Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / fb08ccf0b27d747289008077333ca47761849f9f / . / meta-security / meta-tpm / recipes-tpm1 / openssl-tpm-engine / files / 0001-create-tpm-key-support-well-known-key-option.patch
blob: e6068aff646439794087d218b6d7703631eff6c8 [file] [log] [blame]
Patrick Williams520786c2023-06-25 16:20:36 -0500[diff] [blame]1Upstream-Status: Pending
2
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]3commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
4Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
5Date: Wed Jun 19 18:57:13 2013 +0800
6
7support well-known password in openssl-tpm-engine.
8
9Add "-z" option to select well known password in create_tpm_key tool.
10
11Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
12
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]13Index: git/src/create_tpm_key.c
14===================================================================
15--- git.orig/src/create_tpm_key.c
16+++ git/src/create_tpm_key.c
17@@ -48,6 +48,8 @@
18
19 #include "ssl_compat.h"
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]20
21+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
22+
23 #define print_error(a,b) \
24 fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
25 a, b, Trspi_Error_String(b))
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]26@@ -72,6 +74,7 @@ usage(char *argv0)
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]27 "\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
28 "\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
29 "\t\t-s|--key-size key size in bits [2048]\n"
30+ "\t\t-z|--zerokey use well known 20 bytes zero as SRK password.\n"
31 "\t\t-a|--auth require a password for the key [NO]\n"
32 "\t\t-p|--popup use TSS GUI popup dialogs to get the password "
33 "for the\n\t\t\t\t key [NO] (implies --auth)\n"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]34@@ -154,6 +157,7 @@ int main(int argc, char **argv)
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]35 int asn1_len;
36 char *filename, c, *openssl_key = NULL;
37 int option_index, auth = 0, popup = 0, wrap = 0;
38+ int wellknownkey = 0;
39 UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
40 UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
41 UINT32 key_size = 2048;
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]42@@ -161,12 +165,15 @@ int main(int argc, char **argv)
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]43
44 while (1) {
45 option_index = 0;
46- c = getopt_long(argc, argv, "pe:q:s:ahw:",
47+ c = getopt_long(argc, argv, "pe:q:s:zahw:",
48 long_options, &option_index);
49 if (c == -1)
50 break;
51
52 switch (c) {
53+ case 'z':
54+ wellknownkey = 1;
55+ break;
56 case 'a':
57 initFlags |= TSS_KEY_AUTHORIZATION;
58 auth = 1;
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]59@@ -300,6 +307,8 @@ int main(int argc, char **argv)
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]60
61 if (srk_authusage) {
62 char *authdata = calloc(1, 128);
63+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
64+ int authlen = 0;
65
66 if (!authdata) {
67 fprintf(stderr, "malloc failed.\n");
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame]68@@ -316,17 +325,26 @@ int main(int argc, char **argv)
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]69 exit(result);
70 }
71
72- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
73- Tspi_Context_CloseObject(hContext, hKey);
74- Tspi_Context_Close(hContext);
75- free(authdata);
76- exit(result);
77+ if (wellknownkey) {
78+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
79+ secretMode = TSS_SECRET_MODE_SHA1;
80+ authlen = TPM_WELL_KNOWN_KEY_LEN;
81+ }
82+ else {
83+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
84+ Tspi_Context_CloseObject(hContext, hKey);
85+ Tspi_Context_Close(hContext);
86+ free(authdata);
87+ exit(result);
88+ }
89+ secretMode = TSS_SECRET_MODE_PLAIN;
90+ authlen = strlen(authdata);
91 }
92
93 //Set Secret
94 if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
95- TSS_SECRET_MODE_PLAIN,
96- strlen(authdata),
97+ secretMode,
98+ authlen,
99 (BYTE *)authdata))) {
100 print_error("Tspi_Policy_SetSecret", result);
101 free(authdata);