From 84ead1b7a35362d5fae9b26a0edb9a68eeb6e5c8 Mon Sep 17 00:00:00 2001 From: Juergen Repp Date: Tue, 23 Jan 2024 12:00:45 +0100 Subject: [PATCH] FAPI: Clean command context before execution. The FAPI command context now is cleared in the async function of every command. Signed-off-by: Juergen Repp --- src/tss2-fapi/api/Fapi_CreateKey.c | 3 +++ src/tss2-fapi/api/Fapi_Decrypt.c | 3 +++ src/tss2-fapi/api/Fapi_Delete.c | 3 +++ src/tss2-fapi/api/Fapi_Encrypt.c | 3 +++ src/tss2-fapi/api/Fapi_ExportKey.c | 3 +++ src/tss2-fapi/api/Fapi_ExportPolicy.c | 3 +++ src/tss2-fapi/api/Fapi_GetCertificate.c | 3 +++ src/tss2-fapi/api/Fapi_GetEsysBlob.c | 3 +++ src/tss2-fapi/api/Fapi_GetInfo.c | 3 +++ src/tss2-fapi/api/Fapi_GetRandom.c | 3 +++ src/tss2-fapi/api/Fapi_Import.c | 3 +++ src/tss2-fapi/api/Fapi_NvExtend.c | 3 +++ src/tss2-fapi/api/Fapi_NvRead.c | 3 +++ src/tss2-fapi/api/Fapi_PcrExtend.c | 3 +++ src/tss2-fapi/api/Fapi_PcrRead.c | 3 +++ src/tss2-fapi/api/Fapi_SetAppData.c | 3 +++ src/tss2-fapi/api/Fapi_SetCertificate.c | 3 +++ src/tss2-fapi/api/Fapi_SetDescription.c | 3 +++ src/tss2-fapi/api/Fapi_Sign.c | 3 +++ src/tss2-fapi/api/Fapi_Unseal.c | 3 +++ src/tss2-fapi/api/Fapi_VerifyQuote.c | 3 +++ src/tss2-fapi/api/Fapi_VerifySignature.c | 3 +++ src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c | 3 +++ 23 files changed, 69 insertions(+) diff --git a/src/tss2-fapi/api/Fapi_CreateKey.c b/src/tss2-fapi/api/Fapi_CreateKey.c index b26802ca2..a6a239ea5 100644 --- a/src/tss2-fapi/api/Fapi_CreateKey.c +++ b/src/tss2-fapi/api/Fapi_CreateKey.c @@ -175,6 +175,9 @@ Fapi_CreateKey_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + attributes = &context->cmd.Key_Create.public_templ.public.publicArea.objectAttributes; /* Reset all context-internal session state information. */ diff --git a/src/tss2-fapi/api/Fapi_Decrypt.c b/src/tss2-fapi/api/Fapi_Decrypt.c index bd921b362..e6e8afe4b 100644 --- a/src/tss2-fapi/api/Fapi_Decrypt.c +++ b/src/tss2-fapi/api/Fapi_Decrypt.c @@ -168,6 +168,9 @@ Fapi_Decrypt_Async( check_not_null(keyPath); check_not_null(cipherText); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_Data_EncryptDecrypt * command = &(context->cmd.Data_EncryptDecrypt); diff --git a/src/tss2-fapi/api/Fapi_Delete.c b/src/tss2-fapi/api/Fapi_Delete.c index fd0dd9dd3..b41c1082e 100644 --- a/src/tss2-fapi/api/Fapi_Delete.c +++ b/src/tss2-fapi/api/Fapi_Delete.c @@ -374,6 +374,9 @@ Fapi_Delete_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_Entity_Delete * command = &(context->cmd.Entity_Delete); IFAPI_OBJECT *object = &command->object; diff --git a/src/tss2-fapi/api/Fapi_Encrypt.c b/src/tss2-fapi/api/Fapi_Encrypt.c index 0c83aaba0..187291157 100644 --- a/src/tss2-fapi/api/Fapi_Encrypt.c +++ b/src/tss2-fapi/api/Fapi_Encrypt.c @@ -179,6 +179,9 @@ Fapi_Encrypt_Async( check_not_null(keyPath); check_not_null(plainText); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_Data_EncryptDecrypt * command = &(context->cmd.Data_EncryptDecrypt); diff --git a/src/tss2-fapi/api/Fapi_ExportKey.c b/src/tss2-fapi/api/Fapi_ExportKey.c index 44d06cabb..86eb88d04 100644 --- a/src/tss2-fapi/api/Fapi_ExportKey.c +++ b/src/tss2-fapi/api/Fapi_ExportKey.c @@ -182,6 +182,9 @@ Fapi_ExportKey_Async( check_not_null(context); check_not_null(pathOfKeyToDuplicate); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_ExportKey * command = &context->cmd.ExportKey; diff --git a/src/tss2-fapi/api/Fapi_ExportPolicy.c b/src/tss2-fapi/api/Fapi_ExportPolicy.c index 7f7f291da..e5885c627 100644 --- a/src/tss2-fapi/api/Fapi_ExportPolicy.c +++ b/src/tss2-fapi/api/Fapi_ExportPolicy.c @@ -136,6 +136,9 @@ Fapi_ExportPolicy_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_ExportPolicy * command = &context->cmd.ExportPolicy; diff --git a/src/tss2-fapi/api/Fapi_GetCertificate.c b/src/tss2-fapi/api/Fapi_GetCertificate.c index e8652f57c..2086045c7 100644 --- a/src/tss2-fapi/api/Fapi_GetCertificate.c +++ b/src/tss2-fapi/api/Fapi_GetCertificate.c @@ -187,6 +187,9 @@ Fapi_GetCertificate_Finish( check_not_null(context); check_not_null(x509certData); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_Key_SetCertificate *command = &context->cmd.Key_SetCertificate; IFAPI_OBJECT *keyObject = &command->key_object; diff --git a/src/tss2-fapi/api/Fapi_GetEsysBlob.c b/src/tss2-fapi/api/Fapi_GetEsysBlob.c index 8c4974430..43f7d1114 100644 --- a/src/tss2-fapi/api/Fapi_GetEsysBlob.c +++ b/src/tss2-fapi/api/Fapi_GetEsysBlob.c @@ -145,6 +145,9 @@ Fapi_GetEsysBlob_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_GetEsysBlob * command = &(context->cmd.GetEsysBlob); IFAPI_OBJECT *object = &command->object; diff --git a/src/tss2-fapi/api/Fapi_GetInfo.c b/src/tss2-fapi/api/Fapi_GetInfo.c index 329d2472f..881b2a6ce 100644 --- a/src/tss2-fapi/api/Fapi_GetInfo.c +++ b/src/tss2-fapi/api/Fapi_GetInfo.c @@ -157,6 +157,9 @@ Fapi_GetInfo_Async( /* Check for NULL parameters */ check_not_null(context); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_GetInfo * command = &context->cmd.GetInfo; diff --git a/src/tss2-fapi/api/Fapi_GetRandom.c b/src/tss2-fapi/api/Fapi_GetRandom.c index e5bc58a21..0f2e1859d 100644 --- a/src/tss2-fapi/api/Fapi_GetRandom.c +++ b/src/tss2-fapi/api/Fapi_GetRandom.c @@ -148,6 +148,9 @@ Fapi_GetRandom_Async( /* Check for NULL parameters */ check_not_null(context); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_GetRandom * command = &context->get_random; diff --git a/src/tss2-fapi/api/Fapi_Import.c b/src/tss2-fapi/api/Fapi_Import.c index 81f0ee603..ab6c34516 100644 --- a/src/tss2-fapi/api/Fapi_Import.c +++ b/src/tss2-fapi/api/Fapi_Import.c @@ -156,6 +156,9 @@ Fapi_Import_Async( check_not_null(path); check_not_null(importData); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_ImportKey * command = &context->cmd.ImportKey; IFAPI_OBJECT *object = &command->object; diff --git a/src/tss2-fapi/api/Fapi_NvExtend.c b/src/tss2-fapi/api/Fapi_NvExtend.c index 9b45647c1..237125815 100644 --- a/src/tss2-fapi/api/Fapi_NvExtend.c +++ b/src/tss2-fapi/api/Fapi_NvExtend.c @@ -174,6 +174,9 @@ Fapi_NvExtend_Async( check_not_null(nvPath); check_not_null(data); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Check for maximum allowed dataSize. */ if (dataSize > 1024) { LOG_ERROR("dataSize exceeds allowed maximum of 1024. dataSize = %zi", dataSize); diff --git a/src/tss2-fapi/api/Fapi_NvRead.c b/src/tss2-fapi/api/Fapi_NvRead.c index e378c3239..059511bc7 100644 --- a/src/tss2-fapi/api/Fapi_NvRead.c +++ b/src/tss2-fapi/api/Fapi_NvRead.c @@ -162,6 +162,9 @@ Fapi_NvRead_Async( check_not_null(context); check_not_null(nvPath); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_NV_Cmds * command = &context->nv_cmd; diff --git a/src/tss2-fapi/api/Fapi_PcrExtend.c b/src/tss2-fapi/api/Fapi_PcrExtend.c index 88e622934..6081e3ec0 100644 --- a/src/tss2-fapi/api/Fapi_PcrExtend.c +++ b/src/tss2-fapi/api/Fapi_PcrExtend.c @@ -163,6 +163,9 @@ Fapi_PcrExtend_Async( check_not_null(context); check_not_null(data); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_PCR * command = &context->cmd.pcr; diff --git a/src/tss2-fapi/api/Fapi_PcrRead.c b/src/tss2-fapi/api/Fapi_PcrRead.c index d1ac36afd..e00690a0a 100644 --- a/src/tss2-fapi/api/Fapi_PcrRead.c +++ b/src/tss2-fapi/api/Fapi_PcrRead.c @@ -144,6 +144,9 @@ Fapi_PcrRead_Async( /* Check for NULL parameters */ check_not_null(context); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_PCR * command = &context->cmd.pcr; diff --git a/src/tss2-fapi/api/Fapi_SetAppData.c b/src/tss2-fapi/api/Fapi_SetAppData.c index 93039fb8d..1ba5ae00e 100644 --- a/src/tss2-fapi/api/Fapi_SetAppData.c +++ b/src/tss2-fapi/api/Fapi_SetAppData.c @@ -139,6 +139,9 @@ Fapi_SetAppData_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + if (context->state != _FAPI_STATE_INIT) { return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); } diff --git a/src/tss2-fapi/api/Fapi_SetCertificate.c b/src/tss2-fapi/api/Fapi_SetCertificate.c index 09427380b..1f5a0fe74 100644 --- a/src/tss2-fapi/api/Fapi_SetCertificate.c +++ b/src/tss2-fapi/api/Fapi_SetCertificate.c @@ -138,6 +138,9 @@ Fapi_SetCertificate_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + if (context->state != _FAPI_STATE_INIT) { return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); } diff --git a/src/tss2-fapi/api/Fapi_SetDescription.c b/src/tss2-fapi/api/Fapi_SetDescription.c index affe9d915..bee083edd 100644 --- a/src/tss2-fapi/api/Fapi_SetDescription.c +++ b/src/tss2-fapi/api/Fapi_SetDescription.c @@ -127,6 +127,9 @@ Fapi_SetDescription_Async( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + if (context->state != _FAPI_STATE_INIT) { return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); } diff --git a/src/tss2-fapi/api/Fapi_Sign.c b/src/tss2-fapi/api/Fapi_Sign.c index 0ea96b329..52b3c9c69 100644 --- a/src/tss2-fapi/api/Fapi_Sign.c +++ b/src/tss2-fapi/api/Fapi_Sign.c @@ -187,6 +187,9 @@ Fapi_Sign_Async( check_not_null(keyPath); check_not_null(digest); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Check for invalid parameters */ if (padding) { if (strcasecmp("RSA_SSA", padding) != 0 && diff --git a/src/tss2-fapi/api/Fapi_Unseal.c b/src/tss2-fapi/api/Fapi_Unseal.c index 2bde209fa..4e8c0d3a1 100644 --- a/src/tss2-fapi/api/Fapi_Unseal.c +++ b/src/tss2-fapi/api/Fapi_Unseal.c @@ -76,6 +76,9 @@ Fapi_Unseal( check_not_null(context); check_not_null(path); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Check whether TCTI and ESYS are initialized */ return_if_null(context->esys, "Command can't be executed in none TPM mode.", TSS2_FAPI_RC_NO_TPM); diff --git a/src/tss2-fapi/api/Fapi_VerifyQuote.c b/src/tss2-fapi/api/Fapi_VerifyQuote.c index fda532397..8a0e119cc 100644 --- a/src/tss2-fapi/api/Fapi_VerifyQuote.c +++ b/src/tss2-fapi/api/Fapi_VerifyQuote.c @@ -175,6 +175,9 @@ Fapi_VerifyQuote_Async( check_not_null(quoteInfo); check_not_null(signature); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + if (context->state != _FAPI_STATE_INIT) { return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); } diff --git a/src/tss2-fapi/api/Fapi_VerifySignature.c b/src/tss2-fapi/api/Fapi_VerifySignature.c index 157c7eceb..dbc54b278 100644 --- a/src/tss2-fapi/api/Fapi_VerifySignature.c +++ b/src/tss2-fapi/api/Fapi_VerifySignature.c @@ -164,6 +164,9 @@ Fapi_VerifySignature_Async( check_not_null(digest); check_not_null(signature); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_Key_VerifySignature * command = &context->cmd.Key_VerifySignature; diff --git a/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c b/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c index 470077e51..8e346e80a 100644 --- a/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c +++ b/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c @@ -156,6 +156,9 @@ Fapi_WriteAuthorizeNv_Async( check_not_null(nvPath); check_not_null(policyPath); + /* Cleanup command context. */ + memset(&context->cmd, 0, sizeof(IFAPI_CMD_STATE)); + /* Helpful alias pointers */ IFAPI_api_WriteAuthorizeNv * command = &context->cmd.WriteAuthorizeNV; IFAPI_NV_Cmds * nvCmd = &context->nv_cmd;