seal_tpm2_data: fix importable key creation with Intel TSS

The intel TSS has an internal handle representation which is habitually used for everything. However, when the data is created off TPM, such as for importable keys, the external handle representation must be used to get the correct handle value. Fix the import case so the default handle is external not internal and add a missing parent string parser. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-03-17 16:54:17 -0400
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-03-17 16:54:17 -0400
commit: c4033c4a8dbefc8624aa9ed447397520e4b023c9 (patch)
tree: 241bbafeb7185d33e1d3fd29255fa22975fc0fcf
parent: cf6bcb0dc82612815e16fad08d7af52bf5303870 (diff)
download: openssl_tpm2_engine-c4033c4a8dbefc8624aa9ed447397520e4b023c9.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/src/tools/seal_tpm2_data.c b/src/tools/seal_tpm2_data.c
index 1e4474c..b0fc5f9 100644
--- a/src/tools/seal_tpm2_data.c
+++ b/src/tools/seal_tpm2_data.c
@@ -357,6 +357,16 @@ int main(int argc, char **argv)
 	if (import) {
 		TPMT_SENSITIVE ts;
 		EVP_PKEY *p_pkey = openssl_read_public_key(import);
+		if (parent_str) {
+			parent = tpm2_get_parent_ext(parent_str);
+			if (!parent) {
+				fprintf(stderr, "Unknown parent '%s'\n",
+					parent_str);
+				goto out_flush;
+			}
+		} else {
+			parent = EXT_TPM_RH_OWNER;
+		}
 
 		wrap_data(&ts, data_auth, VAL_2B(s->data, buffer),
 			  VAL_2B(s->data, size));
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-03-17 16:54:17 -0400
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-03-17 16:54:17 -0400
commit	c4033c4a8dbefc8624aa9ed447397520e4b023c9 (patch)
tree	241bbafeb7185d33e1d3fd29255fa22975fc0fcf
parent	cf6bcb0dc82612815e16fad08d7af52bf5303870 (diff)
download	openssl_tpm2_engine-c4033c4a8dbefc8624aa9ed447397520e4b023c9.tar.gz