[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-12-g6299e59
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-12-g6299e59 |
|
Date: |
Sun, 08 Jul 2012 20:24:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6299e590874b88364206f61d00cc08a256c57df4
The branch, master has been updated
via 6299e590874b88364206f61d00cc08a256c57df4 (commit)
via 2ac9fcb1bbe1bb23b24ff3bb443292d3569b6d80 (commit)
via efa1b86e42f95d451c86fddd297c41925c6778c5 (commit)
from 60a19bacc312dc7190c65ef449505abbb09a947a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6299e590874b88364206f61d00cc08a256c57df4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jul 8 22:24:33 2012 +0200
Common handling of error codes.
commit 2ac9fcb1bbe1bb23b24ff3bb443292d3569b6d80
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jul 8 21:39:31 2012 +0200
combined TPM initialization.
commit efa1b86e42f95d451c86fddd297c41925c6778c5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jul 8 21:04:23 2012 +0200
TPM key generation allows for arbitrary RSA key bits, but quantizes them to
the minimum allowed value that is larger than input.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_errors.c | 2 +
lib/includes/gnutls/gnutls.h.in | 1 +
lib/tpm.c | 419 +++++++++++++++------------------------
src/tpmtool-args.c | 98 ++++++----
src/tpmtool-args.def | 10 +-
src/tpmtool-args.h | 16 +-
src/tpmtool.c | 7 +-
7 files changed, 252 insertions(+), 301 deletions(-)
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 83e78db..19f824b 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -288,6 +288,8 @@ static const gnutls_error_entry error_algorithms[] = {
ERROR_ENTRY (N_("TPM error."),
GNUTLS_E_TPM_ERROR, 1),
+ ERROR_ENTRY (N_("Cannot initialize a session with the TPM."),
+ GNUTLS_E_TPM_SESSION_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 error."),
GNUTLS_E_PKCS11_ERROR, 1),
ERROR_ENTRY (N_("PKCS #11 initialization error."),
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 35c9367..21363f3 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1917,6 +1917,7 @@ int gnutls_load_file(const char* filename, gnutls_datum_t
* data);
#define GNUTLS_E_TPM_ERROR -329
#define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
#define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
+#define GNUTLS_E_TPM_SESSION_ERROR -332
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/lib/tpm.c b/lib/tpm.c
index c6f37a8..f50b818 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -40,27 +40,44 @@
#include <trousers/tss.h>
#include <trousers/trousers.h>
-/* Signing function for TPM privkeys, set with gnutls_privkey_import_ext() */
-
+/* Signing function for TPM privkeys, set with gnutls_privkey_import_ext2() */
struct tpm_ctx_st
{
- TSS_HCONTEXT tpm_context;
+ TSS_HCONTEXT tpm_ctx;
TSS_HKEY tpm_key;
TSS_HPOLICY tpm_key_policy;
TSS_HKEY srk;
TSS_HPOLICY srk_policy;
};
+static void tpm_close_session(struct tpm_ctx_st *s);
+
+static int tss_err(TSS_RESULT err)
+{
+ _gnutls_debug_log("TPM error: %s (%x)\n", Trspi_Error_String(err), (unsigned
int)Trspi_Error_Code(err));
+ switch(Trspi_Error_Code(err))
+ {
+ case TSS_E_COMM_FAILURE:
+ case TSS_E_NO_CONNECTION:
+ case TSS_E_CONNECTION_FAILED:
+ case TSS_E_CONNECTION_BROKEN:
+ return GNUTLS_E_TPM_SESSION_ERROR;
+ case TPM_E_AUTHFAIL:
+ return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
+ default:
+ return GNUTLS_E_TPM_ERROR;
+ }
+}
+
static void
tpm_deinit_fn (gnutls_privkey_t key, void *_s)
{
struct tpm_ctx_st *s = _s;
- Tspi_Context_CloseObject (s->tpm_context, s->tpm_key_policy);
- Tspi_Context_CloseObject (s->tpm_context, s->tpm_key);
- Tspi_Context_CloseObject (s->tpm_context, s->srk_policy);
- Tspi_Context_CloseObject (s->tpm_context, s->srk);
- Tspi_Context_Close (s->tpm_context);
+ Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
+ Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
+
+ tpm_close_session(s);
gnutls_free (s);
}
@@ -76,7 +93,7 @@ tpm_sign_fn (gnutls_privkey_t key, void *_s,
data->size);
err =
- Tspi_Context_CreateObject (s->tpm_context,
+ Tspi_Context_CreateObject (s->tpm_ctx,
TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
&hash);
if (err)
@@ -92,11 +109,11 @@ tpm_sign_fn (gnutls_privkey_t key, void *_s,
gnutls_assert ();
_gnutls_debug_log ("Failed to set value in TPM hash object: %s\n",
Trspi_Error_String (err));
- Tspi_Context_CloseObject (s->tpm_context, hash);
+ Tspi_Context_CloseObject (s->tpm_ctx, hash);
return GNUTLS_E_PK_SIGN_FAILED;
}
err = Tspi_Hash_Sign (hash, s->tpm_key, &sig->size, &sig->data);
- Tspi_Context_CloseObject (s->tpm_context, hash);
+ Tspi_Context_CloseObject (s->tpm_ctx, hash);
if (err)
{
if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
@@ -113,6 +130,86 @@ tpm_sign_fn (gnutls_privkey_t key, void *_s,
static const unsigned char nullpass[20];
const TSS_UUID srk_uuid = TSS_UUID_SRK;
+
+static int tpm_open_session(struct tpm_ctx_st *s, const char* srk_password)
+{
+int err, ret;
+
+ err = Tspi_Context_Create (&s->tpm_ctx);
+ if (err)
+ {
+ gnutls_assert ();
+ return tss_err(err);
+ }
+
+ err = Tspi_Context_Connect (s->tpm_ctx, NULL);
+ if (err)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err =
+ Tspi_Context_LoadKeyByUUID (s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
+ srk_uuid, &s->srk);
+ if (err)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err = Tspi_GetPolicyObject (s->srk, TSS_POLICY_USAGE, &s->srk_policy);
+ if (err)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_srk;
+ }
+
+ if (srk_password)
+ err = Tspi_Policy_SetSecret (s->srk_policy,
+ TSS_SECRET_MODE_PLAIN,
+ strlen (srk_password), (BYTE *) srk_password);
+ else /* Well-known NULL key */
+ err = Tspi_Policy_SetSecret (s->srk_policy,
+ TSS_SECRET_MODE_SHA1,
+ sizeof (nullpass), (BYTE *) nullpass);
+ if (err)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Failed to set TPM PIN: %s\n",
+ Trspi_Error_String (err));
+ ret = tss_err(err);
+ goto out_srkpol;
+ }
+
+ return 0;
+
+out_srkpol:
+ Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+out_srk:
+ Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
+ s->srk = 0;
+out_tspi_ctx:
+ Tspi_Context_Close (s->tpm_ctx);
+ s->tpm_ctx = 0;
+ return ret;
+
+}
+
+static void tpm_close_session(struct tpm_ctx_st *s)
+{
+ Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+ Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
+ s->srk = 0;
+ Tspi_Context_Close (s->tpm_ctx);
+ s->tpm_ctx = 0;
+}
+
/**
* gnutls_privkey_import_tpm_raw:
* @pkey: The private key
@@ -122,9 +219,9 @@ const TSS_UUID srk_uuid = TSS_UUID_SRK;
* @key_password: A password for the key (optional)
*
* This function will import the given private key to the abstract
- * #gnutls_privkey_t structure. If a password is needed to decrypt
- * the provided key or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned. If the TPM password
+ * #gnutls_privkey_t structure. If a password is needed to access
+ * TPM then or the provided password is wrong, then
+ * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned. If the key password
* is wrong or not provided then %GNUTLS_E_TPM_KEY_PASSWORD_ERROR
* is returned.
*
@@ -173,65 +270,15 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
goto out_blob;
}
- err = Tspi_Context_Create (&s->tpm_context);
- if (err)
+ ret = tpm_open_session(s, srk_password);
+ if (ret < 0)
{
- gnutls_assert ();
- _gnutls_debug_log ("Failed to create TPM context: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
+ gnutls_assert();
goto out_ctx;
}
- err = Tspi_Context_Connect (s->tpm_context, NULL);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to connect TPM context: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_tspi_ctx;
- }
- err =
- Tspi_Context_LoadKeyByUUID (s->tpm_context, TSS_PS_TYPE_SYSTEM,
- srk_uuid, &s->srk);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Failed to load TPM SRK key: %s\n", Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_tspi_ctx;
- }
- err = Tspi_GetPolicyObject (s->srk, TSS_POLICY_USAGE, &s->srk_policy);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to load TPM SRK policy object: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srk;
- }
-
- /* We don't seem to get the error here... */
- if (srk_password)
- err = Tspi_Policy_SetSecret (s->srk_policy,
- TSS_SECRET_MODE_PLAIN,
- strlen (srk_password), (BYTE *) srk_password);
- else /* Well-known NULL key */
- err = Tspi_Policy_SetSecret (s->srk_policy,
- TSS_SECRET_MODE_SHA1,
- sizeof (nullpass), (BYTE *) nullpass);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to set TPM PIN: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srkpol;
- }
/* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob (s->tpm_context, s->srk,
+ err = Tspi_Context_LoadKeyByBlob (s->tpm_ctx, s->srk,
asn1.size, asn1.data, &s->tpm_key);
if (err != 0)
{
@@ -243,16 +290,11 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
Trspi_Error_String (err));
}
- if (err != TPM_E_AUTHFAIL)
+ if (err)
{
gnutls_assert ();
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srkpol;
- }
- else
- {
- ret = gnutls_assert_val (GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
- goto out_srkpol;
+ ret = tss_err(err);
+ goto out_session;
}
}
@@ -262,7 +304,7 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
if (ret < 0)
{
gnutls_assert ();
- goto out_srkpol;
+ goto out_session;
}
ret =
@@ -271,7 +313,7 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
{
if (!s->tpm_key_policy)
{
- err = Tspi_Context_CreateObject (s->tpm_context,
+ err = Tspi_Context_CreateObject (s->tpm_ctx,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&s->tpm_key_policy);
@@ -281,7 +323,7 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
_gnutls_debug_log
("Failed to create key policy object: %s\n",
Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(err);
goto out_key;
}
@@ -291,7 +333,7 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
gnutls_assert ();
_gnutls_debug_log ("Failed to assign policy to key: %s\n",
Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(err);
goto out_key_policy;
}
}
@@ -318,20 +360,13 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
gnutls_free (asn1.data);
return 0;
out_key_policy:
- Tspi_Context_CloseObject (s->tpm_context, s->tpm_key_policy);
+ Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
s->tpm_key_policy = 0;
out_key:
- Tspi_Context_CloseObject (s->tpm_context, s->tpm_key);
+ Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
s->tpm_key = 0;
-out_srkpol:
- Tspi_Context_CloseObject (s->tpm_context, s->srk_policy);
- s->srk_policy = 0;
-out_srk:
- Tspi_Context_CloseObject (s->tpm_context, s->srk);
- s->srk = 0;
-out_tspi_ctx:
- Tspi_Context_Close (s->tpm_context);
- s->tpm_context = 0;
+out_session:
+ tpm_close_session(s);
out_ctx:
gnutls_free (s);
out_blob:
@@ -357,7 +392,7 @@ int ret;
if (tssret != 0)
{
gnutls_assert();
- return GNUTLS_E_TPM_ERROR;
+ return tss_err(tssret);
}
m.data = tdata;
@@ -369,7 +404,7 @@ int ret;
{
gnutls_assert();
Tspi_Context_FreeMemory(key_ctx, m.data);
- return GNUTLS_E_TPM_ERROR;
+ return tss_err(tssret);
}
e.data = tdata;
@@ -401,9 +436,7 @@ int ret;
* This function will import the public key from the provided
* TPM key structure. If a password is needed to decrypt
* the provided key or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned. If the TPM password
- * is wrong or not provided then %GNUTLS_E_TPM_KEY_PASSWORD_ERROR
- * is returned.
+ * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
@@ -440,65 +473,15 @@ struct tpm_ctx_st s;
}
asn1.size = slen;
- err = Tspi_Context_Create (&s.tpm_context);
- if (err)
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
{
- gnutls_assert ();
- _gnutls_debug_log ("Failed to create TPM context: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
+ gnutls_assert();
goto out_blob;
}
- err = Tspi_Context_Connect (s.tpm_context, NULL);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to connect TPM context: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_tspi_ctx;
- }
- err =
- Tspi_Context_LoadKeyByUUID (s.tpm_context, TSS_PS_TYPE_SYSTEM,
- srk_uuid, &s.srk);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Failed to load TPM SRK key: %s\n", Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_tspi_ctx;
- }
- err = Tspi_GetPolicyObject (s.srk, TSS_POLICY_USAGE, &s.srk_policy);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to load TPM SRK policy object: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srk;
- }
-
- /* We don't seem to get the error here... */
- if (srk_password)
- err = Tspi_Policy_SetSecret (s.srk_policy,
- TSS_SECRET_MODE_PLAIN,
- strlen (srk_password), (BYTE *) srk_password);
- else /* Well-known NULL key */
- err = Tspi_Policy_SetSecret (s.srk_policy,
- TSS_SECRET_MODE_SHA1,
- sizeof (nullpass), (BYTE *) nullpass);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to set TPM PIN: %s\n",
- Trspi_Error_String (err));
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srkpol;
- }
/* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob (s.tpm_context, s.srk,
+ err = Tspi_Context_LoadKeyByBlob (s.tpm_ctx, s.srk,
asn1.size, asn1.data, &s.tpm_key);
if (err != 0)
{
@@ -510,16 +493,11 @@ struct tpm_ctx_st s;
Trspi_Error_String (err));
}
- if (err != TPM_E_AUTHFAIL)
+ if (err)
{
gnutls_assert ();
- ret = GNUTLS_E_TPM_ERROR;
- goto out_srkpol;
- }
- else
- {
- ret = gnutls_assert_val (GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
- goto out_srkpol;
+ ret = tss_err(err);
+ goto out_session;
}
}
@@ -527,20 +505,12 @@ struct tpm_ctx_st s;
if (ret < 0)
{
gnutls_assert();
- goto out_srkpol;
+ goto out_session;
}
- gnutls_free (asn1.data);
- return 0;
-out_srkpol:
- Tspi_Context_CloseObject (s.tpm_context, s.srk_policy);
- s.srk_policy = 0;
-out_srk:
- Tspi_Context_CloseObject (s.tpm_context, s.srk);
- s.srk = 0;
-out_tspi_ctx:
- Tspi_Context_Close (s.tpm_context);
- s.tpm_context = 0;
+ ret = 0;
+out_session:
+ tpm_close_session(&s);
out_blob:
gnutls_free (asn1.data);
return ret;
@@ -563,8 +533,9 @@ out_blob:
* form. Furthermore the wrapped key can be protected with
* the provided @password.
*
- * Note that bits in TPM is quantized value. Allowed values are 512,
- * 1024, 2048, 4096, 8192 and 16384.
+ * Note that bits in TPM is quantized value. If the input value
+ * is not one of the allowed values, then it will be quantized to
+ * one of 512, 1024, 2048, 4096, 8192 and 16384.
*
* Allowed flags are %GNUTLS_TPM_SIG_PKCS1V15 and
%GNUTLS_TPM_SIG_PKCS1V15_SHA1.
*
@@ -582,62 +553,40 @@ gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk,
unsigned int bits,
gnutls_datum_t* pubkey,
unsigned int flags)
{
-TSS_HCONTEXT ctx;
TSS_FLAG tpm_flags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY key_ctx;
-TSS_HKEY srk_ctx;
TSS_RESULT tssret;
int ret;
void* tdata;
UINT32 tint;
gnutls_datum_t tmpkey;
-TSS_HPOLICY srk_policy, key_policy;
+TSS_HPOLICY key_policy;
unsigned int sig;
gnutls_pubkey_t pub;
+struct tpm_ctx_st s;
- switch(bits) {
- case 512:
+ if (bits <= 512)
tpm_flags |= TSS_KEY_SIZE_512;
- break;
- case 1024:
+ else if (bits <= 1024)
tpm_flags |= TSS_KEY_SIZE_1024;
- break;
- case 2048:
+ else if (bits <= 2048)
tpm_flags |= TSS_KEY_SIZE_2048;
- break;
- case 4096:
+ else if (bits <= 4096)
tpm_flags |= TSS_KEY_SIZE_4096;
- break;
- case 8192:
+ else if (bits <= 8192)
tpm_flags |= TSS_KEY_SIZE_8192;
- break;
- case 16384:
+ else
tpm_flags |= TSS_KEY_SIZE_16384;
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
- tssret = Tspi_Context_Create(&ctx);
- if (tssret != 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_ERROR;
- }
-
- tssret = Tspi_Context_Connect(ctx, NULL);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
- goto err_cc;
- }
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- tssret = Tspi_Context_CreateObject(ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags,
&key_ctx);
+ tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
tpm_flags, &key_ctx);
if (tssret != 0)
{
gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_cc;
}
@@ -651,46 +600,10 @@ gnutls_pubkey_t pub;
if (tssret != 0)
{
gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
- goto err_sa;
- }
-
- tssret = Tspi_Context_LoadKeyByUUID(ctx, TSS_PS_TYPE_SYSTEM, srk_uuid,
- &srk_ctx);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_sa;
}
- /* set SRK key */
- tssret = Tspi_GetPolicyObject(srk_ctx, TSS_POLICY_USAGE, &srk_policy);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
- goto err_sa;
- }
-
- if (srk_password == NULL)
- {
- tssret = Tspi_Policy_SetSecret(srk_policy, TSS_SECRET_MODE_SHA1,
- 20, (void*)nullpass);
- }
- else
- {
- tssret = Tspi_Policy_SetSecret(srk_policy, TSS_SECRET_MODE_PLAIN,
- strlen(srk_password),
(void*)srk_password);
- }
-
- if (tssret != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- goto err_sa;
- }
-
/* set the key of the actual key */
if (key_password)
{
@@ -698,7 +611,7 @@ gnutls_pubkey_t pub;
if (tssret != 0)
{
gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_sa;
}
@@ -707,19 +620,16 @@ gnutls_pubkey_t pub;
if (tssret != 0)
{
gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_sa;
}
}
- tssret = Tspi_Key_CreateKey(key_ctx, srk_ctx, 0);
+ tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
if (tssret != 0)
{
gnutls_assert();
- if (tssret == TPM_E_AUTHFAIL)
- ret = GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- else
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_sa;
}
@@ -728,7 +638,7 @@ gnutls_pubkey_t pub;
if (tssret != 0)
{
gnutls_assert();
- ret = GNUTLS_E_TPM_ERROR;
+ ret = tss_err(tssret);
goto err_sa;
}
@@ -805,8 +715,9 @@ cleanup:
gnutls_free(tmpkey.data);
tmpkey.data = NULL;
err_sa:
- Tspi_Context_CloseObject(ctx, key_ctx);
+ Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
err_cc:
- Tspi_Context_Close(ctx);
+ tpm_close_session(&s);
return ret;
}
+
diff --git a/src/tpmtool-args.c b/src/tpmtool-args.c
index 1202179..c8f98fb 100644
--- a/src/tpmtool-args.c
+++ b/src/tpmtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.c)
*
- * It has been AutoGen-ed July 8, 2012 at 01:42:38 PM by AutoGen 5.16
+ * It has been AutoGen-ed July 8, 2012 at 09:02:01 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* tpmtool option static const strings
*/
-static char const tpmtool_opt_strs[1564] =
+static char const tpmtool_opt_strs[1647] =
/* 0 */ "tpmtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -99,24 +99,27 @@ static char const tpmtool_opt_strs[1564] =
/* 1030 */ "Prints the public key of the provided key\0"
/* 1072 */ "PUBKEY\0"
/* 1079 */ "pubkey\0"
-/* 1086 */ "Specify the number of bits for key generate\0"
-/* 1130 */ "BITS\0"
-/* 1135 */ "bits\0"
-/* 1140 */ "Display extended usage information and exit\0"
-/* 1184 */ "help\0"
-/* 1189 */ "Extended usage information passed thru pager\0"
-/* 1234 */ "more-help\0"
-/* 1244 */ "Output version information and exit\0"
-/* 1280 */ "version\0"
-/* 1288 */ "TPMTOOL\0"
-/* 1296 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
+/* 1086 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
+/* 1149 */ "SEC_PARAM\0"
+/* 1159 */ "sec-param\0"
+/* 1169 */ "Specify the number of bits for key generate\0"
+/* 1213 */ "BITS\0"
+/* 1218 */ "bits\0"
+/* 1223 */ "Display extended usage information and exit\0"
+/* 1267 */ "help\0"
+/* 1272 */ "Extended usage information passed thru pager\0"
+/* 1317 */ "more-help\0"
+/* 1327 */ "Output version information and exit\0"
+/* 1363 */ "version\0"
+/* 1371 */ "TPMTOOL\0"
+/* 1379 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 1397 */ "address@hidden"
-/* 1416 */ "\n\n\0"
-/* 1419 */ "\n"
+/* 1480 */ "address@hidden"
+/* 1499 */ "\n\n\0"
+/* 1502 */ "\n"
"Program that allows handling cryptographic data from the TPM
chip.\n\0"
-/* 1488 */ "tpmtool @address@hidden"
-/* 1506 */ "tpmtool [options]\n"
+/* 1571 */ "tpmtool @address@hidden"
+/* 1589 */ "tpmtool [options]\n"
"tpmtool --help for usage instructions.\n";
/*
@@ -163,22 +166,31 @@ static char const tpmtool_opt_strs[1564] =
#define PUBKEY_FLAGS (OPTST_DISABLED)
/*
+ * sec-param option description:
+ */
+#define SEC_PARAM_DESC (tpmtool_opt_strs+1086)
+#define SEC_PARAM_NAME (tpmtool_opt_strs+1149)
+#define SEC_PARAM_name (tpmtool_opt_strs+1159)
+#define SEC_PARAM_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
+
+/*
* bits option description:
*/
-#define BITS_DESC (tpmtool_opt_strs+1086)
-#define BITS_NAME (tpmtool_opt_strs+1130)
-#define BITS_name (tpmtool_opt_strs+1135)
+#define BITS_DESC (tpmtool_opt_strs+1169)
+#define BITS_NAME (tpmtool_opt_strs+1213)
+#define BITS_name (tpmtool_opt_strs+1218)
#define BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (tpmtool_opt_strs+1140)
-#define HELP_name (tpmtool_opt_strs+1184)
+#define HELP_DESC (tpmtool_opt_strs+1223)
+#define HELP_name (tpmtool_opt_strs+1267)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (tpmtool_opt_strs+1189)
-#define MORE_HELP_name (tpmtool_opt_strs+1234)
+#define MORE_HELP_DESC (tpmtool_opt_strs+1272)
+#define MORE_HELP_name (tpmtool_opt_strs+1317)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -191,8 +203,8 @@ static char const tpmtool_opt_strs[1564] =
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (tpmtool_opt_strs+1244)
-#define VER_name (tpmtool_opt_strs+1280)
+#define VER_DESC (tpmtool_opt_strs+1327)
+#define VER_name (tpmtool_opt_strs+1363)
/*
* Declare option callback procedures
*/
@@ -272,8 +284,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PUBKEY_DESC, PUBKEY_NAME, PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 5, VALUE_OPT_BITS,
- /* equiv idx, value */ 5, VALUE_OPT_BITS,
+ { /* entry idx, value */ 5, VALUE_OPT_SEC_PARAM,
+ /* equiv idx, value */ 5, VALUE_OPT_SEC_PARAM,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ SEC_PARAM_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --sec-param */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 6, VALUE_OPT_BITS,
+ /* equiv idx, value */ 6, VALUE_OPT_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BITS_FLAGS, 0,
@@ -328,14 +352,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the tpmtool Option Environment
*/
-#define zPROGNAME (tpmtool_opt_strs+1288)
-#define zUsageTitle (tpmtool_opt_strs+1296)
+#define zPROGNAME (tpmtool_opt_strs+1371)
+#define zUsageTitle (tpmtool_opt_strs+1379)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (tpmtool_opt_strs+1397)
-#define zExplain (tpmtool_opt_strs+1416)
-#define zDetail (tpmtool_opt_strs+1419)
-#define zFullVersion (tpmtool_opt_strs+1488)
+#define zBugsAddr (tpmtool_opt_strs+1480)
+#define zExplain (tpmtool_opt_strs+1499)
+#define zDetail (tpmtool_opt_strs+1502)
+#define zFullVersion (tpmtool_opt_strs+1571)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -349,7 +373,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define tpmtool_full_usage (NULL)
-#define tpmtool_short_usage (tpmtool_opt_strs+1506)
+#define tpmtool_short_usage (tpmtool_opt_strs+1589)
#endif /* not defined __doxygen__ */
@@ -491,7 +515,7 @@ tOptions tpmtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 9 /* full option count */, 6 /* user option count */,
+ 10 /* full option count */, 7 /* user option count */,
tpmtool_full_usage, tpmtool_short_usage,
NULL, NULL,
PKGDATADIR, tpmtool_packager_info
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def
index e933dcf..37a7abd 100644
--- a/src/tpmtool-args.def
+++ b/src/tpmtool-args.def
@@ -23,6 +23,14 @@ flag = {
};
flag = {
+ name = sec-param;
+ arg-type = string;
+ arg-name = "Security parameter";
+ descrip = "Specify the security level [low, legacy, normal, high,
ultra].";
+ doc = "This is alternative to the bits option.";
+};
+
+flag = {
name = bits;
arg-type = number;
descrip = "Specify the number of bits for key generate";
@@ -43,7 +51,7 @@ doc-section = {
ds-text = <<-_EOT_
To generate a public key use:
@example
-$ tpmtool --generate-rsa --bits 1024 --outfile tpmkey.pem
+$ tpmtool --generate-rsa --sec-param normal --outfile tpmkey.pem
@end example
To get the public key of a TPM key use:
diff --git a/src/tpmtool-args.h b/src/tpmtool-args.h
index e9f7a58..6e40678 100644
--- a/src/tpmtool-args.h
+++ b/src/tpmtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.h)
*
- * It has been AutoGen-ed July 8, 2012 at 01:42:38 PM by AutoGen 5.16
+ * It has been AutoGen-ed July 8, 2012 at 09:02:01 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -72,13 +72,14 @@ typedef enum {
INDEX_OPT_OUTFILE = 2,
INDEX_OPT_GENERATE_RSA = 3,
INDEX_OPT_PUBKEY = 4,
- INDEX_OPT_BITS = 5,
- INDEX_OPT_VERSION = 6,
- INDEX_OPT_HELP = 7,
- INDEX_OPT_MORE_HELP = 8
+ INDEX_OPT_SEC_PARAM = 5,
+ INDEX_OPT_BITS = 6,
+ INDEX_OPT_VERSION = 7,
+ INDEX_OPT_HELP = 8,
+ INDEX_OPT_MORE_HELP = 9
} teOptIndex;
-#define OPTION_CT 9
+#define OPTION_CT 10
#define TPMTOOL_VERSION "@VERSION@"
#define TPMTOOL_FULL_VERSION "tpmtool @VERSION@"
@@ -123,7 +124,8 @@ typedef enum {
#define VALUE_OPT_OUTFILE 2
#define VALUE_OPT_GENERATE_RSA 3
#define VALUE_OPT_PUBKEY 4
-#define VALUE_OPT_BITS 5
+#define VALUE_OPT_SEC_PARAM 5
+#define VALUE_OPT_BITS 6
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
#define VALUE_OPT_HELP 'h'
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 3370480..b9543cf 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -80,6 +80,7 @@ cmd_parser (int argc, char **argv)
unsigned int optct;
unsigned int key_type = GNUTLS_PK_UNKNOWN;
unsigned int bits = 0;
+ const char* sec_param = NULL;
optct = optionProcess( &tpmtoolOptions, argc, argv);
argc += optct;
@@ -114,14 +115,16 @@ cmd_parser (int argc, char **argv)
else
infile = stdin;
+ if (HAVE_OPT(SEC_PARAM))
+ sec_param = OPT_ARG(SEC_PARAM);
if (HAVE_OPT(BITS))
bits = OPT_VALUE_BITS;
- else
- bits = 2048;
+
if (HAVE_OPT(GENERATE_RSA))
{
key_type = GNUTLS_PK_RSA;
+ bits = get_bits (key_type, bits, sec_param);
tpm_generate (outfile, key_type, bits);
}
else if (HAVE_OPT(PUBKEY))
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-12-g6299e59,
Nikos Mavrogiannopoulos <=