diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-02 15:58:38 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-10 12:26:45 -0800 |
commit | 600da197e76940cfd654519734125131f6964798 (patch) | |
tree | 5752a3804f57c2a17975065f6e92a81ac2dc7338 | |
parent | 5ea29a4dba5083b5383929b895df32c9c7580d71 (diff) | |
download | openssl_tpm2_engine-600da197e76940cfd654519734125131f6964798.tar.gz |
tpm2-common: export tpm key type from file to app_data
This will be useful for sealed keys to know they were the correct type
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tpm2-common.c | 19 | ||||
-rw-r--r-- | tpm2-common.h | 10 |
2 files changed, 20 insertions, 9 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index c60b151..95d5f7e 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -239,7 +239,7 @@ void tpm2_error(TPM_RC rc, const char *reason) } -TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth,TPM2B_PUBLIC *pub, TPM_HANDLE hierarchy, int version) +TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth,TPM2B_PUBLIC *pub, TPM_HANDLE hierarchy, enum tpm2_type type) { TPM_RC rc; CreatePrimary_In in; @@ -271,7 +271,7 @@ TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth,TP TPMA_OBJECT_USERWITHAUTH | TPMA_OBJECT_DECRYPT | TPMA_OBJECT_RESTRICTED; - if (version) + if (type != TPM2_LEGACY) in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT | TPMA_OBJECT_FIXEDTPM; @@ -1042,7 +1042,8 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, INT32 size; struct app_data *ad; char oid[128]; - int empty_auth, version = 0; + int empty_auth; + enum tpm2_type tpm2_type = TPM2_NONE; ASN1_OBJECT *type; ASN1_INTEGER *parent; ASN1_OCTET_STRING *pubkey; @@ -1065,7 +1066,6 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, tpk = ASN1_item_d2i_bio(ASN1_ITEM_rptr(TSSPRIVKEY), bf, NULL); } if (tpk) { - version = 1; type = tpk->type; empty_auth = tpk->emptyAuth; parent = tpk->parent; @@ -1074,6 +1074,7 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, policy = tpk->policy; secret = tpk->secret; } else { + tpm2_type = TPM2_LEGACY; BIO_seek(bf, 0); tssl = PEM_read_bio_TSSLOADABLE(bf, NULL, NULL, NULL); if (!tssl) { @@ -1100,12 +1101,13 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, } if (strcmp(OID_loadableKey, oid) == 0) { - if (version != 1) { + if (tpm2_type != TPM2_NONE) { fprintf(stderr, "New type found in old format key\n"); goto err; } + tpm2_type = TPM2_LOADABLE; } else if (strcmp(OID_OldloadableKey, oid) == 0) { - if (version != 0) { + if (tpm2_type != TPM2_LEGACY) { fprintf(stderr, "Old type found in new format key\n"); goto err; } @@ -1114,6 +1116,7 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, fprintf(stderr, "Importable keys require an encrypted secret\n"); goto err; } + tpm2_type = TPM2_IMPORTABLE; } else { fprintf(stderr, "Unrecognised object type\n"); goto err; @@ -1133,7 +1136,7 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, *app_data = ad; - ad->version = version; + ad->type = tpm2_type; ad->dir = tpm2_set_unique_tssdir(); if (parent) @@ -1328,7 +1331,7 @@ TPM_HANDLE tpm2_load_key(TSS_CONTEXT **tsscp, struct app_data *app_data, if ((app_data->parent & 0xff000000) == 0x81000000) { in.parentHandle = app_data->parent; } else { - rc = tpm2_load_srk(tssContext, &in.parentHandle, srk_auth, NULL, app_data->parent, app_data->version); + rc = tpm2_load_srk(tssContext, &in.parentHandle, srk_auth, NULL, app_data->parent, app_data->type); if (rc) goto out; } diff --git a/tpm2-common.h b/tpm2-common.h index 0e5d415..33cac4a 100644 --- a/tpm2-common.h +++ b/tpm2-common.h @@ -14,9 +14,17 @@ struct policy_command { BYTE *policy; }; +enum tpm2_type { + TPM2_NONE = -1, /* no defined type yet */ + TPM2_LEGACY = 0, + TPM2_LOADABLE = 1, + TPM2_IMPORTABLE = 2, + TPM2_SEALED = 3, +}; + /* structure pointed to by the RSA object's app_data pointer */ struct app_data { - int version; + enum tpm2_type type; TPM_HANDLE parent; /* if key is in NV memory */ TPM_HANDLE key; |