diff options
Diffstat (limited to 'tpm-util/duplicate/main.c')
-rw-r--r-- | tpm-util/duplicate/main.c | 281 |
1 files changed, 281 insertions, 0 deletions
diff --git a/tpm-util/duplicate/main.c b/tpm-util/duplicate/main.c new file mode 100644 index 0000000..662b984 --- /dev/null +++ b/tpm-util/duplicate/main.c @@ -0,0 +1,281 @@ +/* + * Copyright 2018 Intel Corporation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// main.c : Tool to import Openssl RSA key into TPM. Generates TPM duplication data +// Author: Arun Kumar Sekar +// + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <openssl/pem.h> + +#include <pthread.h> + +#include <sapi/tpm20.h> +#include <tcti/tcti_socket.h> + +#include "tpm_duplication_aux.h" +#include "util.h" + + +void PrintHelp(); +char version[] = "0.1"; + +void PrintHelp() +{ + printf( + "OSSL key to tpm import tool, Version %s\nUsage:" + "./ossl_tpm_duplicate [-pemfile InputPemFile] [-pempwd inputPemPwd (optional)] [-parentPub inputParentPubFile]" + "[-dupPub out_dupPubFile] [-dupPriv out_dupPrivFile] [-dupSymSeed out_dupSymSeedFile] [-dupEncKey out_dupEncKeyFile] \n" + "\n" + , version); +} + +static TPM_RC convert_PEM_To_EVP(EVP_PKEY **evpPkey, /* freed by caller */ + const char *pem_Filename, + const char *pem_pwd) +{ + TPM_RC rc = 0; + FILE *fp_pemfile = NULL; + + if (rc == 0) + { + fp_pemfile = fopen(pem_Filename, "rb"); /* closed @2 */ + if(fp_pemfile == NULL) { + rc = EXIT_FAILURE; + } + } + + if (rc == 0) + { + *evpPkey = PEM_read_PrivateKey(fp_pemfile, NULL, NULL, (void *)pem_pwd); + if (*evpPkey == NULL) + { + printf("convert_PEM_To_EVP: Error reading key file %s\n", pem_Filename); + rc = EXIT_FAILURE; + } + printf("PEM_read_PrivateKey success for file: %s \n", pem_Filename); + } + +end: + if (fp_pemfile != NULL) + { + fclose(fp_pemfile); + } + + return rc; +} + +static TPM_RC convert_EVP_to_RSA(RSA **rsaKey, /* freed by caller */ + EVP_PKEY *evpPkey) +{ + TPM_RC rc = 0; + + if (rc == 0) + { + *rsaKey = EVP_PKEY_get1_RSA(evpPkey); + if (*rsaKey == NULL) + { + printf("convert_EVP_to_RSA: EVP_PKEY_get1_RSA failed\n"); + rc = EXIT_FAILURE; + } + printf("convert_EVP_to_RSA success! \n"); + } + + return rc; +} + + +int main(int argc, char* argv[]) +{ + TPM_RC rval = 0; + int count=0; + + char pem_Filename[256]; + int pemfile_flag = 0; + const char *pem_pwd = ""; /* default empty password */ + int pempwd_flag = 0; + + // SW Key Duplicate I/P variables + char parent_pub_Filename[256]; + int parent_pub_flag = 0; + + // SW Key Duplicate O/P variables + char dupPub_Filename[256]; + int dupPub_flag = 0; + char dupPriv_Filename[256]; + int dupPriv_flag = 0; + char dupSymSeed_Filename[256]; + int dupSymSeed_flag = 0; + char dupEncKey_Filename[256]; + int dupEncKey_flag = 0; + TPM2B_DATA encryptionKey; + TPM2B_PUBLIC swKeyPublic; + TPM2B_PRIVATE swKeyPrivate; + TPM2B_ENCRYPTED_SECRET encSymSeed; + unsigned short file_size = 0; + UINT8 policyDigest[32] = {0}; + UINT32 digestSize = 0; + + TPM2B_PUBLIC parentKeyPublicPortion; + int pubKeysize = 0; + + // RSA key structures + EVP_PKEY *evpPkey = NULL; + RSA *rsaKey = NULL; + + setbuf(stdout, NULL); + setvbuf (stdout, NULL, _IONBF, BUFSIZ); + if( (argc < 2) ) + { + printf("Arguments count does not match \n"); + PrintHelp(); + return 1; + } + else + { + /* Get the argument values and evaluate it */ + for( count = 1; count < argc; count++ ) + { + if( 0 == strcmp( argv[count], "-pemfile" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", pem_Filename )) ) + { + PrintHelp(); + return 1; + } + pemfile_flag = 1; + } + else if( 0 == strcmp( argv[count], "-pempwd" ) ) { + count++; + pem_pwd = argv[count]; + pempwd_flag = 1; + } + else if( 0 == strcmp( argv[count], "-parentPub" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", parent_pub_Filename )) ) + { + PrintHelp(); + return 1; + } + parent_pub_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupPub" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupPub_Filename )) ) + { + PrintHelp(); + return 1; + } + dupPub_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupPriv" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupPriv_Filename )) ) + { + PrintHelp(); + return 1; + } + dupPriv_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupSymSeed" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupSymSeed_Filename )) ) + { + PrintHelp(); + return 1; + } + dupSymSeed_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupEncKey" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupEncKey_Filename )) ) + { + PrintHelp(); + return 1; + } + dupEncKey_flag = 1; + } + else if( 0 == strcmp( argv[count], "--help" ) ) { + PrintHelp(); + exit(1); + } + else { + PrintHelp(); + exit(1); + } + } + } + + // For Duplicate functionality, check all input params are present + if( (!pemfile_flag) || + (!parent_pub_flag) || + (!dupPub_flag) || + (!dupPriv_flag) || + (!dupSymSeed_flag) || + (!dupEncKey_flag) + ) + { + printf("Error: One or more Inputs for Duplicate are not passed as input \n"); + return -1; + } + + printf("Input PEM file name: %s \n", pem_Filename); + + if (rval == 0) { + rval = convert_PEM_To_EVP(&evpPkey, pem_Filename, pem_pwd); + } + if (rval == 0) { + rval = convert_EVP_to_RSA(&rsaKey, evpPkey); + } + + if ( rval == 0 ) { + file_size = sizeof(TPM2B_PUBLIC); + rval = loadDataFromFile(parent_pub_Filename, (UINT8 *) &parentKeyPublicPortion, &file_size); + } + + /* SW key duplicate operation started */ + if ( rval == 0 ) { + rval = swKeyDuplicate(rsaKey, &parentKeyPublicPortion, policyDigest, digestSize, + &encryptionKey, &swKeyPublic, &swKeyPrivate, &encSymSeed); + if(rval != 0) { + printf("\nswKeyDuplicate failed: 0x%x ! \n", rval); + goto end; + } + else { + printf("\nswKeyDuplicate success: 0x%x ! \n", rval); + rval = saveDataToFile(dupPub_Filename, (UINT8 *) &swKeyPublic, sizeof(TPM2B_PUBLIC)); + rval = saveDataToFile(dupPriv_Filename, (UINT8 *) &swKeyPrivate, sizeof(TPM2B_PRIVATE)); + rval = saveDataToFile(dupSymSeed_Filename, (UINT8 *) &encSymSeed, sizeof(TPM2B_ENCRYPTED_SECRET)); + rval = saveDataToFile(dupEncKey_Filename, (UINT8 *) &encryptionKey, sizeof(TPM2B_DATA)); + printf("\nOutput files are written successfully ! \n"); + } + } + +end: + if (rsaKey != NULL) { + RSA_free(rsaKey); + } + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); + } + + return rval; +} + |