Provide blank Esys_Create{Primary,}() metadata

This was yielding Couldn't create primary encryption key: tpm:parameter(3):structure is the wrong size errors on ASRock X670E Pro RS + AMD Ryzen 5 7600X: just kill it; it's unclear if it's remotely useful besides adding some needless salt Reported and validated by Lars Strojny: https://twitter.com/lstrojny/status/1599182208752766976
2025-04-23 09:50:28 +03:00 · 2022-12-04 00:29:49 +01:00 · 2022-12-04 00:29:49 +01:00 · 0f2642ba92
commit 0f2642ba92
parent d950de0ae4
3 changed files with 4 additions and 22 deletions
--- a/src/bin/zfs-tpm2-change-key.cpp
+++ b/src/bin/zfs-tpm2-change-key.cpp
@ -87,8 +87,7 @@ int main(int argc, char ** argv) {
 			    if(backup)
 				    TRY_MAIN(write_exact(backup, wrap_key, sizeof(wrap_key), 0400));

-			    TRY_MAIN(tpm2_seal(zfs_get_name(dataset), tpm2_ctx, tpm2_session, persistent_handle, tpm2_creation_metadata(zfs_get_name(dataset)), pcrs,
-			                       allow_PCR_or_pass, wrap_key, sizeof(wrap_key)));
+			    TRY_MAIN(tpm2_seal(zfs_get_name(dataset), tpm2_ctx, tpm2_session, persistent_handle, pcrs, allow_PCR_or_pass, wrap_key, sizeof(wrap_key)));
 			    bool ok = false;  // Try to free the persistent handle if we're unsuccessful in actually using it later on
 			    quickscope_wrapper persistent_clearer{[&] {
 				    if(!ok && tpm2_free_persistent(tpm2_ctx, tpm2_session, persistent_handle))
--- a/src/tpm2.cpp
+++ b/src/tpm2.cpp
@ -12,7 +12,6 @@
 #define OPENSSL_SUPPRESS_DEPRECATED  // SHA256_*(); supposedly replaced with EVP* but that's horseshit. we'll see how she turns out, given there's no reason given
 #include <openssl/sha.h>
 #include <optional>
-#include <time.h>
 #include <utility>


@ -43,21 +42,6 @@ static int try_or_passphrase(const char * what, const char * what_for, ESYS_CONT
 }


-TPM2B_DATA tpm2_creation_metadata(const char * dataset_name) {
-	TPM2B_DATA metadata{};  // 64 bytesish
-
-	struct timespec ts;
-	clock_gettime(CLOCK_REALTIME, &ts);
-	metadata.size = snprintf((char *)metadata.buffer, sizeof(metadata.buffer), "%" PRId64 ".%09" PRId64 " %s %s", static_cast<int64_t>(ts.tv_sec),
-	                         static_cast<int64_t>(ts.tv_nsec), dataset_name, TZPFMS_VERSION) +
-	                1;
-	metadata.size = metadata.size > sizeof(metadata.buffer) ? sizeof(metadata.buffer) : metadata.size;
-
-	// fprintf(stderr, "%" PRIu16 "/%zu: \"%s\"\n", metadata.size, sizeof(metadata.buffer), metadata.buffer);
-	return metadata;
-}
-
-
 int tpm2_parse_prop(const char * dataset_name, char * handle_s, TPMI_DH_PERSISTENT & handle, TPML_PCR_SELECTION * pcrs) {
 	char * sv{};
 	if(!parse_uint(handle_s = strtok_r(handle_s, ";", &sv), handle))
@ -315,11 +299,12 @@ static int tpm2_police_pcrs(ESYS_CONTEXT * tpm2_ctx, const TPML_PCR_SELECTION &
 	return with_session(pcr_session);
 }

-int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle, const TPM2B_DATA & metadata,
+int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle,
              const TPML_PCR_SELECTION & pcrs, bool allow_PCR_or_pass, void * data, size_t data_len) {
 	ESYS_TR primary_handle = ESYS_TR_NONE;
 	quickscope_wrapper primary_handle_deleter{[&] { Esys_FlushContext(tpm2_ctx, primary_handle); }};

+	const TPM2B_DATA metadata{};
 	{
 		const TPM2B_SENSITIVE_CREATE primary_sens{};

--- a/src/tpm2.hpp
+++ b/src/tpm2.hpp
@ -39,8 +39,6 @@ int with_tpm2_session(F && func) {
 	return func(tpm2_ctx, tpm2_session);
 }

-extern TPM2B_DATA tpm2_creation_metadata(const char * dataset_name);
-
 /// Parse a persistent handle name as stored in a ZFS property
 extern int tpm2_parse_prop(const char * dataset_name, char * handle_s, TPMI_DH_PERSISTENT & handle, TPML_PCR_SELECTION * pcrs);
 extern int tpm2_unparse_prop(TPMI_DH_PERSISTENT persistent_handle, const TPML_PCR_SELECTION & pcrs, char ** prop);
@ -49,7 +47,7 @@ extern int tpm2_unparse_prop(TPMI_DH_PERSISTENT persistent_handle, const TPML_PC
 extern int tpm2_parse_pcrs(char * arg, TPML_PCR_SELECTION & pcrs);

 extern int tpm2_generate_rand(ESYS_CONTEXT * tpm2_ctx, void * into, size_t length);
-extern int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle, const TPM2B_DATA & metadata,
+extern int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle,
                     const TPML_PCR_SELECTION & pcrs, bool allow_PCR_or_pass, void * data, size_t data_len);
 extern int tpm2_unseal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT persistent_handle,
                       const TPML_PCR_SELECTION & pcrs, void * data, size_t data_len);