From 0f2642ba92776aadae5b6d4ad6708038015b0524 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Sun, 4 Dec 2022 00:29:49 +0100
Subject: [PATCH] Provide blank Esys_Create{Primary,}() metadata

This was yielding
  Couldn't create primary encryption key: tpm:parameter(3):structure is the wrong size
errors on ASRock X670E Pro RS + AMD Ryzen 5 7600X: just kill it;
it's unclear if it's remotely useful besides adding some needless salt

Reported and validated by Lars Strojny:
  https://twitter.com/lstrojny/status/1599182208752766976
---
 src/bin/zfs-tpm2-change-key.cpp |  3 +--
 src/tpm2.cpp                    | 19 ++-----------------
 src/tpm2.hpp                    |  4 +---
 3 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/src/bin/zfs-tpm2-change-key.cpp b/src/bin/zfs-tpm2-change-key.cpp
index 0395709..934607b 100644
--- a/src/bin/zfs-tpm2-change-key.cpp
+++ b/src/bin/zfs-tpm2-change-key.cpp
@@ -87,8 +87,7 @@ int main(int argc, char ** argv) {
 			    if(backup)
 				    TRY_MAIN(write_exact(backup, wrap_key, sizeof(wrap_key), 0400));
 
-			    TRY_MAIN(tpm2_seal(zfs_get_name(dataset), tpm2_ctx, tpm2_session, persistent_handle, tpm2_creation_metadata(zfs_get_name(dataset)), pcrs,
-			                       allow_PCR_or_pass, wrap_key, sizeof(wrap_key)));
+			    TRY_MAIN(tpm2_seal(zfs_get_name(dataset), tpm2_ctx, tpm2_session, persistent_handle, pcrs, allow_PCR_or_pass, wrap_key, sizeof(wrap_key)));
 			    bool ok = false;  // Try to free the persistent handle if we're unsuccessful in actually using it later on
 			    quickscope_wrapper persistent_clearer{[&] {
 				    if(!ok && tpm2_free_persistent(tpm2_ctx, tpm2_session, persistent_handle))
diff --git a/src/tpm2.cpp b/src/tpm2.cpp
index 132f864..88fbfb0 100644
--- a/src/tpm2.cpp
+++ b/src/tpm2.cpp
@@ -12,7 +12,6 @@
 #define OPENSSL_SUPPRESS_DEPRECATED  // SHA256_*(); supposedly replaced with EVP* but that's horseshit. we'll see how she turns out, given there's no reason given
 #include <openssl/sha.h>
 #include <optional>
-#include <time.h>
 #include <utility>
 
 
@@ -43,21 +42,6 @@ static int try_or_passphrase(const char * what, const char * what_for, ESYS_CONT
 }
 
 
-TPM2B_DATA tpm2_creation_metadata(const char * dataset_name) {
-	TPM2B_DATA metadata{};  // 64 bytesish
-
-	struct timespec ts;
-	clock_gettime(CLOCK_REALTIME, &ts);
-	metadata.size = snprintf((char *)metadata.buffer, sizeof(metadata.buffer), "%" PRId64 ".%09" PRId64 " %s %s", static_cast<int64_t>(ts.tv_sec),
-	                         static_cast<int64_t>(ts.tv_nsec), dataset_name, TZPFMS_VERSION) +
-	                1;
-	metadata.size = metadata.size > sizeof(metadata.buffer) ? sizeof(metadata.buffer) : metadata.size;
-
-	// fprintf(stderr, "%" PRIu16 "/%zu: \"%s\"\n", metadata.size, sizeof(metadata.buffer), metadata.buffer);
-	return metadata;
-}
-
-
 int tpm2_parse_prop(const char * dataset_name, char * handle_s, TPMI_DH_PERSISTENT & handle, TPML_PCR_SELECTION * pcrs) {
 	char * sv{};
 	if(!parse_uint(handle_s = strtok_r(handle_s, ";", &sv), handle))
@@ -315,11 +299,12 @@ static int tpm2_police_pcrs(ESYS_CONTEXT * tpm2_ctx, const TPML_PCR_SELECTION &
 	return with_session(pcr_session);
 }
 
-int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle, const TPM2B_DATA & metadata,
+int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle,
               const TPML_PCR_SELECTION & pcrs, bool allow_PCR_or_pass, void * data, size_t data_len) {
 	ESYS_TR primary_handle = ESYS_TR_NONE;
 	quickscope_wrapper primary_handle_deleter{[&] { Esys_FlushContext(tpm2_ctx, primary_handle); }};
 
+	const TPM2B_DATA metadata{};
 	{
 		const TPM2B_SENSITIVE_CREATE primary_sens{};
 
diff --git a/src/tpm2.hpp b/src/tpm2.hpp
index db7d8dd..331bd64 100644
--- a/src/tpm2.hpp
+++ b/src/tpm2.hpp
@@ -39,8 +39,6 @@ int with_tpm2_session(F && func) {
 	return func(tpm2_ctx, tpm2_session);
 }
 
-extern TPM2B_DATA tpm2_creation_metadata(const char * dataset_name);
-
 /// Parse a persistent handle name as stored in a ZFS property
 extern int tpm2_parse_prop(const char * dataset_name, char * handle_s, TPMI_DH_PERSISTENT & handle, TPML_PCR_SELECTION * pcrs);
 extern int tpm2_unparse_prop(TPMI_DH_PERSISTENT persistent_handle, const TPML_PCR_SELECTION & pcrs, char ** prop);
@@ -49,7 +47,7 @@ extern int tpm2_unparse_prop(TPMI_DH_PERSISTENT persistent_handle, const TPML_PC
 extern int tpm2_parse_pcrs(char * arg, TPML_PCR_SELECTION & pcrs);
 
 extern int tpm2_generate_rand(ESYS_CONTEXT * tpm2_ctx, void * into, size_t length);
-extern int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle, const TPM2B_DATA & metadata,
+extern int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle,
                      const TPML_PCR_SELECTION & pcrs, bool allow_PCR_or_pass, void * data, size_t data_len);
 extern int tpm2_unseal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT persistent_handle,
                        const TPML_PCR_SELECTION & pcrs, void * data, size_t data_len);