接前一篇文章:tpm2-tools源码分析之tpm2_verifysignature.c(1)
本文对tpm2_verifysignature.c中的tpm2_tool_onstart函数进行详细解析。
先再次贴出该函数源码:
static bool tpm2_tool_onstart(tpm2_options **opts) {
const struct option topts[] = {
{ "digest", required_argument, NULL, 'd' },
{ "hash-algorithm", required_argument, NULL, 'g' },
{ "message", required_argument, NULL, 'm' },
{ "format", required_argument, NULL, 0 },
{ "scheme", required_argument, NULL, 'f' },
{ "signature", required_argument, NULL, 's' },
{ "ticket", required_argument, NULL, 't' },
{ "key-context", required_argument, NULL, 'c' },
};
*opts = tpm2_options_new("g:m:d:f:s:t:c:", ARRAY_LEN(topts), topts,
on_option, NULL, 0);
return *opts != NULL;
}
tpm2_options结构的定义在tpm2-tools/lib/tpm2_options.h中,代码如下:
struct tpm2_options {
struct {
tpm2_option_handler on_opt;
tpm2_arg_handler on_arg;
} callbacks;
char *short_opts;
size_t len;
uint32_t flags;
struct option long_opts[];
};
typedef struct tpm2_options tpm2_options;
struct option的定义在/usr/include/bits/getopt_ext.h中,代码如下:
struct option
{
const char *name;
/* has_arg can't be an enum because some compilers complain about
type mismatches in all the code that assumes it is an int. */
int has_arg;
int *flag;
int val;
};
on_option函数的实现在同文件(tools/tpm2_verifysignature.c)中,如下:
static bool on_option(char key, char *value) {
switch (key) {
case 'c':
ctx.context_arg = value;
break;
case 'g': {
ctx.halg = tpm2_alg_util_from_optarg(value, tpm2_alg_util_flags_hash);
if (ctx.halg == TPM2_ALG_ERROR) {
LOG_ERR("Unable to convert algorithm, got: \"%s\"", value);
return false;
}
ctx.flags.halg = 1;
}
break;
case 'm': {
ctx.msg_file_path = value;
ctx.flags.msg = 1;
}
break;
case 'd': {
ctx.msg_hash = malloc(sizeof(TPM2B_DIGEST));
ctx.msg_hash->size = sizeof(ctx.msg_hash->buffer);
if (!files_load_bytes_from_path(value, ctx.msg_hash->buffer,
&ctx.msg_hash->size)) {
LOG_ERR("Could not load digest from file!");
return false;
}
ctx.flags.digest = 1;
}
break;
case 0:
LOG_WARN("Option \"--format\" is deprecated, use \"--scheme\"");
/* falls through */
case 'f':
ctx.format = tpm2_alg_util_from_optarg(value, tpm2_alg_util_flags_sig);
if (ctx.format == TPM2_ALG_ERROR) {
LOG_ERR("Unknown signing scheme, got: \"%s\"", value);
return false;
}
ctx.flags.fmt = 1;
break;
case 's':
ctx.sig_file_path = value;
ctx.flags.sig = 1;
break;
case 't':
ctx.out_file_path = value;
ctx.flags.ticket = 1;
break;
/* no default */
}
return true;
}
要更好地理解这些选项乃至tpm2_tool_onstart函数的功能,需要与tpm2_verifysignature命令的说明相结合来看。tpm2_verifysignature命令的详细说明参见:
tpm2-tools/tpm2_verifysignature.1.md at master · tpm2-software/tpm2-tools · GitHub
下载了源码后,在tpm2-tools/man/tpm2_verifysignature.1.md中。
其中的参数说明如下:
tpm2_options_new函数属于公共代码,在tpm2-tools/lib/tpm2_options.c中,代码如下:
tpm2_options *tpm2_options_new(const char *short_opts, size_t len,
const struct option *long_opts, tpm2_option_handler on_opt,
tpm2_arg_handler on_arg, uint32_t flags) {
tpm2_options *opts = calloc(1, sizeof(*opts) + (sizeof(*long_opts) * len));
if (!opts) {
LOG_ERR("oom");
return NULL;
}
/*
* On NULL, just make it a zero length string so we don't have to keep
* checking it for NULL.
*/
if (!short_opts) {
short_opts = "";
}
opts->short_opts = strdup(short_opts);
if (!opts->short_opts) {
LOG_ERR("oom");
free(opts);
return NULL;
}
opts->callbacks.on_opt = on_opt;
opts->callbacks.on_arg = on_arg;
opts->len = len;
opts->flags = flags;
memcpy(opts->long_opts, long_opts, len * sizeof(*long_opts));
return opts;
}
tpm2_new_options函数很容易理解,其功能是基于tpm2_tool_onstart函数中的struct option topts构建tpm2_options实例(*opts)。
至此,tpm2_verifysignature.c中的tpm2_tool_onstart函数就基本分析完了。