OpenBMC/meta-security/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch

Upstream-Status: Pending

commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
Date:   Wed Jun 19 18:57:13 2013 +0800

support well-known password in openssl-tpm-engine.

Add "-z" option to select well known password in create_tpm_key tool.

Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>

Index: git/src/create_tpm_key.c
===================================================================
--- git.orig/src/create_tpm_key.c
+++ git/src/create_tpm_key.c
@@ -48,6 +48,8 @@
 
 #include "ssl_compat.h"
 
+#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
+
 #define print_error(a,b) \
 	fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
 		a, b, Trspi_Error_String(b))
@@ -72,6 +74,7 @@ usage(char *argv0)
 		"\t\t-e|--enc-scheme  encryption scheme to use [PKCSV15] or OAEP\n"
 		"\t\t-q|--sig-scheme  signature scheme to use [DER] or SHA1\n"
 		"\t\t-s|--key-size    key size in bits [2048]\n"
+		"\t\t-z|--zerokey     use well known 20 bytes zero as SRK password.\n"
 		"\t\t-a|--auth        require a password for the key [NO]\n"
 		"\t\t-p|--popup       use TSS GUI popup dialogs to get the password "
 		"for the\n\t\t\t\t key [NO] (implies --auth)\n"
@@ -154,6 +157,7 @@ int main(int argc, char **argv)
 	int		asn1_len;
 	char		*filename, c, *openssl_key = NULL;
 	int		option_index, auth = 0, popup = 0, wrap = 0;
+	int		wellknownkey = 0;
 	UINT32		enc_scheme = TSS_ES_RSAESPKCSV15;
 	UINT32		sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
 	UINT32		key_size = 2048;
@@ -161,12 +165,15 @@ int main(int argc, char **argv)
 
 	while (1) {
 		option_index = 0;
-		c = getopt_long(argc, argv, "pe:q:s:ahw:",
+		c = getopt_long(argc, argv, "pe:q:s:zahw:",
 				long_options, &option_index);
 		if (c == -1)
 			break;
 
 		switch (c) {
+			case 'z':
+				wellknownkey = 1;
+				break;
 			case 'a':
 				initFlags |= TSS_KEY_AUTHORIZATION;
 				auth = 1;
@@ -300,6 +307,8 @@ int main(int argc, char **argv)
 
 	if (srk_authusage) {
 		char *authdata = calloc(1, 128);
+		TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
+		int authlen = 0;
 
 		if (!authdata) {
 			fprintf(stderr, "malloc failed.\n");
@@ -316,17 +325,26 @@ int main(int argc, char **argv)
 			exit(result);
 		}
 
-		if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
-			Tspi_Context_CloseObject(hContext, hKey);
-			Tspi_Context_Close(hContext);
-			free(authdata);
-			exit(result);
+		if (wellknownkey) {
+			memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
+			secretMode = TSS_SECRET_MODE_SHA1;
+			authlen = TPM_WELL_KNOWN_KEY_LEN;
+		}
+		else {
+			if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
+				Tspi_Context_CloseObject(hContext, hKey);
+				Tspi_Context_Close(hContext);
+				free(authdata);
+				exit(result);
+			}
+			secretMode = TSS_SECRET_MODE_PLAIN;
+			authlen = strlen(authdata);
 		}
 
 		//Set Secret
 		if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
-						    TSS_SECRET_MODE_PLAIN,
-						    strlen(authdata),
+						    secretMode,
+						    authlen,
 						    (BYTE *)authdata))) {
 			print_error("Tspi_Policy_SetSecret", result);
 			free(authdata);