接前一篇文章:tpm2-tools源码分析之tpm2_nvread.c(1)
本文对tpm2_nvread.c中的tpm2_tool_onstart函数进行详细解析。
先再次贴出该函数源码:
static bool tpm2_tool_onstart(tpm2_options **opts) {
const struct option topts[] = {
{ "hierarchy", required_argument, NULL, 'C' },
{ "output", required_argument, NULL, 'o' },
{ "size", required_argument, NULL, 's' },
{ "offset", required_argument, NULL, 0 },
{ "cphash", required_argument, NULL, 1 },
{ "rphash", required_argument, NULL, 2 },
{ "name", required_argument, NULL, 'n' },
{ "auth", required_argument, NULL, 'P' },
{ "session", required_argument, NULL, 'S' },
{ "print-yaml", no_argument, NULL, 3 },
};
*opts = tpm2_options_new("C:s:o:P:n:S:", ARRAY_LEN(topts), topts, on_option,
on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI);
if (ctx.is_yaml) {
ctx.offset = 0;
ctx.size_to_read = 0;
}
return *opts != NULL;
}
tpm2_options结构的定义在tpm2-tools/lib/tpm2_options.h中,代码如下:
struct tpm2_options {
struct {
tpm2_option_handler on_opt;
tpm2_arg_handler on_arg;
} callbacks;
char *short_opts;
size_t len;
uint32_t flags;
struct option long_opts[];
};
typedef struct tpm2_options tpm2_options;
struct option的定义在/usr/include/bits/getopt_ext.h中,代码如下:
struct option
{
const char *name;
/* has_arg can't be an enum because some compilers complain about
type mismatches in all the code that assumes it is an int. */
int has_arg;
int *flag;
int val;
};
on_option函数的实现在同文件(tools/tpm2_nvread.c)中,如下:
static bool on_option(char key, char *value) {
bool result;
switch (key) {
case 'C':
ctx.auth_hierarchy.ctx_path = value;
break;
case 'o':
ctx.output_file = value;
break;
case 'P':
ctx.auth_hierarchy.auth_str = value;
break;
case 's':
result = tpm2_util_string_to_uint32(value, &ctx.size_to_read);
if (!result) {
LOG_ERR("Could not convert size to number, got: \"%s\"", value);
return false;
}
break;
case 'n':
ctx.precalc_nvname.size = BUFFER_SIZE(TPM2B_NAME, name);
int q = tpm2_util_hex_to_byte_structure(value, &ctx.precalc_nvname.size,
ctx.precalc_nvname.name);
if (q) {
LOG_ERR("FAILED: %d", q);
return false;
}
break;
case 0:
result = tpm2_util_string_to_uint32(value, &ctx.offset);
if (!result) {
LOG_ERR("Could not convert offset to number, got: \"%s\"", value);
return false;
}
break;
case 1:
ctx.cp_hash_path = value;
break;
case 2:
ctx.rp_hash_path = value;
break;
case 'S':
ctx.aux_session_path[ctx.aux_session_cnt] = value;
if (ctx.aux_session_cnt < MAX_AUX_SESSIONS) {
ctx.aux_session_cnt++;
} else {
LOG_ERR("Specify a max of 3 sessions");
return false;
}
break;
case 3:
ctx.is_yaml = true;
break;
/* no default */
}
return true;
}
要更好地理解这些选项乃至tpm2_tool_onstart函数的功能,需要与tpm2_nvread命令的说明相结合来看。tpm2_nvread命令的详细说明参见:
tpm2-tools/tpm2_nvread.1.md at master · tpm2-software/tpm2-tools · GitHub
下载了源码后,在tpm2-tools/man/tpm2_nvread.1.md中。
其中的参数说明如下:
OPTIONS
-C, --hierarchy=OBJECT:
Specifies the hierarchy used to authorize. Supported options are: —— 指定用于授权的层次结构。支持的选项包括:
- o for TPM_RH_OWNER
- p for TPM_RH_PLATFORM
<num>
where a hierarchy handle or nv-index may be used.When -C isn't explicitly passed the index handle will be used to authorize against the index. The index auth value is set via the -p option to tpm2_nvdefine(1). —— 当没有显式传递-C时,索引句柄将用于针对索引进行授权。索引身份验证值通过tpm2_nvdefine的-p选项设置。
-o, --output=FILE:
File to write data —— 要写入数据的文件》
-P, --auth=AUTH:
Specifies the authorization value for the hierarchy. —— 指定层级的授权值。
-s, --size=NATURAL_NUMBER:
Specifies the size of data to be read in bytes, starting from 0 if offset is not specified. If not specified, the size of the data as reported by the public portion of the index will be used. —— 指定要读取的数据大小(以字节为单位),如果未指定偏移量,则从0开始。如果未指定,则将使用索引公共部分报告的数据大小。
--offset=NATURAL_NUMBER:
The offset within the NV index to start reading from. —— NV索引中要开始读取的偏移量。
--cphash=FILE
File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash, unless rphash is also required. —— 用于记录命令参数哈希的文件路径。这通常被称为cpHash。注意:当选择此选项时,该工具将不会实际执行命令,它只是返回一个cpHash,除非也需要rphash。
--rphash=FILE
File path to record the hash of the response parameters. This is commonly termed as rpHash. —— 注意:当选择此选项时,该工具将不会实际执行命令,它只是返回一个cpHash,除非也需要rphash。
-n, --name=FILE:
The name of the NV index that must be provided when only calculating the cpHash without actually dispatching the command to the TPM. ——仅计算cpHash而不实际将命令分派给TPM时必须提供的NV索引的名称。
-S, --session=FILE:
The session created using tpm2_startauthsession. This can be used to specify an auxiliary session for auditing and or encryption/decryption of the parameters. —— 使用tpm2_startauthsession创建的会话。这可以用于指定用于参数的审计和/或加密/解密的辅助会话。
--print-yaml:
Output the content of the NV index in a human readable format, useful for displaying the content of counter, bits and extend and pin indices. When this argument is provided size and offset is ignored. —— 以人类可读的格式输出NV索引的内容,有助于显示计数器、位、扩展和引脚索引的内容。当提供此参数时,将忽略大小和偏移量。
ARGUMENT the command line argument specifies the NV index or offset number. —— 命令行参数指定NV索引或偏移量编号。
tpm2_options_new函数属于公共代码,在tpm2-tools/lib/tpm2_options.c中,代码如下:
tpm2_options *tpm2_options_new(const char *short_opts, size_t len,
const struct option *long_opts, tpm2_option_handler on_opt,
tpm2_arg_handler on_arg, uint32_t flags) {
tpm2_options *opts = calloc(1, sizeof(*opts) + (sizeof(*long_opts) * len));
if (!opts) {
LOG_ERR("oom");
return NULL;
}
/*
* On NULL, just make it a zero length string so we don't have to keep
* checking it for NULL.
*/
if (!short_opts) {
short_opts = "";
}
opts->short_opts = strdup(short_opts);
if (!opts->short_opts) {
LOG_ERR("oom");
free(opts);
return NULL;
}
opts->callbacks.on_opt = on_opt;
opts->callbacks.on_arg = on_arg;
opts->len = len;
opts->flags = flags;
memcpy(opts->long_opts, long_opts, len * sizeof(*long_opts));
return opts;
}
tpm2_new_options函数很容易理解,其功能是基于tpm2_tool_onstart函数中的struct option topts构建tpm2_options实例(*opts)。
至此,tpm2_nvread.c中的tpm2_tool_onstart函数就基本分析完了。