA_SESSION flags = 0;
|
||||||
|
TSS2_RC rc;
|
||||||
|
|
||||||
|
assert(c);
|
||||||
|
assert(session);
|
||||||
|
|
||||||
|
rc = sym_Esys_TRSess_GetAttributes(c->esys_context, session->esys_handle, &flags);
|
||||||
|
if (rc != TSS2_RC_SUCCESS)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
return (flags & TPMA_SESSION_DECRYPT) && (flags & TPMA_SESSION_ENCRYPT);
|
||||||
|
}
|
||||||
|
|
||||||
static int tpm2_make_encryption_session(
|
static int tpm2_make_encryption_session(
|
||||||
Tpm2Context *c,
|
Tpm2Context *c,
|
||||||
const Tpm2Handle *primary,
|
const Tpm2Handle *primary,
|
||||||
|
@ -1476,6 +1492,59 @@ static int tpm2_make_encryption_session(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int tpm2_make_policy_session(
|
||||||
|
Tpm2Context *c,
|
||||||
|
const Tpm2Handle *primary,
|
||||||
|
const Tpm2Handle *encryption_session,
|
||||||
|
bool trial,
|
||||||
|
Tpm2Handle **ret_session) {
|
||||||
|
|
||||||
|
static const TPMT_SYM_DEF symmetric = {
|
||||||
|
.algorithm = TPM2_ALG_AES,
|
||||||
|
.keyBits.aes = 128,
|
||||||
|
.mode.aes = TPM2_ALG_CFB,
|
||||||
|
};
|
||||||
|
TPM2_SE session_type = trial ? TPM2_SE_TRIAL : TPM2_SE_POLICY;
|
||||||
|
TSS2_RC rc;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(c);
|
||||||
|
assert(primary);
|
||||||
|
assert(encryption_session);
|
||||||
|
assert(ret_session);
|
||||||
|
|
||||||
|
if (!tpm2_is_encryption_session(c, encryption_session))
|
||||||
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
|
"Missing encryption session");
|
||||||
|
|
||||||
|
log_debug("Starting policy session.");
|
||||||
|
|
||||||
|
_cleanup_tpm2_handle_ Tpm2Handle *session = NULL;
|
||||||
|
r = tpm2_handle_new(c, &session);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
rc = sym_Esys_StartAuthSession(
|
||||||
|
c->esys_context,
|
||||||
|
primary->esys_handle,
|
||||||
|
ESYS_TR_NONE,
|
||||||
|
encryption_session->esys_handle,
|
||||||
|
ESYS_TR_NONE,
|
||||||
|
ESYS_TR_NONE,
|
||||||
|
NULL,
|
||||||
|
session_type,
|
||||||
|
&symmetric,
|
||||||
|
TPM2_ALG_SHA256,
|
||||||
|
&session->esys_handle);
|
||||||
|
if (rc != TSS2_RC_SUCCESS)
|
||||||
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||||||
|
"Failed to open session in TPM: %s", sym_Tss2_RC_Decode(rc));
|
||||||
|
|
||||||
|
*ret_session = TAKE_PTR(session);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int openssl_pubkey_to_tpm2_pubkey(
|
static int openssl_pubkey_to_tpm2_pubkey(
|
||||||
const void *pubkey,
|
const void *pubkey,
|
||||||
size_t pubkey_size,
|
size_t pubkey_size,
|
||||||
|
@ -1693,87 +1762,36 @@ static int find_signature(
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static int tpm2_make_policy_session(
|
static int tpm2_build_sealing_policy(
|
||||||
Tpm2Context *c,
|
Tpm2Context *c,
|
||||||
const Tpm2Handle *primary,
|
const Tpm2Handle *session,
|
||||||
const Tpm2Handle *parent_session,
|
|
||||||
TPM2_SE session_type,
|
|
||||||
uint32_t hash_pcr_mask,
|
uint32_t hash_pcr_mask,
|
||||||
uint16_t pcr_bank, /* If UINT16_MAX, pick best bank automatically, otherwise specify bank explicitly. */
|
uint16_t pcr_bank,
|
||||||
const void *pubkey,
|
const void *pubkey,
|
||||||
size_t pubkey_size,
|
size_t pubkey_size,
|
||||||
uint32_t pubkey_pcr_mask,
|
uint32_t pubkey_pcr_mask,
|
||||||
JsonVariant *signature_json,
|
JsonVariant *signature_json,
|
||||||
bool use_pin,
|
bool use_pin,
|
||||||
Tpm2Handle **ret_session,
|
TPM2B_DIGEST **ret_policy_digest) {
|
||||||
TPM2B_DIGEST **ret_policy_digest,
|
|
||||||
TPMI_ALG_HASH *ret_pcr_bank) {
|
|
||||||
|
|
||||||
static const TPMT_SYM_DEF symmetric = {
|
|
||||||
.algorithm = TPM2_ALG_AES,
|
|
||||||
.keyBits.aes = 128,
|
|
||||||
.mode.aes = TPM2_ALG_CFB,
|
|
||||||
};
|
|
||||||
TSS2_RC rc;
|
TSS2_RC rc;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(c);
|
assert(c);
|
||||||
|
assert(session);
|
||||||
assert(pubkey || pubkey_size == 0);
|
assert(pubkey || pubkey_size == 0);
|
||||||
assert(pubkey_pcr_mask == 0 || pubkey_size > 0);
|
assert(pubkey_pcr_mask == 0 || pubkey_size > 0);
|
||||||
|
|
||||||
log_debug("Starting authentication session.");
|
log_debug("Building sealing policy.");
|
||||||
|
|
||||||
/* So apparently some TPM implementations don't implement trial mode correctly. To avoid issues let's
|
|
||||||
* avoid it when it is easy to. At the moment we only really need trial mode for the signed PCR
|
|
||||||
* policies (since only then we need to shove PCR values into the policy that don't match current
|
|
||||||
* state anyway), hence if we have none of those we don't need to bother. Hence, let's patch in
|
|
||||||
* TPM2_SE_POLICY even if trial mode is requested unless a pubkey PCR mask is specified that is
|
|
||||||
* non-zero, i.e. signed PCR policy is requested.
|
|
||||||
*
|
|
||||||
* One day we should switch to calculating policy hashes client side when trial mode is requested, to
|
|
||||||
* avoid this mess. */
|
|
||||||
if (session_type == TPM2_SE_TRIAL && pubkey_pcr_mask == 0)
|
|
||||||
session_type = TPM2_SE_POLICY;
|
|
||||||
|
|
||||||
if ((hash_pcr_mask | pubkey_pcr_mask) != 0) {
|
if ((hash_pcr_mask | pubkey_pcr_mask) != 0) {
|
||||||
/* We are told to configure a PCR policy of some form, let's determine/validate the PCR bank to use. */
|
r = tpm2_pcr_mask_good(c, pcr_bank, hash_pcr_mask|pubkey_pcr_mask);
|
||||||
|
if (r < 0)
|
||||||
if (pcr_bank != UINT16_MAX) {
|
return r;
|
||||||
r = tpm2_pcr_mask_good(c, pcr_bank, hash_pcr_mask|pubkey_pcr_mask);
|
if (r == 0)
|
||||||
if (r < 0)
|
log_warning("Selected TPM2 PCRs are not initialized on this system.");
|
||||||
return r;
|
|
||||||
if (r == 0)
|
|
||||||
log_warning("Selected TPM2 PCRs are not initialized on this system, most likely due to a firmware issue. PCR policy is effectively not enforced. Proceeding anyway.");
|
|
||||||
} else {
|
|
||||||
/* No bank configured, pick automatically. Some TPM2 devices only can do SHA1. If we
|
|
||||||
* detect that use that, but preferably use SHA256 */
|
|
||||||
r = tpm2_get_best_pcr_bank(c, hash_pcr_mask|pubkey_pcr_mask, &pcr_bank);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_cleanup_tpm2_handle_ Tpm2Handle *session = NULL;
|
|
||||||
r = tpm2_handle_new(c, &session);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
rc = sym_Esys_StartAuthSession(
|
|
||||||
c->esys_context,
|
|
||||||
primary->esys_handle,
|
|
||||||
ESYS_TR_NONE,
|
|
||||||
parent_session->esys_handle,
|
|
||||||
ESYS_TR_NONE,
|
|
||||||
ESYS_TR_NONE,
|
|
||||||
NULL,
|
|
||||||
session_type,
|
|
||||||
&symmetric,
|
|
||||||
TPM2_ALG_SHA256,
|
|
||||||
&session->esys_handle);
|
|
||||||
if (rc != TSS2_RC_SUCCESS)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
|
||||||
"Failed to open session in TPM: %s", sym_Tss2_RC_Decode(rc));
|
|
||||||
|
|
||||||
if (pubkey_pcr_mask != 0) {
|
if (pubkey_pcr_mask != 0) {
|
||||||
_cleanup_free_ void *fp = NULL;
|
_cleanup_free_ void *fp = NULL;
|
||||||
size_t fp_size = 0;
|
size_t fp_size = 0;
|
||||||
|
@ -1954,12 +1972,6 @@ static int tpm2_make_policy_session(
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (ret_session)
|
|
||||||
*ret_session = TAKE_PTR(session);
|
|
||||||
|
|
||||||
if (ret_pcr_bank)
|
|
||||||
*ret_pcr_bank = pcr_bank;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2032,33 +2044,57 @@ int tpm2_seal(const char *device,
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
TPMI_ALG_HASH pcr_bank = 0;
|
||||||
|
if (hash_pcr_mask | pubkey_pcr_mask) {
|
||||||
|
/* Some TPM2 devices only can do SHA1. Prefer SHA256 but allow SHA1. */
|
||||||
|
r = tpm2_get_best_pcr_bank(c, hash_pcr_mask|pubkey_pcr_mask, &pcr_bank);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
_cleanup_tpm2_handle_ Tpm2Handle *primary = NULL;
|
_cleanup_tpm2_handle_ Tpm2Handle *primary = NULL;
|
||||||
r = tpm2_make_primary(c, /* alg = */0, !!ret_srk_buf, &primary_alg, &primary);
|
r = tpm2_make_primary(c, /* alg = */0, !!ret_srk_buf, &primary_alg, &primary);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* we cannot use the bind key before its created */
|
/* we cannot use the bind key before its created */
|
||||||
_cleanup_tpm2_handle_ Tpm2Handle *session = NULL;
|
_cleanup_tpm2_handle_ Tpm2Handle *encryption_session = NULL;
|
||||||
r = tpm2_make_encryption_session(c, primary, &TPM2_HANDLE_NONE, NULL, &session);
|
r = tpm2_make_encryption_session(c, primary, &TPM2_HANDLE_NONE, NULL, &encryption_session);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
/* So apparently some TPM implementations don't implement trial mode correctly. To avoid issues let's
|
||||||
|
* avoid it when it is easy to. At the moment we only really need trial mode for the signed PCR
|
||||||
|
* policies (since only then we need to shove PCR values into the policy that don't match current
|
||||||
|
* state anyway), hence if we have none of those we don't need to bother. Hence, let's patch in
|
||||||
|
* TPM2_SE_POLICY even if trial mode is requested unless a pubkey PCR mask is specified that is
|
||||||
|
* non-zero, i.e. signed PCR policy is requested.
|
||||||
|
*
|
||||||
|
* One day we should switch to calculating policy hashes client side when trial mode is requested, to
|
||||||
|
* avoid this mess. */
|
||||||
|
bool trial = (pubkey_pcr_mask != 0);
|
||||||
|
|
||||||
|
_cleanup_tpm2_handle_ Tpm2Handle *policy_session = NULL;
|
||||||
|
r = tpm2_make_policy_session(
|
||||||
|
c,
|
||||||
|
primary,
|
||||||
|
encryption_session,
|
||||||
|
trial,
|
||||||
|
&policy_session);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
|
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
|
||||||
TPMI_ALG_HASH pcr_bank;
|
r = tpm2_build_sealing_policy(
|
||||||
r = tpm2_make_policy_session(
|
|
||||||
c,
|
c,
|
||||||
primary,
|
policy_session,
|
||||||
session,
|
|
||||||
TPM2_SE_TRIAL,
|
|
||||||
hash_pcr_mask,
|
hash_pcr_mask,
|
||||||
/* pcr_bank= */ UINT16_MAX,
|
pcr_bank,
|
||||||
pubkey, pubkey_size,
|
pubkey, pubkey_size,
|
||||||
pubkey_pcr_mask,
|
pubkey_pcr_mask,
|
||||||
/* signature_json= */ NULL,
|
/* signature_json= */ NULL,
|
||||||
!!pin,
|
!!pin,
|
||||||
/* ret_session= */ NULL,
|
&policy_digest);
|
||||||
&policy_digest,
|
|
||||||
&pcr_bank);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -2099,7 +2135,7 @@ int tpm2_seal(const char *device,
|
||||||
rc = sym_Esys_Create(
|
rc = sym_Esys_Create(
|
||||||
c->esys_context,
|
c->esys_context,
|
||||||
primary->esys_handle,
|
primary->esys_handle,
|
||||||
session->esys_handle, /* use HMAC session to enable parameter encryption */
|
encryption_session->esys_handle, /* use HMAC session to enable parameter encryption */
|
||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
&hmac_sensitive,
|
&hmac_sensitive,
|
||||||
|
@ -2317,8 +2353,8 @@ int tpm2_unseal(const char *device,
|
||||||
sym_Tss2_RC_Decode(rc));
|
sym_Tss2_RC_Decode(rc));
|
||||||
}
|
}
|
||||||
|
|
||||||
_cleanup_tpm2_handle_ Tpm2Handle *hmac_session = NULL;
|
_cleanup_tpm2_handle_ Tpm2Handle *encryption_session = NULL;
|
||||||
r = tpm2_make_encryption_session(c, primary, hmac_key, pin, &hmac_session);
|
r = tpm2_make_encryption_session(c, primary, hmac_key, pin, &encryption_session);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -2328,17 +2364,22 @@ int tpm2_unseal(const char *device,
|
||||||
r = tpm2_make_policy_session(
|
r = tpm2_make_policy_session(
|
||||||
c,
|
c,
|
||||||
primary,
|
primary,
|
||||||
hmac_session,
|
encryption_session,
|
||||||
TPM2_SE_POLICY,
|
/* trial= */ false,
|
||||||
|
&policy_session);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = tpm2_build_sealing_policy(
|
||||||
|
c,
|
||||||
|
policy_session,
|
||||||
hash_pcr_mask,
|
hash_pcr_mask,
|
||||||
pcr_bank,
|
pcr_bank,
|
||||||
pubkey, pubkey_size,
|
pubkey, pubkey_size,
|
||||||
pubkey_pcr_mask,
|
pubkey_pcr_mask,
|
||||||
signature,
|
signature,
|
||||||
!!pin,
|
!!pin,
|
||||||
&policy_session,
|
&policy_digest);
|
||||||
&policy_digest,
|
|
||||||
/* ret_pcr_bank= */ NULL);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -2356,7 +2397,7 @@ int tpm2_unseal(const char *device,
|
||||||
c->esys_context,
|
c->esys_context,
|
||||||
hmac_key->esys_handle,
|
hmac_key->esys_handle,
|
||||||
policy_session->esys_handle,
|
policy_session->esys_handle,
|
||||||
hmac_session->esys_handle, /* use HMAC session to enable parameter encryption */
|
encryption_session->esys_handle, /* use HMAC session to enable parameter encryption */
|
||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
&unsealed);
|
&unsealed);
|
||||||
if (rc == TSS2_RC_SUCCESS)
|
if (rc == TSS2_RC_SUCCESS)
|
||||||
|
|
|
@ -56,6 +56,7 @@ extern TSS2_RC (*sym_Esys_PolicyGetDigest)(ESYS_CONTEXT *esysContext, ESYS_TR po
|
||||||
extern TSS2_RC (*sym_Esys_PolicyPCR)(ESYS_CONTEXT *esysContext, ESYS_TR policySession, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_DIGEST *pcrDigest, const TPML_PCR_SELECTION *pcrs);
|
extern TSS2_RC (*sym_Esys_PolicyPCR)(ESYS_CONTEXT *esysContext, ESYS_TR policySession, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_DIGEST *pcrDigest, const TPML_PCR_SELECTION *pcrs);
|
||||||
extern TSS2_RC (*sym_Esys_StartAuthSession)(ESYS_CONTEXT *esysContext, ESYS_TR tpmKey, ESYS_TR bind, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceCaller, TPM2_SE sessionType, const TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash, ESYS_TR *sessionHandle);
|
extern TSS2_RC (*sym_Esys_StartAuthSession)(ESYS_CONTEXT *esysContext, ESYS_TR tpmKey, ESYS_TR bind, ESYS_TR shandle1, ESYS_TR shandle2, ESYS_TR shandle3, const TPM2B_NONCE *nonceCaller, TPM2_SE sessionType, const TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash, ESYS_TR *sessionHandle);
|
||||||
extern TSS2_RC (*sym_Esys_Startup)(ESYS_CONTEXT *esysContext, TPM2_SU startupType);
|
extern TSS2_RC (*sym_Esys_Startup)(ESYS_CONTEXT *esysContext, TPM2_SU startupType);
|
||||||
|
extern TSS2_RC (*sym_Esys_TRSess_GetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION *flags);
|
||||||
extern TSS2_RC (*sym_Esys_TRSess_SetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION flags, TPMA_SESSION mask);
|
extern TSS2_RC (*sym_Esys_TRSess_SetAttributes)(ESYS_CONTEXT *esysContext, ESYS_TR session, TPMA_SESSION flags, TPMA_SESSION mask);
|
||||||
extern TSS2_RC (*sym_Esys_TR_GetName)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_NAME **name);
|
extern TSS2_RC (*sym_Esys_TR_GetName)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_NAME **name);
|
||||||
extern TSS2_RC (*sym_Esys_TR_SetAuth)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_AUTH const *authValue);
|
extern TSS2_RC (*sym_Esys_TR_SetAuth)(ESYS_CONTEXT *esysContext, ESYS_TR handle, TPM2B_AUTH const *authValue);
|
||||||
|
|
Loading…
Reference in a new issue