tpm2_pcrsetauthvalue: Add new tool to implement TPM2_CC_PCRSetAuthValue

Fixes tpm2-software#3333

Signed-off-by: Imran Desai <[email protected]>

Makefile.am

@@ -203,7 +203,8 @@ tpm2_tools = \
     tools/tpm2_ecdhzgen.c \
     tools/tpm2_zgen2phase.c \
     tools/tpm2_sessionconfig.c \
-    tools/tpm2_getpolicydigest.c
+    tools/tpm2_getpolicydigest.c \
+    tools/tpm2_pcrsetauthvalue.c
 
 # Create the symlinks for each tool to the tpm2 and optional tss2 bundled executables
 install-exec-hook:

lib/tpm2.c

@@ -5842,6 +5842,28 @@ tool_rc tpm2_zgen2phase(ESYS_CONTEXT *esys_context,
         return tool_rc_success;
 }
 
+tool_rc tpm2_pcr_setauthvalue(ESYS_CONTEXT *esys_context,
+    tpm2_loaded_object *pcrindex_auth_obj, const TPM2B_AUTH *pcrindex_newauth) {
+
+    ESYS_TR shandle1 = ESYS_TR_NONE;
+    tool_rc rc = tpm2_auth_util_get_shandle(esys_context,
+        pcrindex_auth_obj->tr_handle, pcrindex_auth_obj->session, &shandle1);
+    if (rc != tool_rc_success) {
+        LOG_ERR("Failed to get shandle");
+        return rc;
+    }
+
+    TSS2_RC rval = Esys_PCR_SetAuthValue(esys_context,
+        pcrindex_auth_obj->tr_handle, shandle1, ESYS_TR_NONE, ESYS_TR_NONE,
+        pcrindex_newauth);
+    if (rval != TPM2_RC_SUCCESS) {
+        LOG_PERR(Esys_PCR_SetAuthValue, rval);
+        return tool_rc_from_tpm(rval);
+    }
+
+    return rc;
+}
+
 tool_rc tpm2_getsapicontext(ESYS_CONTEXT *esys_context,
     TSS2_SYS_CONTEXT **sys_context) {
 

lib/tpm2.h

@@ -552,6 +552,9 @@ tool_rc tpm2_zgen2phase(ESYS_CONTEXT *esys_context,
     TPM2B_ECC_POINT *Q2, TPM2B_ECC_POINT **Z1, TPM2B_ECC_POINT **Z2,
     TPMI_ECC_KEY_EXCHANGE keyexchange_scheme, UINT16 commit_counter);
 
+tool_rc tpm2_pcr_setauthvalue(ESYS_CONTEXT *esys_context,
+    tpm2_loaded_object *pcrindex_auth_obj, const TPM2B_AUTH *pcrindex_newauth);
+
 tool_rc tpm2_getsapicontext(ESYS_CONTEXT *esys_context,
     TSS2_SYS_CONTEXT **sys_context);
 

lib/tpm2_util.c

@@ -614,6 +614,77 @@ ESYS_TR tpm2_tpmi_hierarchy_to_esys_tr(TPMI_RH_PROVISION inh) {
     return ESYS_TR_NONE;
 }
 
+ESYS_TR tpm2_sys_pcrhandle_to_esys_tr(TPMI_DH_PCR sys_pcrhandle) {
+
+    switch (sys_pcrhandle) {
+    case 0:
+        return ESYS_TR_PCR0;
+    case 1:
+        return ESYS_TR_PCR1;
+    case 2:
+        return ESYS_TR_PCR2;
+    case 3:
+        return ESYS_TR_PCR3;
+    case 4:
+        return ESYS_TR_PCR4;
+    case 5:
+        return ESYS_TR_PCR5;
+    case 6:
+        return ESYS_TR_PCR6;
+    case 7:
+        return ESYS_TR_PCR7;
+    case 8:
+        return ESYS_TR_PCR8;
+    case 9:
+        return ESYS_TR_PCR9;
+    case 10:
+        return ESYS_TR_PCR10;
+    case 11:
+        return ESYS_TR_PCR11;
+    case 12:
+        return ESYS_TR_PCR12;
+    case 13:
+        return ESYS_TR_PCR13;
+    case 14:
+        return ESYS_TR_PCR14;
+    case 15:
+        return ESYS_TR_PCR15;
+    case 16:
+        return ESYS_TR_PCR16;
+    case 17:
+        return ESYS_TR_PCR17;
+    case 18:
+        return ESYS_TR_PCR18;
+    case 19:
+        return ESYS_TR_PCR19;
+    case 20:
+        return ESYS_TR_PCR20;
+    case 21:
+        return ESYS_TR_PCR21;
+    case 22:
+        return ESYS_TR_PCR22;
+    case 23:
+        return ESYS_TR_PCR23;
+    case 24:
+        return ESYS_TR_PCR24;
+    case 25:
+        return ESYS_TR_PCR25;
+    case 26:
+        return ESYS_TR_PCR26;
+    case 27:
+        return ESYS_TR_PCR27;
+    case 28:
+        return ESYS_TR_PCR28;
+    case 29:
+        return ESYS_TR_PCR29;
+    case 30:
+        return ESYS_TR_PCR30;
+    case 31:
+        return ESYS_TR_PCR31;
+    }
+    return ESYS_TR_NONE;
+}
+
 tool_rc tpm2_util_sys_handle_to_esys_handle(ESYS_CONTEXT *context,
         TPM2_HANDLE sys_handle, ESYS_TR *esys_handle) {
 
@@ -623,6 +694,12 @@ tool_rc tpm2_util_sys_handle_to_esys_handle(ESYS_CONTEXT *context,
         return tool_rc_success;
     }
 
+    h = tpm2_sys_pcrhandle_to_esys_tr(sys_handle);
+    if (h != ESYS_TR_NONE) {
+        *esys_handle = h;
+        return tool_rc_success;
+    }
+
     return tpm2_from_tpm_public(context, sys_handle, ESYS_TR_NONE, ESYS_TR_NONE,
             ESYS_TR_NONE, esys_handle);
 }

man/tpm2_pcrsetauthvalue.1.md

@@ -0,0 +1,56 @@
+% tpm2_pcrsetauthvalue(1) tpm2-tools | General Commands Manual
+
+# NAME
+
+**tpm2_pcrsetauthvalue**(1) - Add or change the authvalue of a PCR handle which
+is in the authorization set.
+
+# SYNOPSIS
+
+**tpm2_pcrsetauthvalue** [*OPTIONS*] [*ARGUMENT*]
+
+# DESCRIPTION
+
+**tpm2_pcrsetauthvalue**(1) - Add or change the authvalue of a PCR handle which
+is in the authorization set. Only those PCR handles which are in the
+authorization set can be specified. To retrieve which specific PCR handles in a
+given TPM implementation are in the authorization set, run **tpm2_getcap** with
+option **pcrhandles-with-auth**.
+
+# OPTIONS
+
+  * **-P**, **\--auth**=_AUTH_:
+
+    Specifies the existing authorization value for the PCR handle.
+
+  * **-p**, **\--newauth**=_AUTH_:
+
+    Specifies the new authorization value to be set for the PCR handle.
+
+  * **ARGUMENT** the command line argument specifies the PCR handle.
+
+## References
+
+[context object format](common/ctxobj.md) details the methods for specifying
+_OBJECT_.
+
+[authorization formatting](common/authorizations.md) details the methods for
+specifying _AUTH_.
+
+[common options](common/options.md) collection of common options that provide
+information many users may expect.
+
+[common tcti options](common/tcti.md) collection of options used to configure
+the various known TCTI modules.
+
+# EXAMPLES
+
+## Change authvalue of the PCR handle 20
+
+```bash
+tpm2_pcrsetauthvalue -p newauthvalue 0x00000014
+```
+
+[returns](common/returns.md)
+
+[footer](common/footer.md)