diff options
author | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-09-18 11:58:58 -0700 |
---|---|---|
committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-09-18 16:56:13 -0700 |
commit | cd713d4de6c3d08478d6f6ca27b0f9e1afd439fe (patch) | |
tree | 9e88a2bafa6f0a61e1d5b538a61783f32f5e09ff /TPM2-Plugin | |
parent | 4c55afa7b4d870c4fb366699b5e83efa5a9944a3 (diff) |
Add support for PRK password in TPM plugin
PRK Password needs to be passed to TPM Plugin
for load key operations to work.
P7: Moved readPassword to calling function
P8: Check size of password string before memcpy
P9: Updated readme
Issue-ID: AAF-484
Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'TPM2-Plugin')
-rw-r--r-- | TPM2-Plugin/README.md | 20 | ||||
-rw-r--r-- | TPM2-Plugin/lib/tpm2_plugin_api.c | 39 |
2 files changed, 47 insertions, 12 deletions
diff --git a/TPM2-Plugin/README.md b/TPM2-Plugin/README.md index 978495c..5d8183f 100644 --- a/TPM2-Plugin/README.md +++ b/TPM2-Plugin/README.md @@ -1,16 +1,26 @@ -## Introduction +# Introduction This is TPM2-Plugin to load asymetric key pairs to TPM2.0 module. The private part of keys can only be used for signing when it is loaded in TPM module. -### Build +Loading Password protected Primary Keys in plugin requires the setting of the +following ENVIRONMENT Variable: +``` +TPM_PRK_PASSWORD +``` +The plugin will read this and setup hmac appropriately for the session. +## Build +``` ./bootstrap ./configure --prefix test +``` -### Installation +## Installation and Uninstallation +``` make install +``` -###Uninstall - +``` make clean make distclean +```
\ No newline at end of file diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c index c763ef3..c27ec55 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_api.c +++ b/TPM2-Plugin/lib/tpm2_plugin_api.c @@ -277,11 +277,11 @@ int hex2ByteStructure(const char *inStr, UINT16 *byteLength, BYTE *byteBuffer) } return 0; } + int load_key(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT parentHandle, TPM2B_PUBLIC *inPublic, - TPM2B_PRIVATE *inPrivate, - int P_flag) + TPM2B_PRIVATE *inPrivate) { UINT32 rval; TPMS_AUTH_RESPONSE sessionDataOut; @@ -304,9 +304,6 @@ int load_key(TSS2_SYS_CONTEXT *sapi_context, sessionData.sessionHandle = TPM_RS_PW; sessionData.nonce.t.size = 0; - if(P_flag == 0) - sessionData.hmac.t.size = 0; - *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0; if (sessionData.hmac.t.size > 0 && hexPasswd) { @@ -400,6 +397,29 @@ int read_public(TSS2_SYS_CONTEXT *sapi_context, return 0; } +/* +Reads the PRK_PASSWORD Environment variable +and populates that information into the +sessionData global environment variable +*/ +int readPassword() +{ + char *prk_passwd; + + sessionData.hmac.t.size = 0; + + prk_passwd = getenv("TPM_PRK_PASSWORD"); + if (prk_passwd != NULL) { + sessionData.hmac.t.size = strlen(prk_passwd); + if (sessionData.hmac.t.size > sizeof(sessionData.hmac.t.buffer)) { + return -1; + } + memcpy(sessionData.hmac.t.buffer, prk_passwd, sessionData.hmac.t.size); + return 0; + } + return 0; +} + TPMS_CONTEXT loaded_key_context; int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, @@ -443,11 +463,16 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, } } + // Read TPM_PRK_PASSWORD and setup sessionsData appropriately + if (readPassword() != 0) { + // Password read failure + return -1; + } + returnVal = load_key (sapi_context, parentHandle, &inPublic, - &inPrivate, - 0); + &inPrivate); returnVal = read_public(sapi_context, handle2048rsa, importkey_info); |