fapi: fix usage of policy_nv.

Makefile-test.am

@@ -387,7 +387,8 @@ FAPI_TESTS_INTEGRATION += \
     test/integration/fapi-provision-certificate.fint \
     test/integration/fapi-provision-fingerprint_ecc.fint \
     test/integration/fapi-provision-certificate_ecc.fint \
-    test/integration/fapi-quote-destructive.fint
+    test/integration/fapi-quote-destructive.fint \
+    test/integration/fapi-key-create-policy-nv-tpm-idx-sign.fint
 endif #!TESTDEVICE
 
 TESTS_INTEGRATION += $(FAPI_TESTS_INTEGRATION)
@@ -1888,6 +1889,14 @@ test_integration_fapi_key_create_policy_nv_sign_fint_SOURCES = \
     test/integration/fapi-key-create-policy-nv-sign.int.c \
     test/integration/main-fapi.c test/integration/test-fapi.h
 
+test_integration_fapi_key_create_policy_nv_tpm_idx_sign_fint_CFLAGS  = $(TESTS_CFLAGS) \
+    -DTPMIDX
+test_integration_fapi_key_create_policy_nv_tpm_idx_sign_fint_LDADD   = $(TESTS_LDADD)
+test_integration_fapi_key_create_policy_nv_tpm_idx_sign_fint_LDFLAGS = $(TESTS_LDFLAGS)
+test_integration_fapi_key_create_policy_nv_tpm_idx_sign_fint_SOURCES = \
+    test/integration/fapi-key-create-policy-nv-sign.int.c \
+    test/integration/main-fapi.c test/integration/test-fapi.h
+
 test_integration_fapi_key_create_policy_nv_counter_sign_fint_CFLAGS  = $(TESTS_CFLAGS)
 test_integration_fapi_key_create_policy_nv_counter_sign_fint_LDADD   = $(TESTS_LDADD)
 test_integration_fapi_key_create_policy_nv_counter_sign_fint_LDFLAGS = $(TESTS_LDFLAGS)

Makefile.am

@@ -577,6 +577,7 @@ EXTRA_DIST +=  \
     test/data/fapi/policy/pol_pcr16_0_or.json \
     test/data/fapi/policy/pol_pcr8_0.json \
     test/data/fapi/policy/pol_nv.json \
+    test/data/fapi/policy/pol_nv_tpm_idx.json \
     test/data/fapi/policy/pol_nv_counter.json \
     test/data/fapi/policy/pol_nv_written.json \
     test/data/fapi/policy/pol_signed.json \

include/tss2/tss2_policy.h

@@ -88,6 +88,7 @@ typedef TSS2_RC (*TSS2_POLICY_CB_PCR) (
 
 typedef TSS2_RC (*TSS2_POLICY_CB_NVPUBLIC) (
     const char *path,
+    TPMI_RH_NV_INDEX nv_index,
     TPM2B_NV_PUBLIC *nv_public,
     void *userdata);   /* e.g. for ESAPI_CONTEXT */
 

src/tss2-fapi/fapi_int.h

@@ -145,6 +145,13 @@ enum IFAPI_CLEANUP_STATE {
     CLEANUP_SRK
 };
 
+/** The states for the FAPI's reading nv public*/
+enum IFAPI_READ_NV_PUBLIC_STATE {
+    READ_NV_PUBLIC_INIT = 0,
+    READ_NV_PUBLIC_GET_ESYS_TR,
+    READ_NV_PUBLIC_GET_PUBLIC
+};
+
 #define IFAPI_MAX_CAP_INFO 17
 
 typedef struct {
@@ -1138,6 +1145,7 @@ struct FAPI_CONTEXT {
     enum IFAPI_GET_CERT_STATE get_cert_state;
     enum _FAPI_FLUSH_STATE flush_object_state;  /**< The current state of a flush operation */
     enum IFAPI_CLEANUP_STATE cleanup_state;     /**< The state of cleanup after command execution */
+    enum IFAPI_READ_NV_PUBLIC_STATE read_nv_public_state;
     IFAPI_CONFIG config;             /**< The profile independent configuration data */
     UINT32 nv_buffer_max;            /**< The maximal size for transfer of nv buffer content */
     IFAPI_CMD_STATE cmd;             /**< The state information of the currently executed

src/tss2-fapi/ifapi_policy_callbacks.c

@@ -210,7 +210,11 @@ ifapi_get_object_name(
 
 /** Get public data of a NV object from keystore.
  *
- * @param[in] path The relative path of the NV object.
+ * @param[in] path The relative path of the NV object. The path will
+              be used to get the public from the keystore if no nv_index is
+              passed.
+ * @param[in] nv_index The index of the NV object. The index will be used to
+ *            get the public data if nv_index > 0.
  * @param[out] nv_public The caller allocated public structure.
  * @param[in,out] ctx The context to access io and keystore module and to store
  *                the io state.
@@ -238,42 +242,79 @@ ifapi_get_object_name(
 TSS2_RC
 ifapi_get_nv_public(
     const char *path,
+    TPMI_RH_NV_INDEX nv_index,
     TPM2B_NV_PUBLIC *nv_public,
     void *ctx)
 {
     TSS2_RC r = TSS2_RC_SUCCESS;
     IFAPI_OBJECT object;
     FAPI_CONTEXT *context = ctx;
+    TPM2B_NV_PUBLIC *nv_public_esys;
+    ESYS_TR esys_tr;
+
+    if (nv_index) {
+        switch (context->read_nv_public_state) {
+            statecase(context->read_nv_public_state, READ_NV_PUBLIC_INIT)
+                r = Esys_TR_FromTPMPublic_Async(context->esys, nv_index, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE);
+                goto_if_error(r, "Error: tr from public", cleanup);
+                fallthrough;
+
+            statecase(context->read_nv_public_state, READ_NV_PUBLIC_GET_ESYS_TR)
+                r = Esys_TR_FromTPMPublic_Finish(context->esys, &esys_tr);
+                try_again_or_error_goto(r, "Error: tr from public finish", cleanup);
+
+                r = Esys_NV_ReadPublic_Async(context->esys, esys_tr,
+                                             ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE);
+                goto_if_error(r, "Error: nv read public async", cleanup);
+                fallthrough;
+
+            statecase(context->read_nv_public_state, READ_NV_PUBLIC_GET_PUBLIC)
+                r = Esys_NV_ReadPublic_Finish(context->esys,
+                                              &nv_public_esys,
+                                              NULL);
+                try_again_or_error_goto(r, "Error: nv read public finish", cleanup);
+
+                *nv_public = *nv_public_esys;
+                SAFE_FREE(nv_public_esys);
+                context->io_state = IO_INIT;
+                break;
 
-    switch (context->io_state) {
-    statecase(context->io_state, IO_INIT)
-        /* Prepare the loading of the NV object. */
-        r = ifapi_keystore_load_async(&context->keystore, &context->io, path);
-        return_if_error2(r, "Could not open: %s", path);
-        fallthrough;
-
-    statecase(context->io_state, IO_ACTIVE)
-        /* Finalize or retry the reading and check the object type */
-        r = ifapi_keystore_load_finish(&context->keystore, &context->io,
-                                       &object);
-        return_try_again(r);
-        return_if_error(r, "read_finish failed");
-
-        if (object.objectType != IFAPI_NV_OBJ) {
-            goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Object %s is not a key.",
-                       cleanup, path);
+            statecasedefault(context->state);
         }
 
-        *nv_public = object.misc.nv.public;
-        context->io_state = IO_INIT;
-        break;
+    } else {
+        switch (context->io_state) {
+            statecase(context->io_state, IO_INIT)
+                /* Prepare the loading of the NV object. */
+                r = ifapi_keystore_load_async(&context->keystore, &context->io, path);
+                return_if_error2(r, "Could not open: %s", path);
+                fallthrough;
+
+            statecase(context->io_state, IO_ACTIVE)
+                /* Finalize or retry the reading and check the object type */
+                r = ifapi_keystore_load_finish(&context->keystore, &context->io,
+                                               &object);
+                return_try_again(r);
+                return_if_error(r, "read_finish failed");
+
+                if (object.objectType != IFAPI_NV_OBJ) {
+                    goto_error(r, TSS2_FAPI_RC_BAD_VALUE, "Object %s is not a key.",
+                               cleanup, path);
+                }
 
-    statecasedefault(context->state);
+                *nv_public = object.misc.nv.public;
+                context->io_state = IO_INIT;
+                break;
+
+            statecasedefault(context->state);
+        }
     }
 
 cleanup:
     context->io_state = IO_INIT;
-    ifapi_cleanup_ifapi_object(&object);
+    if (!nv_index) {
+        ifapi_cleanup_ifapi_object(&object);
+    }
     return r;
 }
 

src/tss2-fapi/ifapi_policy_callbacks.h

@@ -53,6 +53,7 @@ ifapi_get_object_name(
 TSS2_RC
 ifapi_get_nv_public(
     const char *path,
+    TPMI_RH_NV_INDEX nv_index,
     TPM2B_NV_PUBLIC *nv_public,
     void *context);
 

src/tss2-fapi/ifapi_policy_instantiate.c

@@ -311,10 +311,10 @@ ifapi_policyeval_instantiate_finish(
                 break;
             }
 
-            CHECK_TEMPLATE_PATH(pol_element->element.PolicyNV.nvPath, "PolicyNv");
             CHECK_CALLBACK(context->callbacks.cbnvpublic, "cbnvpublic");
             /* Object name will be added to policy. */
             r = context->callbacks.cbnvpublic(pol_element->element.PolicyNV.nvPath,
+                                              pol_element->element.PolicyNV.nvIndex,
                                               &pol_element->element.PolicyNV.nvPublic,
                                               context->callbacks.cbnvpublic_userdata);
             return_try_again(r);
@@ -365,7 +365,7 @@ ifapi_policyeval_instantiate_finish(
                                 "PolicyAuthorizeNv");
             CHECK_CALLBACK(context->callbacks.cbnvpublic, "cbnvpublic");
             /* Object name will be added to policy. */
-            r = context->callbacks.cbnvpublic(pol_element->element.PolicyAuthorizeNv.nvPath,
+            r = context->callbacks.cbnvpublic(pol_element->element.PolicyAuthorizeNv.nvPath, 0,
                                               &pol_element->element.PolicyAuthorizeNv.nvPublic,
                                               context->callbacks.cbnvpublic_userdata);
             return_try_again(r);

test/data/fapi/policy/pol_nv_tpm_idx.json

@@ -0,0 +1,11 @@
+{
+    "description":"Description pol_nv",
+    "policy":[
+        {
+            "type": "POLICYNV",
+            "nvIndex": 25165824,
+            "operandB": "01020304",
+            "operation": "EQ"
+        }
+    ]
+}

test/integration/fapi-key-create-policy-nv-sign.int.c

@@ -48,14 +48,19 @@ int
 test_fapi_key_create_policy_nv_sign(FAPI_CONTEXT *context)
 {
     TSS2_RC r;
+#ifdef TPMIDX
     char *policy_name = "/policy/pol_nv";
+#else
+    char *policy_name = "/policy/pol_nv_tpm_idx";
+#endif
     char *policy_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_nv.json";;
     FILE *stream = NULL;
     char *json_policy = NULL;
     uint8_t *signature = NULL;
     char    *publicKey = NULL;
     char    *certificate = NULL;
     long policy_size;
+
     char *nvPathOrdinary = "/nv/Owner/myNV";
     uint8_t data_nv[NV_SIZE] = { 1, 2, 3, 4 };
     char *pathList = NULL;

test/unit/tss2_policy.c

@@ -126,10 +126,12 @@ TSS2_RC policy_cb_pcr (
 
 TSS2_RC policy_cb_nvpublic (
     const char *path,
+    TPMI_RH_NV_INDEX nv_index,
     TPM2B_NV_PUBLIC *nv_public,
     void *userdata)
 {
     UNUSED(path);
+    UNUSED(nv_index);
     UNUSED(nv_public);
     UNUSED(userdata);