diff options
| author | David Woodhouse <dwmw2@infradead.org> | 2018-10-12 01:01:17 +0100 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2018-10-31 22:14:47 -0700 |
| commit | 7bdc1cca370659ef83fd09157083dfa2edfd24e4 (patch) | |
| tree | 4d50cb2c178a136acc7dc6ee13fb8cdc0855a18b | |
| parent | 3ca572e399f8fafe4213fd19d3aa95adb7e50809 (diff) | |
| download | openssl_tpm2_engine-7bdc1cca370659ef83fd09157083dfa2edfd24e4.tar.gz | |
Add 'TSS2 PRIVATE KEY' PEM tag, using correct objectAttributes
We can now tweak the ASN.1 definition for the PRIVATE KEY variant...
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | create_tpm2_key.c | 4 | ||||
| -rw-r--r-- | e_tpm2.c | 11 | ||||
| -rw-r--r-- | tpm2-asn.h | 3 |
3 files changed, 14 insertions, 4 deletions
diff --git a/create_tpm2_key.c b/create_tpm2_key.c index 6328d08..2c71ed3 100644 --- a/create_tpm2_key.c +++ b/create_tpm2_key.c @@ -256,7 +256,7 @@ openssl_write_tpmfile(const char *file, BYTE *pubkey, int pubkey_len, ASN1_STRING_set(tssl.privkey, privkey, privkey_len); tssl.policy = sk; - PEM_write_bio_TSSLOADABLE(outb, &tssl); + PEM_write_bio_TSSPRIVKEY(outb, &tssl); BIO_free(outb); return 0; } @@ -751,7 +751,7 @@ int main(int argc, char **argv) } if ((parent & 0xff000000) == 0x40000000) { - rc = tpm2_load_srk(tssContext, &phandle, parent_auth, NULL, parent, 0); + rc = tpm2_load_srk(tssContext, &phandle, parent_auth, NULL, parent, 1); if (rc) { reason = "tpm2_load_srk"; goto out_delete; @@ -322,7 +322,7 @@ static int tpm2_engine_load_key_core(ENGINE *e, EVP_PKEY **ppkey, INT32 size; struct app_data *app_data; char oid[128]; - int empty_auth; + int empty_auth, version = 0; const int nvkey_len = strlen(nvprefix); if (!key_id && !bio) { @@ -351,7 +351,13 @@ static int tpm2_engine_load_key_core(ENGINE *e, EVP_PKEY **ppkey, return 0; } - tssl = PEM_read_bio_TSSLOADABLE(bf, NULL, NULL, NULL); + tssl = PEM_read_bio_TSSPRIVKEY(bf, NULL, NULL, NULL); + if (tssl) { + version = 1; + } else { + BIO_seek(bf, 0); + tssl = PEM_read_bio_TSSLOADABLE(bf, NULL, NULL, NULL); + } if (!bio) BIO_free(bf); @@ -393,6 +399,7 @@ static int tpm2_engine_load_key_core(ENGINE *e, EVP_PKEY **ppkey, } memset(app_data, 0, sizeof(*app_data)); + app_data->version = version; app_data->dir = tpm2_set_unique_tssdir(); if (tssl->parent) @@ -90,8 +90,11 @@ IMPLEMENT_ASN1_FUNCTIONS(TSSLOADABLE); /* This is the PEM guard tag */ #define TSSLOADABLE_PEM_STRING "TSS2 KEY BLOB" +#define TSSPRIVKEY_PEM_STRING "TSS2 PRIVATE KEY" static IMPLEMENT_PEM_write_bio(TSSLOADABLE, TSSLOADABLE, TSSLOADABLE_PEM_STRING, TSSLOADABLE) static IMPLEMENT_PEM_read_bio(TSSLOADABLE, TSSLOADABLE, TSSLOADABLE_PEM_STRING, TSSLOADABLE) +static IMPLEMENT_PEM_write_bio(TSSPRIVKEY, TSSLOADABLE, TSSPRIVKEY_PEM_STRING, TSSLOADABLE) +static IMPLEMENT_PEM_read_bio(TSSPRIVKEY, TSSLOADABLE, TSSPRIVKEY_PEM_STRING, TSSLOADABLE) #endif |