diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-12-29 11:06:41 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-12-29 11:06:41 -0800 |
commit | 65b8f4a2da3b56f2079955b457e1616442e454e7 (patch) | |
tree | f3cd792320e80de0441329574877eea61b691f31 | |
parent | 06f566c36e4910655e8eeb18ccb668afa5ee9f15 (diff) | |
download | openssl_tpm2_engine-65b8f4a2da3b56f2079955b457e1616442e454e7.tar.gz |
load_tpm2_key: use common file parsing and load routines
This allows load_tpm2_key to use every format currently allowed for
the tpm keys. For load_tpm2_key this means it can now load importable
keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | e_tpm2.c | 2 | ||||
-rw-r--r-- | load_tpm2_key.c | 87 | ||||
-rw-r--r-- | tpm2-common.c | 17 | ||||
-rw-r--r-- | tpm2-common.h | 2 |
4 files changed, 29 insertions, 79 deletions
@@ -221,7 +221,7 @@ static int tpm2_engine_load_key_core(ENGINE *e, EVP_PKEY **ppkey, } rc = tpm2_load_engine_file(key_id, &app_data, &pkey, ui, cb_data, - srk_auth); + srk_auth, 1); if (!rc) return 0; diff --git a/load_tpm2_key.c b/load_tpm2_key.c index 123cf9f..244c9dc 100644 --- a/load_tpm2_key.c +++ b/load_tpm2_key.c @@ -76,21 +76,14 @@ int main(int argc, char **argv) { char *filename; TPM_HANDLE nvindex; - const char *tssdir; - TSSPRIVKEY *tpk; - BIO *bf; int option_index, c; int force = 0; TSS_CONTEXT *tssContext; TPM_RC rc; - Load_In lin; - Load_Out lout; EvictControl_In ein; - BYTE *buffer; - INT32 size; char *auth = NULL; - TPM_HANDLE session, parent; int ret = 1; + struct app_data *app_data; while (1) { option_index = 0; @@ -140,72 +133,30 @@ int main(int argc, char **argv) exit(1); } - bf = BIO_new_file(filename, "r"); - if (!bf) { - fprintf(stderr, "File %s does not exist or cannot be read\n", filename); - exit(1); - } - tpk = PEM_read_bio_TSSPRIVKEY(bf, NULL, NULL, NULL); - BIO_free(bf); - - if (!tpk) { + ret = tpm2_load_engine_file(filename, &app_data, NULL, NULL, NULL, + auth, 0); + if (!ret) { fprintf(stderr, "Failed to parse file %s\n", filename); exit(1); } - if (tpk->policy && !force) { + if (app_data->commands && !force) { + fprintf(stderr, "NUM COMMANDS=%d\n", app_data->num_commands); fprintf(stderr, "Warning: key %s has associated policy\n" "Policy keys are hard to use, specify --force if this is really what you want\n", filename); + ret = 1; goto out_free; } - buffer = tpk->privkey->data; - size = tpk->privkey->length; - TPM2B_PRIVATE_Unmarshal(&lin.inPrivate, &buffer, &size); - - buffer = tpk->pubkey->data; - size = tpk->pubkey->length; - TPM2B_PUBLIC_Unmarshal(&lin.inPublic, &buffer, &size, FALSE); - - parent = ASN1_INTEGER_get(tpk->parent); - TSSPRIVKEY_free(tpk); - tssdir = tpm2_set_unique_tssdir(); - rc = tpm2_create(&tssContext, tssdir); - if (rc) { - tpm2_error(rc, "tpm2_create"); - exit(1); - } - - if ((parent & 0xff000000) == 0x81000000) { - lin.parentHandle = parent; - } else { - rc = tpm2_load_srk(tssContext, &lin.parentHandle, auth, NULL, - parent, 1); - if (rc) - goto out; - } - rc = tpm2_get_session_handle(tssContext, &session, lin.parentHandle, - TPM_SE_HMAC, TPM_ALG_SHA256); - if (rc) - goto out_flush_srk; - rc = TSS_Execute(tssContext, - (RESPONSE_PARAMETERS *)&lout, - (COMMAND_PARAMETERS *)&lin, - NULL, - TPM_CC_Load, - session, auth, 0, - TPM_RH_NULL, NULL, 0); - if (rc) { - tpm2_error(rc, "TPM2_Load"); - tpm2_flush_handle(tssContext, session); - } - out_flush_srk: - tpm2_flush_srk(tssContext, lin.parentHandle); - if (rc) + ret = tpm2_load_key(&tssContext, app_data, auth); + if (!ret) { + ret = 1; goto out; + }; ein.auth = TPM_RH_OWNER; - ein.objectHandle = lout.objectHandle; + ein.objectHandle = ret; + ret = 1; /* set up error return */ ein.persistentHandle = nvindex; rc = TSS_Execute(tssContext, NULL, @@ -219,16 +170,12 @@ int main(int argc, char **argv) else ret = 0; - tpm2_flush_handle(tssContext, lout.objectHandle); + tpm2_flush_handle(tssContext, ein.objectHandle); out: TSS_Delete(tssContext); - tpm2_rm_keyfile(tssdir, parent); - tpm2_rm_keyfile(tssdir, nvindex); - tpm2_rm_tssdir(tssdir); - exit(ret); - out_free: - TSSPRIVKEY_free(tpk); - exit(1); + tpm2_rm_keyfile(app_data->dir, nvindex); + tpm2_delete(app_data); + exit(ret); } diff --git a/tpm2-common.c b/tpm2-common.c index a585b6a..891a603 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -1026,7 +1026,7 @@ static int tpm2_engine_load_key_policy(struct app_data *app_data, int tpm2_load_engine_file(const char *filename, struct app_data **app_data, EVP_PKEY **ppkey, UI_METHOD *ui, void *cb_data, - const char *srk_auth) + const char *srk_auth, int get_key_auth) { BIO *bf; TSSLOADABLE *tssl = NULL; @@ -1220,13 +1220,15 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, } /* create the new objects to return */ - *ppkey = tpm2_to_openssl_public(&iin.objectPublic.publicArea); - if (!*ppkey) { - fprintf(stderr, "Failed to allocate a new EVP_KEY\n"); - goto err_free; + if (ppkey) { + *ppkey = tpm2_to_openssl_public(&iin.objectPublic.publicArea); + if (!*ppkey) { + fprintf(stderr, "Failed to allocate a new EVP_KEY\n"); + goto err_free; + } } - if (empty_auth == 0) { + if (empty_auth == 0 && get_key_auth) { ad->auth = tpm2_get_auth(ui, "TPM Key Password: ", cb_data); if (!ad->auth) goto err_free_key; @@ -1244,7 +1246,8 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, return 1; err_free_key: - EVP_PKEY_free(*ppkey); + if (ppkey) + EVP_PKEY_free(*ppkey); err_free: *ppkey = NULL; diff --git a/tpm2-common.h b/tpm2-common.h index 264fc8e..536cedb 100644 --- a/tpm2-common.h +++ b/tpm2-common.h @@ -57,7 +57,7 @@ int tpm2_get_public_point(TPM2B_ECC_POINT *tpmpt, const EC_GROUP *group, const EC_POINT *pt); int tpm2_load_engine_file(const char *filename, struct app_data **app_data, EVP_PKEY **ppkey, UI_METHOD *ui, void *cb_data, - const char *srk_auth); + const char *srk_auth, int get_key_auth); TPM_HANDLE tpm2_load_key(TSS_CONTEXT **tsscp, struct app_data *app_data, const char *srk_auth); void tpm2_unload_key(TSS_CONTEXT *tssContext, TPM_HANDLE key); |