summaryrefslogtreecommitdiffstats
path: root/tpm-util/duplicate/main.c
diff options
context:
space:
mode:
authorArun kumar Sekar <arunkumarsit@gmail.com>2018-03-30 11:20:30 -0700
committerArun kumar sekar <arunkumarsit@gmail.com>2018-04-03 21:14:48 +0000
commit2ac563372735668ac9687c57e35e39c3e4553ff0 (patch)
tree4f276f8feba53a700f73a4aa9f2f55187444dff5 /tpm-util/duplicate/main.c
parent3d5e48d877919ec8d33e1d1ee3682fb1f0bc0532 (diff)
Utility to Import external RSA pem key into TPM
Duplicate tool - Takes RSA private key in pem format as input and generates TPM structured buffers as expected by tpm Import Import tool - Takes input buffers from Duplicate tool and results in pub/priv blobs which can be used to load the key in tpm storage heirarchy's as child to primary key Change-Id: I0af6676895ce0cc22c70e5546908e905b78bb71e Issue-ID: AAF-207 Signed-off-by: Arun kumar Sekar <arunkumarsit@gmail.com>
Diffstat (limited to 'tpm-util/duplicate/main.c')
-rw-r--r--tpm-util/duplicate/main.c281
1 files changed, 281 insertions, 0 deletions
diff --git a/tpm-util/duplicate/main.c b/tpm-util/duplicate/main.c
new file mode 100644
index 0000000..662b984
--- /dev/null
+++ b/tpm-util/duplicate/main.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2018 Intel Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+// main.c : Tool to import Openssl RSA key into TPM. Generates TPM duplication data
+// Author: Arun Kumar Sekar
+//
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/pem.h>
+
+#include <pthread.h>
+
+#include <sapi/tpm20.h>
+#include <tcti/tcti_socket.h>
+
+#include "tpm_duplication_aux.h"
+#include "util.h"
+
+
+void PrintHelp();
+char version[] = "0.1";
+
+void PrintHelp()
+{
+ printf(
+ "OSSL key to tpm import tool, Version %s\nUsage:"
+ "./ossl_tpm_duplicate [-pemfile InputPemFile] [-pempwd inputPemPwd (optional)] [-parentPub inputParentPubFile]"
+ "[-dupPub out_dupPubFile] [-dupPriv out_dupPrivFile] [-dupSymSeed out_dupSymSeedFile] [-dupEncKey out_dupEncKeyFile] \n"
+ "\n"
+ , version);
+}
+
+static TPM_RC convert_PEM_To_EVP(EVP_PKEY **evpPkey, /* freed by caller */
+ const char *pem_Filename,
+ const char *pem_pwd)
+{
+ TPM_RC rc = 0;
+ FILE *fp_pemfile = NULL;
+
+ if (rc == 0)
+ {
+ fp_pemfile = fopen(pem_Filename, "rb"); /* closed @2 */
+ if(fp_pemfile == NULL) {
+ rc = EXIT_FAILURE;
+ }
+ }
+
+ if (rc == 0)
+ {
+ *evpPkey = PEM_read_PrivateKey(fp_pemfile, NULL, NULL, (void *)pem_pwd);
+ if (*evpPkey == NULL)
+ {
+ printf("convert_PEM_To_EVP: Error reading key file %s\n", pem_Filename);
+ rc = EXIT_FAILURE;
+ }
+ printf("PEM_read_PrivateKey success for file: %s \n", pem_Filename);
+ }
+
+end:
+ if (fp_pemfile != NULL)
+ {
+ fclose(fp_pemfile);
+ }
+
+ return rc;
+}
+
+static TPM_RC convert_EVP_to_RSA(RSA **rsaKey, /* freed by caller */
+ EVP_PKEY *evpPkey)
+{
+ TPM_RC rc = 0;
+
+ if (rc == 0)
+ {
+ *rsaKey = EVP_PKEY_get1_RSA(evpPkey);
+ if (*rsaKey == NULL)
+ {
+ printf("convert_EVP_to_RSA: EVP_PKEY_get1_RSA failed\n");
+ rc = EXIT_FAILURE;
+ }
+ printf("convert_EVP_to_RSA success! \n");
+ }
+
+ return rc;
+}
+
+
+int main(int argc, char* argv[])
+{
+ TPM_RC rval = 0;
+ int count=0;
+
+ char pem_Filename[256];
+ int pemfile_flag = 0;
+ const char *pem_pwd = ""; /* default empty password */
+ int pempwd_flag = 0;
+
+ // SW Key Duplicate I/P variables
+ char parent_pub_Filename[256];
+ int parent_pub_flag = 0;
+
+ // SW Key Duplicate O/P variables
+ char dupPub_Filename[256];
+ int dupPub_flag = 0;
+ char dupPriv_Filename[256];
+ int dupPriv_flag = 0;
+ char dupSymSeed_Filename[256];
+ int dupSymSeed_flag = 0;
+ char dupEncKey_Filename[256];
+ int dupEncKey_flag = 0;
+ TPM2B_DATA encryptionKey;
+ TPM2B_PUBLIC swKeyPublic;
+ TPM2B_PRIVATE swKeyPrivate;
+ TPM2B_ENCRYPTED_SECRET encSymSeed;
+ unsigned short file_size = 0;
+ UINT8 policyDigest[32] = {0};
+ UINT32 digestSize = 0;
+
+ TPM2B_PUBLIC parentKeyPublicPortion;
+ int pubKeysize = 0;
+
+ // RSA key structures
+ EVP_PKEY *evpPkey = NULL;
+ RSA *rsaKey = NULL;
+
+ setbuf(stdout, NULL);
+ setvbuf (stdout, NULL, _IONBF, BUFSIZ);
+ if( (argc < 2) )
+ {
+ printf("Arguments count does not match \n");
+ PrintHelp();
+ return 1;
+ }
+ else
+ {
+ /* Get the argument values and evaluate it */
+ for( count = 1; count < argc; count++ )
+ {
+ if( 0 == strcmp( argv[count], "-pemfile" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", pem_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ pemfile_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-pempwd" ) ) {
+ count++;
+ pem_pwd = argv[count];
+ pempwd_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-parentPub" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", parent_pub_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ parent_pub_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-dupPub" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", dupPub_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ dupPub_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-dupPriv" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", dupPriv_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ dupPriv_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-dupSymSeed" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", dupSymSeed_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ dupSymSeed_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "-dupEncKey" ) ) {
+ count++;
+ if( (1 != sscanf( argv[count], "%s", dupEncKey_Filename )) )
+ {
+ PrintHelp();
+ return 1;
+ }
+ dupEncKey_flag = 1;
+ }
+ else if( 0 == strcmp( argv[count], "--help" ) ) {
+ PrintHelp();
+ exit(1);
+ }
+ else {
+ PrintHelp();
+ exit(1);
+ }
+ }
+ }
+
+ // For Duplicate functionality, check all input params are present
+ if( (!pemfile_flag) ||
+ (!parent_pub_flag) ||
+ (!dupPub_flag) ||
+ (!dupPriv_flag) ||
+ (!dupSymSeed_flag) ||
+ (!dupEncKey_flag)
+ )
+ {
+ printf("Error: One or more Inputs for Duplicate are not passed as input \n");
+ return -1;
+ }
+
+ printf("Input PEM file name: %s \n", pem_Filename);
+
+ if (rval == 0) {
+ rval = convert_PEM_To_EVP(&evpPkey, pem_Filename, pem_pwd);
+ }
+ if (rval == 0) {
+ rval = convert_EVP_to_RSA(&rsaKey, evpPkey);
+ }
+
+ if ( rval == 0 ) {
+ file_size = sizeof(TPM2B_PUBLIC);
+ rval = loadDataFromFile(parent_pub_Filename, (UINT8 *) &parentKeyPublicPortion, &file_size);
+ }
+
+ /* SW key duplicate operation started */
+ if ( rval == 0 ) {
+ rval = swKeyDuplicate(rsaKey, &parentKeyPublicPortion, policyDigest, digestSize,
+ &encryptionKey, &swKeyPublic, &swKeyPrivate, &encSymSeed);
+ if(rval != 0) {
+ printf("\nswKeyDuplicate failed: 0x%x ! \n", rval);
+ goto end;
+ }
+ else {
+ printf("\nswKeyDuplicate success: 0x%x ! \n", rval);
+ rval = saveDataToFile(dupPub_Filename, (UINT8 *) &swKeyPublic, sizeof(TPM2B_PUBLIC));
+ rval = saveDataToFile(dupPriv_Filename, (UINT8 *) &swKeyPrivate, sizeof(TPM2B_PRIVATE));
+ rval = saveDataToFile(dupSymSeed_Filename, (UINT8 *) &encSymSeed, sizeof(TPM2B_ENCRYPTED_SECRET));
+ rval = saveDataToFile(dupEncKey_Filename, (UINT8 *) &encryptionKey, sizeof(TPM2B_DATA));
+ printf("\nOutput files are written successfully ! \n");
+ }
+ }
+
+end:
+ if (rsaKey != NULL) {
+ RSA_free(rsaKey);
+ }
+ if (evpPkey != NULL) {
+ EVP_PKEY_free(evpPkey);
+ }
+
+ return rval;
+}
+