Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 1 | commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed |
| 2 | Author: Junxian.Xiao <Junxian.Xiao@windriver.com> |
| 3 | Date: Wed Jun 19 18:57:13 2013 +0800 |
| 4 | |
| 5 | support reading SRK password from env TPM_SRK_PW |
| 6 | |
| 7 | Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially, |
| 8 | use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password. |
| 9 | |
| 10 | Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> |
| 11 | |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 12 | Index: git/src/e_tpm.c |
| 13 | =================================================================== |
| 14 | --- git.orig/src/e_tpm.c |
| 15 | +++ git/src/e_tpm.c |
Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 16 | @@ -38,6 +38,8 @@ |
Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 17 | #include "e_tpm.h" |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 18 | #include "ssl_compat.h" |
Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 19 | |
| 20 | +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ |
| 21 | + |
| 22 | //#define DLOPEN_TSPI |
| 23 | |
| 24 | #ifndef OPENSSL_NO_HW |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 25 | @@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb |
Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 26 | TSS_RESULT result; |
| 27 | UINT32 authusage; |
| 28 | BYTE *auth; |
| 29 | + char *srkPasswd = NULL; |
| 30 | + TSS_FLAG secretMode = secret_mode; |
| 31 | + int authlen = 0; |
| 32 | + |
| 33 | |
| 34 | if (hSRK != NULL_HKEY) { |
| 35 | DBGFN("SRK is already loaded."); |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 36 | @@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb |
Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 37 | return 0; |
| 38 | } |
| 39 | |
| 40 | - if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", |
| 41 | - cb_data)) { |
| 42 | - Tspi_Context_CloseObject(hContext, hSRK); |
| 43 | - free(auth); |
| 44 | - TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |
| 45 | - return 0; |
| 46 | + srkPasswd = getenv("TPM_SRK_PW"); |
| 47 | + if (NULL != srkPasswd) { |
| 48 | + if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { |
| 49 | + memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); |
| 50 | + secretMode = TSS_SECRET_MODE_SHA1; |
| 51 | + authlen = TPM_WELL_KNOWN_KEY_LEN; |
| 52 | + } else { |
| 53 | + int authbuflen = 128; |
| 54 | + memset(auth, 0, authbuflen); |
| 55 | + strncpy(auth, srkPasswd, authbuflen-1); |
| 56 | + secretMode = TSS_SECRET_MODE_PLAIN; |
| 57 | + authlen = strlen(auth); |
| 58 | + } |
| 59 | + } |
| 60 | + else { |
| 61 | + if (!tpm_engine_get_auth(ui, (char *)auth, 128, |
| 62 | + "SRK authorization: ", cb_data)) { |
| 63 | + Tspi_Context_CloseObject(hContext, hSRK); |
| 64 | + free(auth); |
| 65 | + TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |
| 66 | + return 0; |
| 67 | + } |
| 68 | + secretMode = secret_mode; |
| 69 | + authlen = strlen(auth); |
| 70 | } |
| 71 | |
| 72 | /* secret_mode is a global that may be set by engine ctrl |
| 73 | * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ |
| 74 | - if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode, |
| 75 | - strlen((char *)auth), auth))) { |
| 76 | + if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode, |
| 77 | + authlen, auth))) { |
| 78 | Tspi_Context_CloseObject(hContext, hSRK); |
| 79 | free(auth); |
| 80 | TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); |