| commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed |
| Author: Junxian.Xiao <Junxian.Xiao@windriver.com> |
| Date: Wed Jun 19 18:57:13 2013 +0800 |
| |
| support reading SRK password from env TPM_SRK_PW |
| |
| Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially, |
| use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password. |
| |
| Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> |
| |
| Index: git/src/e_tpm.c |
| =================================================================== |
| --- git.orig/src/e_tpm.c |
| +++ git/src/e_tpm.c |
| @@ -38,6 +38,8 @@ |
| #include "e_tpm.h" |
| #include "ssl_compat.h" |
| |
| +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ |
| + |
| //#define DLOPEN_TSPI |
| |
| #ifndef OPENSSL_NO_HW |
| @@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb |
| TSS_RESULT result; |
| UINT32 authusage; |
| BYTE *auth; |
| + char *srkPasswd = NULL; |
| + TSS_FLAG secretMode = secret_mode; |
| + int authlen = 0; |
| + |
| |
| if (hSRK != NULL_HKEY) { |
| DBGFN("SRK is already loaded."); |
| @@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb |
| return 0; |
| } |
| |
| - if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", |
| - cb_data)) { |
| - Tspi_Context_CloseObject(hContext, hSRK); |
| - free(auth); |
| - TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |
| - return 0; |
| + srkPasswd = getenv("TPM_SRK_PW"); |
| + if (NULL != srkPasswd) { |
| + if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { |
| + memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); |
| + secretMode = TSS_SECRET_MODE_SHA1; |
| + authlen = TPM_WELL_KNOWN_KEY_LEN; |
| + } else { |
| + int authbuflen = 128; |
| + memset(auth, 0, authbuflen); |
| + strncpy(auth, srkPasswd, authbuflen-1); |
| + secretMode = TSS_SECRET_MODE_PLAIN; |
| + authlen = strlen(auth); |
| + } |
| + } |
| + else { |
| + if (!tpm_engine_get_auth(ui, (char *)auth, 128, |
| + "SRK authorization: ", cb_data)) { |
| + Tspi_Context_CloseObject(hContext, hSRK); |
| + free(auth); |
| + TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |
| + return 0; |
| + } |
| + secretMode = secret_mode; |
| + authlen = strlen(auth); |
| } |
| |
| /* secret_mode is a global that may be set by engine ctrl |
| * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ |
| - if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode, |
| - strlen((char *)auth), auth))) { |
| + if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode, |
| + authlen, auth))) { |
| Tspi_Context_CloseObject(hContext, hSRK); |
| free(auth); |
| TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |