Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flush parent handle durint create and load #595

Closed
salrashid123 opened this issue Sep 3, 2024 · 1 comment
Closed

flush parent handle durint create and load #595

salrashid123 opened this issue Sep 3, 2024 · 1 comment

Comments

@salrashid123
Copy link

the parent context isn't flushed during a create and load commands cleanly which causes issues in using pytss with a swtpm (no resource mgr, etc).

suggestion is to add in the flush commands shown below to tpm2_pytss/tsskey.py.

i can submit a small pr if needed

    def load(self, ectx, password=None):
        if not password and not self.empty_auth:
            raise RuntimeError("no password specified but it is required")
        elif password and self.empty_auth:
            warnings.warn("password specified but empty_auth is true")
        phandle = self._getparent(ectx, self.public.publicArea.type, self.parent)
        handle = ectx.load(phandle, self.private, self.public)
        ectx.tr_set_auth(handle, password)
        ectx.flush_context(phandle)  # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
        return handle

    @classmethod
    def create(cls, ectx, template, parent=lib.TPM2_RH_OWNER, password=None):
        insens = TPM2B_SENSITIVE_CREATE()
        emptyauth = True
        if password:
            insens.sensitive.userAuth = password
            emptyauth = False
        phandle = cls._getparent(ectx, template.type, parent)
        private, public, _, _, _ = ectx.create(
            parent_handle=phandle,
            in_sensitive=insens,
            in_public=TPM2B_PUBLIC(publicArea=template),
            outside_info=TPM2B_DATA(),
            creation_pcr=TPML_PCR_SELECTION(),
        )
        ectx.flush_context(phandle)        # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
        return cls(private, public, emptyauth, parent)
@whooo
Copy link
Contributor

whooo commented Sep 3, 2024

We have a ticket open for this kind of issue, #372
A context manager might be better then just flush context in case of any exception

whooo added a commit to whooo/tpm2-pytss that referenced this issue Sep 13, 2024
@whooo
ESAPI: add context manager to flush ESAPI handles.
71a79a0 
With this is possible to explicity flush transient handles.
Useful with temporary handles, for example a primary key handle when just loading a key
and when there are no resource manager available.

Fixes tpm2-software#595

Signed-off-by: Erik Larsson <[email protected]>
@whooo whooo mentioned this issue Sep 13, 2024
Closed
whoooworkaround pushed a commit to whoooworkaround/tpm2-pytss that referenced this issue Oct 1, 2024
@whooo
ESAPI: add context manager to flush ESAPI handles.
24214c0 
With this is possible to explicity flush transient handles.
Useful with temporary handles, for example a primary key handle when just loading a key
and when there are no resource manager available.

Fixes tpm2-software#595

Signed-off-by: Erik Larsson <[email protected]>
@whooo whooo closed this as completed in b766e2c Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ESAPI: add context manager to flush ESAPI handles. whooo/tpm2-pytss
2 participants
@whooo @salrashid123