tpm2-software · williamcroberts · Sep 6, 2024 · Nov 24, 2022
diff --git a/src/lib/db.c b/src/lib/db.c
@@ -1219,6 +1219,36 @@ static CK_RV handle_home(char *path, size_t len, bool *skip) {
     return CKR_OK;
 }
 
+static CK_RV handle_homexdg(char *path, size_t len, bool *skip) {
+
+    *skip = false;
+
+    char *env_data = getenv("XDG_DATA_HOME");
+    if (env_data) {
+        unsigned l = snprintf(path, len, "%s/tpm2-pkcs11/%s", env_data, DB_NAME);
+        if (l >= len) {
+            LOGE("Completed DB path was over-length, got %d expected less than %lu",
+                l, len);
+            return CKR_GENERAL_ERROR;
+        }
+        return CKR_OK;
+    }
+
+    char *env_home = getenv("HOME");
+    if (env_home) {
+        unsigned l = snprintf(path, len, "%s/.local/share/tpm2-pkcs11/%s", env_home, DB_NAME);
+        if (l >= len) {
+            LOGE("Completed DB path was over-length, got %d expected less than %lu",
+                l, len);
+            return CKR_GENERAL_ERROR;
+        }
+        return CKR_OK;
+    }
+
+    *skip = true;
+    return CKR_OK;
+}
+
 static CK_RV handle_cwd(char *path, size_t len, bool *skip) {
 
     *skip = false;
@@ -1257,6 +1287,7 @@ typedef enum handler_idx handler_idx;
 enum handler_idx {
     HANDLER_IDX_ENV,
     HANDLER_IDX_STORE_DIR,
+    HANDLER_IDX_HOMEXDG,
     HANDLER_IDX_HOME,
     HANDLER_IDX_CWD,
     HANDLER_IDX_CNT,
@@ -1270,8 +1301,10 @@ static CK_RV db_for_path(char *path, size_t len, db_handler h) {
      * Search in the following order:
      * 1. ENV variable
      * 2. TPM2_PKCS11_STORE_DIR
-     * 2. $HOME/.tpm2_pkcs11
-     * 3. cwd
+     * 3a. $XDG_DATA_HOME/tpm2-pkcs11
+     * 3b. $HOME/.local/share/tpm2-pkcs11
+     * 4. $HOME/.tpm2_pkcs11
+     * 5. cwd
      */
 
     handler_idx i;
@@ -1287,6 +1320,9 @@ static CK_RV db_for_path(char *path, size_t len, db_handler h) {
         case HANDLER_IDX_STORE_DIR:
             rv = handle_path(path, len, &skip);
             break;
+        case HANDLER_IDX_HOMEXDG:
+            rv = handle_homexdg(path, len, &skip);
+            break;
         case HANDLER_IDX_HOME:
             rv = handle_home(path, len, &skip);
             break;

diff --git a/tools/tpm2_ptool/tpm2_pkcs11/command.py b/tools/tpm2_ptool/tpm2_pkcs11/command.py
@@ -13,7 +13,7 @@ def get_default_store_path():
         if "TPM2_PKCS11_STORE" in os.environ:
             store = os.environ.get("TPM2_PKCS11_STORE")
             try:
-                os.mkdir(store, 0o770);
+                os.mkdir(store, 0o770)
             except FileExistsError:
                 return store
             except Exception:
@@ -22,23 +22,38 @@ def get_default_store_path():
             # Exists, use it
             return store
 
-        # is their a system store and can I access it?
+        # is there a system store and can I access it?
         store = "/etc/tpm2_pkcs11"
         if os.path.exists(store) and os.access(store, os.W_OK):
             return store
 
         # look for a store in home
         if "HOME" in os.environ:
-            store = os.path.join(os.environ.get("HOME"), ".tpm2_pkcs11")
-            try:
-                os.mkdir(store, 0o770);
-            except FileExistsError:
+            if "XDG_DATA_HOME" in os.environ:
+                data_dir = os.environ["XDG_DATA_HOME"]
+            else:
+                data_dir = os.path.join(os.environ["HOME"], ".local/share")
+
+            stores = [
+                os.path.join(data_dir, "tpm2-pkcs11"),
+                os.path.join(os.environ["HOME"], ".tpm2_pkcs11"),
+            ]
+
+            # Try to find existing store
+            for store in stores:
+                if os.path.exists(store):
+                    return store
+
+            # If neither path exists, try to create one
+            for store in stores:
+                try:
+                    os.mkdir(store, 0o770)
+                except FileExistsError:
+                    return store
+                except Exception:
+                    continue
+                # Exists, use it
                 return store
-            except Exception:
-                # Keep trying
-                pass
-            # Exists, use it
-            return store
 
         # nothing else available, use cwd
         return os.getcwd()