WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #409 from aidangarske/keygen_opKeyAuth 

Keygen Optional Authentication Password -auth=<yourpassword>
pull/411/head
David Garske 2025-03-28 14:45:35 -07:00 committed by GitHub
parent 122885adc9 8e03c40fba
commit 0cd21b53c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
examples/keygen/keygen.c
View File

@ -43,7 +43,7 @@
static void usage(void) static void usage(void)
{ {
printf("Expected usage:\n"); printf("Expected usage:\n");
printf("./examples/keygen/keygen [keyblob.bin] [-ecc/-rsa/-sym] [-t] [-aes/xor] [-eh] [-pem]\n"); printf("./examples/keygen/keygen [keyblob.bin] [-ecc/-rsa/-sym] [-t] [-aes/xor] [-eh] [-pem] [-auth=pass]\n");
printf("* -pem: Store the primary and child public keys as PEM formatted files\n"); printf("* -pem: Store the primary and child public keys as PEM formatted files\n");
printf("\t child public key filename: ak.pem or key.pem\n"); printf("\t child public key filename: ak.pem or key.pem\n");
printf("\t primary public key filename: ek.pem or srk.pem\n"); printf("\t primary public key filename: ek.pem or srk.pem\n");
@ -57,6 +57,8 @@ static void usage(void)
printf("* -aes/xor: Use Parameter Encryption\n"); printf("* -aes/xor: Use Parameter Encryption\n");
printf("* -unique=[value]\n"); printf("* -unique=[value]\n");
printf("\t* Used for the KDF of the create\n"); printf("\t* Used for the KDF of the create\n");
printf("* -auth=pass: Use custom password for key authentication\n");
printf("\t* If not specified, default key auth is used\n");
printf("Example usage:\n"); printf("Example usage:\n");
printf("\t* RSA, default template\n"); printf("\t* RSA, default template\n");
@ -118,6 +120,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
int bAIK = 1; int bAIK = 1;
int keyBits = 256; int keyBits = 256;
const char* uniqueStr = NULL; const char* uniqueStr = NULL;
const char* authStr = NULL;
const char *outputFile = "keyblob.bin"; const char *outputFile = "keyblob.bin";
const char *ekPubFile = "ek.pub"; const char *ekPubFile = "ek.pub";
const char *srkPubFile = "srk.pub"; const char *srkPubFile = "srk.pub";
@ -176,6 +179,9 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
else if (XSTRNCMP(argv[argc-1], "-unique=", XSTRLEN("-unique=")) == 0) { else if (XSTRNCMP(argv[argc-1], "-unique=", XSTRLEN("-unique=")) == 0) {
uniqueStr = argv[argc-1] + XSTRLEN("-unique="); uniqueStr = argv[argc-1] + XSTRLEN("-unique=");
} }
else if (XSTRNCMP(argv[argc-1], "-auth=", XSTRLEN("-auth=")) == 0) {
authStr = argv[argc-1] + XSTRLEN("-auth=");
}
else if (argv[argc-1][0] != '-') { else if (argv[argc-1][0] != '-') {
outputFile = argv[argc-1]; outputFile = argv[argc-1];
} }
@ -292,9 +298,15 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
if (rc != 0) goto exit; if (rc != 0) goto exit;
/* set session for authorization key */ /* set session for authorization key */
if (authStr != NULL) {
/* Use provided custom auth */
auth.size = (int)XSTRLEN(authStr);
XMEMCPY(auth.buffer, authStr, auth.size);
}
else {
auth.size = (int)sizeof(gAiKeyAuth)-1; auth.size = (int)sizeof(gAiKeyAuth)-1;
XMEMCPY(auth.buffer, gAiKeyAuth, auth.size); XMEMCPY(auth.buffer, gAiKeyAuth, auth.size);
}
} }
else { else {
if (alg == TPM_ALG_RSA) { if (alg == TPM_ALG_RSA) {
@ -326,9 +338,16 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
} }
/* set session for authorization key */ /* set session for authorization key */
if (authStr != NULL) {
/* Use provided custom auth key */
auth.size = (int)XSTRLEN(authStr);
XMEMCPY(auth.buffer, authStr, auth.size);
}
else {
auth.size = (int)sizeof(gKeyAuth)-1; auth.size = (int)sizeof(gKeyAuth)-1;
XMEMCPY(auth.buffer, gKeyAuth, auth.size); XMEMCPY(auth.buffer, gKeyAuth, auth.size);
} }
}
if (rc != 0) goto exit; if (rc != 0) goto exit;
/* optionally set a unique field */ /* optionally set a unique field */

2
examples/run_examples.sh
View File

@ -251,6 +251,8 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
./examples/keygen/keyload ecckeyblobeh.bin -ecc -eh >> $TPMPWD/run.out 2>&1 ./examples/keygen/keyload ecckeyblobeh.bin -ecc -eh >> $TPMPWD/run.out 2>&1
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && echo -e "keyload endorsement ecc failed! $RESULT" && exit 1 [ $RESULT -ne 0 ] && echo -e "keyload endorsement ecc failed! $RESULT" && exit 1
# TODO: Add tests for -auth= keygen when used in example
fi fi