Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 1a4b7ee28bf7413af6513fb45ad0d0736048f866 / . / meta-security / meta-tpm / recipes-tpm / openssl-tpm-engine / files / 0001-create-tpm-key-support-well-known-key-option.patch
blob: bed8b92a2a0ed72ac1cff6c03184de753f4a9bdb [file] [log] [blame]
commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
Date: Wed Jun 19 18:57:13 2013 +0800
support well-known password in openssl-tpm-engine.
Add "-z" option to select well known password in create_tpm_key tool.
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
Index: git/src/create_tpm_key.c
===================================================================
--- git.orig/src/create_tpm_key.c
+++ git/src/create_tpm_key.c
@@ -48,6 +48,8 @@
#include "ssl_compat.h"
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
+
#define print_error(a,b) \
fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
a, b, Trspi_Error_String(b))
@@ -72,6 +74,7 @@ usage(char *argv0)
"\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
"\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
"\t\t-s|--key-size key size in bits [2048]\n"
+ "\t\t-z|--zerokey use well known 20 bytes zero as SRK password.\n"
"\t\t-a|--auth require a password for the key [NO]\n"
"\t\t-p|--popup use TSS GUI popup dialogs to get the password "
"for the\n\t\t\t\t key [NO] (implies --auth)\n"
@@ -154,6 +157,7 @@ int main(int argc, char **argv)
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0;
+ int wellknownkey = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
@@ -161,12 +165,15 @@ int main(int argc, char **argv)
while (1) {
option_index = 0;
- c = getopt_long(argc, argv, "pe:q:s:ahw:",
+ c = getopt_long(argc, argv, "pe:q:s:zahw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
+ case 'z':
+ wellknownkey = 1;
+ break;
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
@@ -300,6 +307,8 @@ int main(int argc, char **argv)
if (srk_authusage) {
char *authdata = calloc(1, 128);
+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
+ int authlen = 0;
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
@@ -316,17 +325,26 @@ int main(int argc, char **argv)
exit(result);
}
- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
- Tspi_Context_CloseObject(hContext, hKey);
- Tspi_Context_Close(hContext);
- free(authdata);
- exit(result);
+ if (wellknownkey) {
+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
+ secretMode = TSS_SECRET_MODE_SHA1;
+ authlen = TPM_WELL_KNOWN_KEY_LEN;
+ }
+ else {
+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
+ Tspi_Context_CloseObject(hContext, hKey);
+ Tspi_Context_Close(hContext);
+ free(authdata);
+ exit(result);
+ }
+ secretMode = TSS_SECRET_MODE_PLAIN;
+ authlen = strlen(authdata);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
- TSS_SECRET_MODE_PLAIN,
- strlen(authdata),
+ secretMode,
+ authlen,
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);