v/tpm2-store
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add fix for extra argument from clevis v15

Browse source 
Clevis v15 added an additional argument, which is either an empty string
or the string "-y".
This argument is not used in this PIN, but we checked the exact number of
arguments to parse, which got changed.
This also accepts more additional arguments, and just ignores them.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2020-11-10 10:52:18 +01:00
parent e2f32d0fa0
commit 06b2cd9335
3 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "clevis-pin-tpm2"
version = "0.1.3"
version = "0.1.4"
description = "Clevis TPM2 PIN with policy support"
authors = ["Patrick Uiterwijk <patrick@puiterwijk.org>"]
edition = "2018"

4
src/cli.rs
View file

@ -184,12 +184,12 @@ pub(super) fn get_mode_and_cfg(
if atty::is(atty::Stream::Stdin) {
return Ok((ActionMode::Help, None));
}
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() == 2 {
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() >= 2 {
(ActionMode::Encrypt, Some(&args[1]))
} else if args[0].contains("decrypt") {
(ActionMode::Decrypt, None)
} else if args.len() > 1 {
if args[1] == "encrypt" && args.len() == 3 {
if args[1] == "encrypt" && args.len() >= 3 {
(ActionMode::Encrypt, Some(&args[2]))
} else if args[1] == "decrypt" {
(ActionMode::Decrypt, None)

4
tests/test_pcr
View file

@ -5,6 +5,10 @@ ln -s clevis-pin-tpm2 target/debug/clevis-encrypt-tpm2plus
ln -s clevis-pin-tpm2 target/debug/clevis-decrypt-tpm2plus
echo "Working: no sealing" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
# This tests we can handle the extra argument (either empty string or -y) from Clevis v15
# https://github.com/latchset/clevis/commit/36fae7c2dbf030d6c74abaed945db7bf3c25d054
echo "Working: no sealing (clevis v15, empty)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
echo "Working: no sealing (clevis v15, -y)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '-y' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
echo "Working: no sealing (clevis decrypt)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | clevis decrypt || (echo "Failed: no sealing (clevis decrypt)"; exit 1)
echo "Working: no sealing (clevis encrypt)" | clevis encrypt tpm2 '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing (clevis encrypt)"; exit 1)
echo "Working: no sealing (renamed encrypt)" | ./target/debug/clevis-encrypt-tpm2plus '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)