aboutsummaryrefslogtreecommitdiffstats
path: root/TPM2-Plugin
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-18 11:58:58 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-18 16:56:13 -0700
commitcd713d4de6c3d08478d6f6ca27b0f9e1afd439fe (patch)
tree9e88a2bafa6f0a61e1d5b538a61783f32f5e09ff /TPM2-Plugin
parent4c55afa7b4d870c4fb366699b5e83efa5a9944a3 (diff)
Add support for PRK password in TPM plugin
PRK Password needs to be passed to TPM Plugin for load key operations to work. P7: Moved readPassword to calling function P8: Check size of password string before memcpy P9: Updated readme Issue-ID: AAF-484 Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'TPM2-Plugin')
-rw-r--r--TPM2-Plugin/README.md20
-rw-r--r--TPM2-Plugin/lib/tpm2_plugin_api.c39
2 files changed, 47 insertions, 12 deletions
diff --git a/TPM2-Plugin/README.md b/TPM2-Plugin/README.md
index 978495c..5d8183f 100644
--- a/TPM2-Plugin/README.md
+++ b/TPM2-Plugin/README.md
@@ -1,16 +1,26 @@
-## Introduction
+# Introduction
This is TPM2-Plugin to load asymetric key pairs to TPM2.0 module.
The private part of keys can only be used for signing when it is loaded in TPM module.
-### Build
+Loading Password protected Primary Keys in plugin requires the setting of the
+following ENVIRONMENT Variable:
+```
+TPM_PRK_PASSWORD
+```
+The plugin will read this and setup hmac appropriately for the session.
+## Build
+```
./bootstrap
./configure --prefix test
+```
-### Installation
+## Installation and Uninstallation
+```
make install
+```
-###Uninstall
-
+```
make clean
make distclean
+``` \ No newline at end of file
diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c
index c763ef3..c27ec55 100644
--- a/TPM2-Plugin/lib/tpm2_plugin_api.c
+++ b/TPM2-Plugin/lib/tpm2_plugin_api.c
@@ -277,11 +277,11 @@ int hex2ByteStructure(const char *inStr, UINT16 *byteLength, BYTE *byteBuffer)
}
return 0;
}
+
int load_key(TSS2_SYS_CONTEXT *sapi_context,
TPMI_DH_OBJECT parentHandle,
TPM2B_PUBLIC *inPublic,
- TPM2B_PRIVATE *inPrivate,
- int P_flag)
+ TPM2B_PRIVATE *inPrivate)
{
UINT32 rval;
TPMS_AUTH_RESPONSE sessionDataOut;
@@ -304,9 +304,6 @@ int load_key(TSS2_SYS_CONTEXT *sapi_context,
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
- if(P_flag == 0)
- sessionData.hmac.t.size = 0;
-
*((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
if (sessionData.hmac.t.size > 0 && hexPasswd)
{
@@ -400,6 +397,29 @@ int read_public(TSS2_SYS_CONTEXT *sapi_context,
return 0;
}
+/*
+Reads the PRK_PASSWORD Environment variable
+and populates that information into the
+sessionData global environment variable
+*/
+int readPassword()
+{
+ char *prk_passwd;
+
+ sessionData.hmac.t.size = 0;
+
+ prk_passwd = getenv("TPM_PRK_PASSWORD");
+ if (prk_passwd != NULL) {
+ sessionData.hmac.t.size = strlen(prk_passwd);
+ if (sessionData.hmac.t.size > sizeof(sessionData.hmac.t.buffer)) {
+ return -1;
+ }
+ memcpy(sessionData.hmac.t.buffer, prk_passwd, sessionData.hmac.t.size);
+ return 0;
+ }
+ return 0;
+}
+
TPMS_CONTEXT loaded_key_context;
int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
@@ -443,11 +463,16 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
}
}
+ // Read TPM_PRK_PASSWORD and setup sessionsData appropriately
+ if (readPassword() != 0) {
+ // Password read failure
+ return -1;
+ }
+
returnVal = load_key (sapi_context,
parentHandle,
&inPublic,
- &inPrivate,
- 0);
+ &inPrivate);
returnVal = read_public(sapi_context,
handle2048rsa,
importkey_info);