Skip to content

Commit 39f6a3d

Browse files
Merge pull request #187 from sergio-correia/pcr-ids-parsing
tpm2: fix parsing when there are spaces in the list of PCR IDs
2 parents e9fb467 + b8c00a1 commit 39f6a3d

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

src/pins/tpm2/clevis-encrypt-tpm2

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -103,17 +103,21 @@ key="$(jose fmt -j- -Og key -u- <<< "$cfg")" || key="ecc"
103103

104104
pcr_bank="$(jose fmt -j- -Og pcr_bank -u- <<< "$cfg")" || pcr_bank="sha1"
105105

106+
# Trim the spaces from the config, so that we will not have issues parsing
107+
# the PCR IDs.
108+
pcr_cfg=${cfg//[[:space:]]/}
106109
# Issue #103: We support passing pcr_ids using both a single string, as in
107-
# "1,3", as well as an actual JSON array, such as ["1,"3"]. Let's handle both
110+
# "1,3", as well as an actual JSON array, such as ["1","3"]. Let's handle both
108111
# cases here.
109-
if jose fmt -j- -Og pcr_ids 2>/dev/null <<< "$cfg" \
110-
&& ! pcr_ids="$(jose fmt -j- -Og pcr_ids -u- 2>/dev/null <<< "$cfg")"; then
112+
if jose fmt -j- -Og pcr_ids 2>/dev/null <<< "${pcr_cfg}" \
113+
&& ! pcr_ids="$(jose fmt -j- -Og pcr_ids -u- 2>/dev/null \
114+
<<< "${pcr_cfg}")"; then
111115

112116
# We failed to parse a string, so let's try to parse a JSON array instead.
113-
if jose fmt -j- -Og pcr_ids -A 2>/dev/null <<< "${cfg}"; then
117+
if jose fmt -j- -Og pcr_ids -A 2>/dev/null <<< "${pcr_cfg}"; then
114118
# OK, it is an array, so let's get the items and form a string.
115119
pcr_ids=
116-
for pcr in $(jose fmt -j- -Og pcr_ids -Af- <<< "${cfg}" \
120+
for pcr in $(jose fmt -j- -Og pcr_ids -Af- <<< "${pcr_cfg}" \
117121
| tr -d '"'); do
118122
pcr_ids=$(printf '%s,%s' "${pcr_ids}" "${pcr}")
119123
done

src/pins/tpm2/pin-tpm2

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,8 +102,10 @@ test_pcr_ids "${orig}" '{"key": "ecc"}' "" || exit 1
102102
# arrays and check if we get the expected pcr_ids.
103103
test_pcr_ids "${orig}" '{"pcr_ids": "16"}' "16" || exit 1
104104
test_pcr_ids "${orig}" '{"pcr_ids": ["16"]}' "16" || exit 1
105+
test_pcr_ids "${orig}" '{"pcr_ids": "4, 16"}' "4,16" || exit 1
105106
test_pcr_ids "${orig}" '{"pcr_ids": "4,16"}' "4,16" || exit 1
106107
test_pcr_ids "${orig}" '{"pcr_ids": ["4,16"]}' "4,16" || exit 1
107108
test_pcr_ids "${orig}" '{"pcr_ids": [4,16]}' "4,16" || exit 1
109+
test_pcr_ids "${orig}" '{"pcr_ids": [4, 16]}' "4,16" || exit 1
108110
test_pcr_ids "${orig}" '{"pcr_ids": ["4","16"]}' "4,16" || exit 1
109111
! test_pcr_ids "${orig}" '{"pcr_ids": ["4","16"]}' "foo bar" || exit 1

0 commit comments

Comments
 (0)