blob: 67071b6058e1f6ec1ca81f3c66640832f18dc7c9 [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +05301commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
2Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
3Date: Wed Jun 19 18:57:13 2013 +0800
4
5support well-known password in openssl-tpm-engine.
6
7Add "-z" option to select well known password in create_tpm_key tool.
8
9Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
10
11diff --git a/create_tpm_key.c b/create_tpm_key.c
12index fee917f..7b94d62 100644
13--- a/create_tpm_key.c
14+++ b/create_tpm_key.c
15@@ -46,6 +46,8 @@
16 #include <trousers/tss.h>
17 #include <trousers/trousers.h>
18
19+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
20+
21 #define print_error(a,b) \
22 fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
23 a, b, Trspi_Error_String(b))
24@@ -70,6 +72,7 @@ usage(char *argv0)
25 "\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
26 "\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
27 "\t\t-s|--key-size key size in bits [2048]\n"
28+ "\t\t-z|--zerokey use well known 20 bytes zero as SRK password.\n"
29 "\t\t-a|--auth require a password for the key [NO]\n"
30 "\t\t-p|--popup use TSS GUI popup dialogs to get the password "
31 "for the\n\t\t\t\t key [NO] (implies --auth)\n"
32@@ -147,6 +150,7 @@ int main(int argc, char **argv)
33 int asn1_len;
34 char *filename, c, *openssl_key = NULL;
35 int option_index, auth = 0, popup = 0, wrap = 0;
36+ int wellknownkey = 0;
37 UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
38 UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
39 UINT32 key_size = 2048;
40@@ -154,12 +158,15 @@ int main(int argc, char **argv)
41
42 while (1) {
43 option_index = 0;
44- c = getopt_long(argc, argv, "pe:q:s:ahw:",
45+ c = getopt_long(argc, argv, "pe:q:s:zahw:",
46 long_options, &option_index);
47 if (c == -1)
48 break;
49
50 switch (c) {
51+ case 'z':
52+ wellknownkey = 1;
53+ break;
54 case 'a':
55 initFlags |= TSS_KEY_AUTHORIZATION;
56 auth = 1;
57@@ -293,6 +300,8 @@ int main(int argc, char **argv)
58
59 if (srk_authusage) {
60 char *authdata = calloc(1, 128);
61+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
62+ int authlen = 0;
63
64 if (!authdata) {
65 fprintf(stderr, "malloc failed.\n");
66@@ -309,17 +318,26 @@ int main(int argc, char **argv)
67 exit(result);
68 }
69
70- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
71- Tspi_Context_CloseObject(hContext, hKey);
72- Tspi_Context_Close(hContext);
73- free(authdata);
74- exit(result);
75+ if (wellknownkey) {
76+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
77+ secretMode = TSS_SECRET_MODE_SHA1;
78+ authlen = TPM_WELL_KNOWN_KEY_LEN;
79+ }
80+ else {
81+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
82+ Tspi_Context_CloseObject(hContext, hKey);
83+ Tspi_Context_Close(hContext);
84+ free(authdata);
85+ exit(result);
86+ }
87+ secretMode = TSS_SECRET_MODE_PLAIN;
88+ authlen = strlen(authdata);
89 }
90
91 //Set Secret
92 if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
93- TSS_SECRET_MODE_PLAIN,
94- strlen(authdata),
95+ secretMode,
96+ authlen,
97 (BYTE *)authdata))) {
98 print_error("Tspi_Policy_SetSecret", result);
99 free(authdata);