Skip to content

Commit

Permalink
config to tpm.rs, remove unwraps
Browse files Browse the repository at this point in the history 
Signed-off-by: Isaac Matthews <[email protected]>
  • Loading branch information
@Isaac-Matthews
Isaac-Matthews committed Sep 22, 2023
1 parent 0789b02 commit f46e63a
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 42 deletions.
55 changes: 14 additions & 41 deletions keylime-agent/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,49 +278,17 @@ async fn main() -> Result<()> {
config.agent.tpm_signing_alg.as_ref(),
)?;

let (asym_alg, name_alg) = match config.agent.iak_idevid_template.as_str() {
"H-1" => {
(tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Rsa,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256)
},
"H-2" => {
(tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Ecc,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256)
},
"H-3" => {
(tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Ecc,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384)
},
"H-4" => {
(tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Ecc,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512)
},
"H-5" => {
(tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Ecc,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sm3_256)
},
_ => {
(match config.agent.iak_idevid_asymmetric_alg.as_str() {
"rsa" => {tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Rsa},
"ecc" => {tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Ecc},
_ => {tss_esapi::interface_types::algorithm::AsymmetricAlgorithm::Null},
},
match config.agent.iak_idevid_name_alg.as_str() {
"sha256" => {tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256},
"sm3_256" => {tss_esapi::interface_types::algorithm::HashingAlgorithm::Sm3_256},
"sha384" => {tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384},
"sha512" => {tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512},
_ => {tss_esapi::interface_types::algorithm::HashingAlgorithm::Null},
})
},
};
let (asym_alg, name_alg) = tpm::get_idevid_template(
config.agent.iak_idevid_template.as_str(),
config.agent.iak_idevid_asymmetric_alg.as_str(),
config.agent.iak_idevid_name_alg.as_str(),
)?;

let (iak, idevid) = if config.agent.enable_iak_idevid {
let idevid = ctx.create_idevid(asym_alg, name_alg)?;
info!("IDevID created.");
// Flush after creating to make room for AK and EK and IAK
ctx.as_mut().flush_context(idevid.handle.into())?;

let iak = ctx.create_iak(asym_alg, name_alg)?;
info!("IAK created.");
(Some(iak), Some(idevid))
Expand Down Expand Up @@ -568,6 +536,11 @@ async fn main() -> Result<()> {
{
// Request keyblob material
let keyblob = if config.agent.enable_iak_idevid {
let (Some(iak), Some(idevid), Some(attest), Some(signature)) = (iak, idevid, attest, signature)
else{
error!("IDevID and IAK are enabled but could not be generated");
return Err(Error::Configuration("IDevID and IAK are enabled but could not be generated".to_string()));
};
registrar_agent::do_register_agent(
config.agent.registrar_ip.as_ref(),
config.agent.registrar_port,
Expand All @@ -577,15 +550,15 @@ async fn main() -> Result<()> {
ek_result.ek_cert,
&PublicBuffer::try_from(ak.public)?.marshall()?,
Some(
&PublicBuffer::try_from(iak.unwrap().public.clone())? //#[allow_ci]
&PublicBuffer::try_from(iak.public.clone())?
.marshall()?,
),
Some(
&PublicBuffer::try_from(idevid.unwrap().public.clone())? //#[allow_ci]
&PublicBuffer::try_from(idevid.public.clone())?
.marshall()?,
),
Some(attest.unwrap().marshall()?), //#[allow_ci]
Some(signature.unwrap().marshall()?), //#[allow_ci]
Some(attest.marshall()?),
Some(signature.marshall()?),
mtls_cert,
config.agent.contact_ip.as_ref(),
config.agent.contact_port,
Expand Down
29 changes: 28 additions & 1 deletion keylime/src/tpm.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2021 Keylime Authors

use crate::algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm};
use crate::algorithms::{
AlgorithmError, EncryptionAlgorithm, HashAlgorithm, SignAlgorithm,
};
use base64::{engine::general_purpose, Engine as _};
use log::*;
use std::convert::{TryFrom, TryInto};
Expand Down Expand Up @@ -103,6 +105,31 @@ const IAK_AUTH_POLICY_SHA256: [u8; 32] = [
];
const UNIQUE_IAK: [u8; 3] = [0x49, 0x41, 0x4b];

/// Return the asymmetric and name algorithms, either by matching to a template or using the user specified algorithms if no template is set
pub fn get_idevid_template(
template_str: &str,
asym_alg_str: &str,
name_alg_str: &str,
) -> std::result::Result<
(AsymmetricAlgorithm, HashingAlgorithm),
AlgorithmError,
> {
let (asym_alg, name_alg) = match template_str {
"H-1" => (AsymmetricAlgorithm::Rsa, HashingAlgorithm::Sha256),
"H-2" => (AsymmetricAlgorithm::Ecc, HashingAlgorithm::Sha256),
"H-3" => (AsymmetricAlgorithm::Ecc, HashingAlgorithm::Sha384),
"H-4" => (AsymmetricAlgorithm::Ecc, HashingAlgorithm::Sha512),
"H-5" => (AsymmetricAlgorithm::Ecc, HashingAlgorithm::Sm3_256),
_ => (
AsymmetricAlgorithm::from(EncryptionAlgorithm::try_from(
asym_alg_str,
)?),
HashingAlgorithm::from(HashAlgorithm::try_from(name_alg_str)?),
),
};
Ok((asym_alg, name_alg))
}

#[derive(Error, Debug)]
pub enum TpmError {
#[error("TSS2 Error: {err:?}, kind: {kind:?}, {message}")]
Expand Down

0 comments on commit f46e63a

Please sign in to comment.