Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / helper / tpm_getek.c
blob: 21be0f46c28cfabdd0f6cba5e01121343171e2dc [file] [log] [blame]
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <inttypes.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include "tss2_sys.h"
#include "tss2_mu.h"
#define LOGMODULE test
#include "util/log.h"
#include "test-options.h"
#include "context-util.h"
int
main (int argc, char *argv[])
{
TSS2_RC rc;
TSS2_SYS_CONTEXT *sys_context;
TSS2L_SYS_AUTH_COMMAND auth_cmd = {
.auths = {{ .sessionHandle = TPM2_RS_PW }},
.count = 1
};
TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
TPM2B_PUBLIC in_public = {
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA256,
.objectAttributes = (
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN |
TPMA_OBJECT_ADMINWITHPOLICY |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_DECRYPT
),
.authPolicy = {
.size = 32,
.buffer = 0x83, 0x71, 0x97, 0x67, 0x44, 0x84,
0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D,
0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52,
0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14,
0x69, 0xAA,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_AES,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB,
},
.scheme = {
.scheme = TPM2_ALG_NULL,
},
.keyBits = 2048,
.exponent = 0,
},
.unique.rsa = {
.size = 256,
.buffer = {0},
}
}
};
TPML_PCR_SELECTION creation_pcr = { 0 };
TPM2_HANDLE handle;
TPM2B_PUBLIC out_public = { 0 };
TSS2L_SYS_AUTH_RESPONSE auth_rsp = {
.count = 0
};
test_opts_t opts = {
.tcti_type = TCTI_DEFAULT,
.device_file = DEVICE_PATH_DEFAULT,
.socket_address = HOSTNAME_DEFAULT,
.socket_port = PORT_DEFAULT,
};
get_test_opts_from_env (&opts);
if (sanity_check_test_opts (&opts) != 0)
exit (1);
sys_context = sys_init_from_opts (&opts);
if (sys_context == NULL)
exit (1);
/* Generate the EK key */
rc = Tss2_Sys_CreatePrimary(sys_context, TPM2_RH_ENDORSEMENT, &auth_cmd,
&in_sensitive, &in_public, NULL, &creation_pcr,
&handle, &out_public, NULL, NULL, NULL, NULL, &auth_rsp);
if (rc != TSS2_RC_SUCCESS) {
LOG_ERROR("TPM CreatePrimary FAILED: 0x%"PRIx32, rc);
exit(1);
}
rc = Tss2_Sys_FlushContext(sys_context, handle);
if (rc != TSS2_RC_SUCCESS) {
LOG_ERROR("TPM FlushContext FAILED: 0x%"PRIx32, rc);
exit(1);
}
sys_teardown_full (sys_context);
/* Convert the key from out_public to PEM */
EVP_PKEY *evp = EVP_PKEY_new();
BIO *bio;
FILE *out = NULL;
if (argc == 2) {
out = fopen(argv[1], "w");
if (!out) {
LOG_ERROR("Can not open file %s", argv[1]);
exit(1);
}
bio = BIO_new_fp(out, BIO_NOCLOSE);
}
else
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
BIGNUM *d = BN_new();
BIGNUM *p = BN_new();
BIGNUM *q = BN_new();
BIGNUM *dmp1 = BN_new();
BIGNUM *dmq1 = BN_new();
BIGNUM *iqmp = BN_new();
BIGNUM *n = BN_bin2bn(out_public.publicArea.unique.rsa.buffer,
out_public.publicArea.unique.rsa.size, NULL);
BN_set_word(d, 0);
BN_set_word(p, 0);
BN_set_word(q, 0);
BN_set_word(dmp1, 0);
BN_set_word(dmq1, 0);
BN_set_word(iqmp, 0);
uint32_t exp;
if (out_public.publicArea.parameters.rsaDetail.exponent == 0)
exp = 65537;
else
exp = out_public.publicArea.parameters.rsaDetail.exponent;
BN_set_word(e, exp);
#if OPENSSL_VERSION_NUMBER < 0x10100000
rsa->e = e;
rsa->n = n;
rsa->d = d;
rsa->p = p;
rsa->q = q;
rsa->dmp1 = dmp1;
rsa->dmq1 = dmq1;
rsa->iqmp = iqmp;
#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
RSA_set0_key(rsa, n, e, d);
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
EVP_PKEY_assign_RSA(evp, rsa);
if (!PEM_write_bio_PUBKEY(bio, evp)) {
LOG_ERROR("PEM_write failed");
exit(1);
}
EVP_PKEY_free(evp);
BIO_free(bio);
fclose(out);
return 0;
}