diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-11 12:52:22 -0500 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-12 16:41:35 -0500 |
| commit | f6d7c7076a0e320d62629d47c6e4c0177fc7d213 (patch) | |
| tree | cf823e99d2f9d27d0f9f810fd6701b536f23a953 | |
| parent | 23fbe121a6023af315a01db313f05c29d86e2e38 (diff) | |
| download | openssl_tpm2_engine-f6d7c7076a0e320d62629d47c6e4c0177fc7d213.tar.gz | |
tpm2-common: update to allow importable sealed data
The original scheme had a different OID for loadable and importable
keys. However, this turned out to be unnecessary since we can use the
presence of the optional secret to determine whether the object is
loadable or importable. For sealed data, we'll use the same OID
(2.23.133.10.1.5) and the presence or absence of secret. This means
the common routines need to be updated to expect this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | tpm2-common.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index 7a31da4..fe020de 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -1773,7 +1773,7 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, } } - if (strcmp(OID_importableKey, oid) == 0) { + if (secret) { TPM_HANDLE session; TPM_HANDLE parentHandle; DATA_2B encryptionKey; @@ -2059,12 +2059,16 @@ int tpm2_write_tpmfile(const char *file, BYTE *pubkey, int pubkey_len, k.tpk.type = OBJ_txt2obj(OID_sealedData, 1); } else if (secret) { k.tpk.type = OBJ_txt2obj(OID_importableKey, 1); + } else { + k.tpk.type = OBJ_txt2obj(OID_loadableKey, 1); + } + + if (secret) { k.tpk.secret = ASN1_OCTET_STRING_new(); ASN1_STRING_set(k.tpk.secret, secret->secret, secret->size); - } else { - k.tpk.type = OBJ_txt2obj(OID_loadableKey, 1); } + k.tpk.emptyAuth = empty_auth; k.tpk.parent = ASN1_INTEGER_new(); ASN1_INTEGER_set(k.tpk.parent, parent); |