From 2ac563372735668ac9687c57e35e39c3e4553ff0 Mon Sep 17 00:00:00 2001 From: Arun kumar Sekar Date: Fri, 30 Mar 2018 11:20:30 -0700 Subject: Utility to Import external RSA pem key into TPM Duplicate tool - Takes RSA private key in pem format as input and generates TPM structured buffers as expected by tpm Import Import tool - Takes input buffers from Duplicate tool and results in pub/priv blobs which can be used to load the key in tpm storage heirarchy's as child to primary key Change-Id: I0af6676895ce0cc22c70e5546908e905b78bb71e Issue-ID: AAF-207 Signed-off-by: Arun kumar Sekar --- tpm-util/import/main.c | 244 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 tpm-util/import/main.c (limited to 'tpm-util/import/main.c') diff --git a/tpm-util/import/main.c b/tpm-util/import/main.c new file mode 100644 index 0000000..c498f6c --- /dev/null +++ b/tpm-util/import/main.c @@ -0,0 +1,244 @@ +/* + * Copyright 2018 Intel Corporation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// main.c : Tool to import Openssl RSA key into TPM +// Author: Arun Kumar Sekar +// + +#include +#include +#include +#include + +#include + +#include "tpm_wrapper.h" +#include "util.h" + +char* tpm_pwd = ""; +int tpm_pwd_len = 0; + +void PrintHelp(); +char version[] = "0.1"; + +void PrintHelp() +{ + printf( + "OSSL key to tpm import tool, Version %s\nUsage:" + "./ossl_tpm_import " + "[-dupPub out_dupPubFile] [-dupPriv out_dupPrivFile] [-dupSymSeed out_dupSymSeedFile] [-dupEncKey out_dupEncKeyFile]" + "[-pub out_keyPub] [-priv out_KeyPriv]\n" + "\n" + , version); +} + +int main(int argc, char* argv[]) +{ + TPM_RC rval = 0; + int count=0; + TSS2_TCTI_CONTEXT *tcti_ctx = 0; + TSS2_SYS_CONTEXT *sysContext = 0; + + // SW Key Duplicate O/P variables + char dupPub_Filename[256]; + int dupPub_flag = 0; + char dupPriv_Filename[256]; + int dupPriv_flag = 0; + char dupSymSeed_Filename[256]; + int dupSymSeed_flag = 0; + char dupEncKey_Filename[256]; + int dupEncKey_flag = 0; + TPM2B_DATA encryptionKey; + TPM2B_PUBLIC swKeyPublic; + TPM2B_PRIVATE swKeyPrivate; + TPM2B_ENCRYPTED_SECRET encSymSeed; + + // SW Key Import O/P variables + char pub_Filename[256]; + int pub_flag = 0; + char priv_Filename[256]; + int priv_flag = 0; + unsigned short file_size = 0; + + TPM_HANDLE primaryKeyHandle = 0; + int H_flag = 0; + + TPM2B_PUBLIC parentKeyPublicPortion; + int pubKeysize = 0; + + setbuf(stdout, NULL); + setvbuf (stdout, NULL, _IONBF, BUFSIZ); + if( (argc < 2) ) + { + printf("Arguments count does not match \n"); + PrintHelp(); + return 1; + } + else + { + /* Get the argument values and evaluate it */ + for( count = 1; count < argc; count++ ) + { + if( 0 == strcmp( argv[count], "-dupPub" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupPub_Filename )) ) + { + PrintHelp(); + return 1; + } + dupPub_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupPriv" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupPriv_Filename )) ) + { + PrintHelp(); + return 1; + } + dupPriv_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupSymSeed" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupSymSeed_Filename )) ) + { + PrintHelp(); + return 1; + } + dupSymSeed_flag = 1; + } + else if( 0 == strcmp( argv[count], "-dupEncKey" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", dupEncKey_Filename )) ) + { + PrintHelp(); + return 1; + } + dupEncKey_flag = 1; + } + else if( 0 == strcmp( argv[count], "-pub" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", pub_Filename )) ) + { + PrintHelp(); + return 1; + } + pub_flag = 1; + } + else if( 0 == strcmp( argv[count], "-priv" ) ) { + count++; + if( (1 != sscanf( argv[count], "%s", priv_Filename )) ) + { + PrintHelp(); + return 1; + } + priv_flag = 1; + } + else if( 0 == strcmp( argv[count], "-H" ) ) { + count++; + primaryKeyHandle = strtoul(argv[count], NULL, 16); + printf("Primary Key handle Given: 0x%x \n", primaryKeyHandle); + H_flag = 1; + } + else if( 0 == strcmp( argv[count], "--help" ) ) { + PrintHelp(); + exit(1); + } + else { + PrintHelp(); + exit(1); + } + } + } + + if((!H_flag)) { + printf("Parent handle should be passed for TPM import operation \n"); + return -1; + } + + // For TPM Import functionality, check all input params are present + if( (!dupPub_flag) || + (!dupPriv_flag) || + (!dupSymSeed_flag) || + (!dupEncKey_flag) || + (!pub_flag) || + (!priv_flag) + ) { + printf("Error: One or more Inputs for TPM import functionality is missing ! \n"); + return -1; + } + + /* SW Key TPM Import operation started */ + if(rval == 0) { + file_size = sizeof(TPM2B_PUBLIC); + rval = loadDataFromFile(dupPub_Filename, (UINT8 *) &swKeyPublic, &file_size); + if ( rval == 0 ) { + file_size = sizeof(TPM2B_PRIVATE); + rval = loadDataFromFile(dupPriv_Filename, (UINT8 *) &swKeyPrivate, &file_size); + } + if ( rval == 0 ) { + file_size = sizeof(TPM2B_ENCRYPTED_SECRET); + rval = loadDataFromFile(dupSymSeed_Filename, (UINT8 *) &encSymSeed, &file_size); + } + if ( rval == 0 ) { + file_size = sizeof(TPM2B_DATA); + rval = loadDataFromFile(dupEncKey_Filename, (UINT8 *) &encryptionKey, &file_size); + } + + if ( rval == 0 ) { + /* Initialize TCTI and sapi context */ + tcti_ctx = tpm_tcti_tabrmd_init(); + if(tcti_ctx == NULL) { + printf("Creation of TCTI context with TABRMD failed ! \n"); + goto end; + } + + sysContext = sys_ctx_init(tcti_ctx); + if(sysContext == NULL) { + printf("Creation of SAPI context with TABRMD failed ! \n"); + goto end; + } + printf("\nInitializing TPM context success: 0x%x ! \n", rval); + } + + TPM2B_PRIVATE importPrivate; + INIT_SIMPLE_TPM2B_SIZE(importPrivate); + rval = swKeyTpmImport(sysContext, primaryKeyHandle, + &encryptionKey, &swKeyPublic, &swKeyPrivate, &encSymSeed, + tpm_pwd, tpm_pwd_len, + &importPrivate); + if(rval != 0) { + printf("\nswKeyTpmImport failed: 0x%x ! \n", rval); + goto end; + } + else { + printf("\nswKeyImport success: 0x%x ! \n", rval); + saveDataToFile(pub_Filename, (UINT8 *) &swKeyPublic, sizeof(TPM2B_PUBLIC)); + saveDataToFile(priv_Filename, (UINT8 *) &importPrivate, sizeof(TPM2B_PRIVATE)); + printf("\nOutput files are written successfully ! \n"); + } + } + +end: + if(sysContext) { + TeardownSysContext(&sysContext); + } + if(tcti_ctx) { + TeardownTctiContext(tcti_ctx); + } + + return rval; +} + -- cgit 1.2.3-korg