[PATCH v5 ima-evm-utils 2/3] Change PCR iterator from int to uint32_t

From: Ken Goldman <kgoldman@us.ibm.com>
To: zohar@linux.ibm.com, maroon@lists.linux.ibm.com,
	linux-integrity@vger.kernel.org
Cc: kgold@linux.ibm.com, Ken Goldman <kgoldman@us.ibm.com>
Subject: [PATCH v5 ima-evm-utils 2/3] Change PCR iterator from int to uint32_t
Date: Tue,  3 Aug 2021 16:40:07 -0400	[thread overview]
Message-ID: <20210803204008.29612-3-kgoldman@us.ibm.com> (raw)
In-Reply-To: <20210803204008.29612-1-kgoldman@us.ibm.com>

PCR numbers are naturally unsigned values.  Further, they are
32 bits, even on 64-bit machines. This change eliminates the
need for negative value and overflow tests.

The parameter name is changed from j and idx to pcr_handle, which is
more descriptive and is similar to the parameter name used in the TPM
2.0 specification.

Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
---
 src/evmctl.c         | 12 ++++++++----
 src/pcr.h            |  2 +-
 src/pcr_tss.c        |  5 +++--
 src/pcr_tsspcrread.c |  6 +++---
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index a8065bb..c999589 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1914,7 +1914,8 @@ static int read_tpm_banks(int num_banks, struct tpm_bank_info *bank)
 {
 	int tpm_enabled = 0;
 	char *errmsg = NULL;
-	int i, j;
+	int i;
+	uint32_t pcr_handle;
 	int err;
 
 	/* If --pcrs was specified, read only from the specified file(s) */
@@ -1934,9 +1935,12 @@ static int read_tpm_banks(int num_banks, struct tpm_bank_info *bank)
 	/* Read PCRs from multiple TPM 2.0 banks */
 	for (i = 0; i < num_banks; i++) {
 		err = 0;
-		for (j = 0; j < NUM_PCRS && !err; j++) {
-			err = tpm2_pcr_read(bank[i].algo_name, j,
-					    bank[i].pcr[j], bank[i].digest_size,
+		for (pcr_handle = 0;
+		     pcr_handle < NUM_PCRS && !err;
+		     pcr_handle++) {
+			err = tpm2_pcr_read(bank[i].algo_name, pcr_handle,
+					    bank[i].pcr[pcr_handle],
+					    bank[i].digest_size,
 					    &errmsg);
 			if (err) {
 				log_debug("Failed to read %s PCRs: (%s)\n",
diff --git a/src/pcr.h b/src/pcr.h
index 79547bd..205bae8 100644
--- a/src/pcr.h
+++ b/src/pcr.h
@@ -1,3 +1,3 @@
 int tpm2_pcr_supported(void);
-int tpm2_pcr_read(const char *algo_name, int idx, uint8_t *hwpcr,
+int tpm2_pcr_read(const char *algo_name, uint32_t pcr_handle, uint8_t *hwpcr,
 		 int len, char **errmsg);
diff --git a/src/pcr_tss.c b/src/pcr_tss.c
index feb1ff7..10930e2 100644
--- a/src/pcr_tss.c
+++ b/src/pcr_tss.c
@@ -106,7 +106,7 @@ static TPM2_ALG_ID algo_to_tss2(const char *algo_name)
 	return TPM2_ALG_ERROR;
 }
 
-int tpm2_pcr_read(const char *algo_name, int idx, uint8_t *hwpcr,
+int tpm2_pcr_read(const char *algo_name, uint32_t pcr_handle, uint8_t *hwpcr,
 		 int len, char **errmsg)
 {
 	TSS2_ABI_VERSION abi_version = {
@@ -140,7 +140,8 @@ int tpm2_pcr_read(const char *algo_name, int idx, uint8_t *hwpcr,
 		}
 	};
 
-	pcr_select_in.pcrSelections[0].pcrSelect[idx / 8] = (1 << (idx % 8));
+	pcr_select_in.pcrSelections[0].pcrSelect[pcr_handle / 8] =
+	    (1 << (pcr_handle % 8));
 
 	ret = Esys_Initialize(&ctx, NULL, &abi_version);
 	if (ret != TPM2_RC_SUCCESS) {
diff --git a/src/pcr_tsspcrread.c b/src/pcr_tsspcrread.c
index 183dfc2..95048f8 100644
--- a/src/pcr_tsspcrread.c
+++ b/src/pcr_tsspcrread.c
@@ -68,7 +68,7 @@ int tpm2_pcr_supported(void)
 	return 1;
 }
 
-int tpm2_pcr_read(const char *algo_name, int idx, uint8_t *hwpcr,
+int tpm2_pcr_read(const char *algo_name, uint32_t pcr_handle, uint8_t *hwpcr,
 		 int len, char **errmsg)
 {
 	FILE *fp;
@@ -76,8 +76,8 @@ int tpm2_pcr_read(const char *algo_name, int idx, uint8_t *hwpcr,
 	char cmd[PATH_MAX + 50];
 	int ret;
 
-	sprintf(cmd, "%s -halg %s -ha %d -ns 2> /dev/null",
-		path, algo_name, idx);
+	sprintf(cmd, "%s -halg %s -ha %u -ns 2> /dev/null",
+		path, algo_name, pcr_handle);
 	fp = popen(cmd, "r");
 	if (!fp) {
 		ret = asprintf(errmsg, "popen failed: %s", strerror(errno));
-- 
2.25.1

