diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-03-17 16:54:17 -0400 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-03-17 16:54:17 -0400 |
commit | c4033c4a8dbefc8624aa9ed447397520e4b023c9 (patch) | |
tree | 241bbafeb7185d33e1d3fd29255fa22975fc0fcf | |
parent | cf6bcb0dc82612815e16fad08d7af52bf5303870 (diff) | |
download | openssl_tpm2_engine-c4033c4a8dbefc8624aa9ed447397520e4b023c9.tar.gz |
seal_tpm2_data: fix importable key creation with Intel TSS
The intel TSS has an internal handle representation which is
habitually used for everything. However, when the data is created off
TPM, such as for importable keys, the external handle representation
must be used to get the correct handle value. Fix the import case so
the default handle is external not internal and add a missing parent
string parser.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | src/tools/seal_tpm2_data.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/tools/seal_tpm2_data.c b/src/tools/seal_tpm2_data.c index 1e4474c..b0fc5f9 100644 --- a/src/tools/seal_tpm2_data.c +++ b/src/tools/seal_tpm2_data.c @@ -357,6 +357,16 @@ int main(int argc, char **argv) if (import) { TPMT_SENSITIVE ts; EVP_PKEY *p_pkey = openssl_read_public_key(import); + if (parent_str) { + parent = tpm2_get_parent_ext(parent_str); + if (!parent) { + fprintf(stderr, "Unknown parent '%s'\n", + parent_str); + goto out_flush; + } + } else { + parent = EXT_TPM_RH_OWNER; + } wrap_data(&ts, data_auth, VAL_2B(s->data, buffer), VAL_2B(s->data, size)); |