aboutsummaryrefslogtreecommitdiffstats
path: root/src/aikpub2/aikpub2.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/aikpub2/aikpub2.c')
-rw-r--r--src/aikpub2/aikpub2.c219
1 files changed, 22 insertions, 197 deletions
diff --git a/src/aikpub2/aikpub2.c b/src/aikpub2/aikpub2.c
index feaca72a5..fea58ed27 100644
--- a/src/aikpub2/aikpub2.c
+++ b/src/aikpub2/aikpub2.c
@@ -13,14 +13,11 @@
* for more details.
*/
+#include "tpm_tss.h"
+
#include <library.h>
#include <utils/debug.h>
#include <utils/optionsfrom.h>
-#include <asn1/asn1.h>
-#include <asn1/oid.h>
-
-#include <tss2/tpm20.h>
-#include <tcti/tcti_socket.h>
#include <syslog.h>
#include <getopt.h>
@@ -29,7 +26,7 @@
/* default directory where AIK keys are stored */
#define AIK_DIR IPSEC_CONFDIR "/pts/"
-/* default name of AIK private key blob */
+/* default name of AIK public key blob */
#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der"
/* logging */
@@ -40,8 +37,6 @@ static level_t default_loglevel = 1;
/* options read by optionsfrom */
options_t *options;
-/* global variables */
-chunk_t aik_blob;
chunk_t aik_pubkey;
chunk_t aik_keyid;
@@ -105,13 +100,12 @@ static void init_log(const char *program)
/**
* @brief exit aikgen
*
- * @param status 0 = OK, 1 = general discomfort
+ * @param status 0 = OK, -1 = general discomfort
*/
static void exit_aikpub2(err_t message, ...)
{
int status = 0;
- free(aik_blob.ptr);
free(aik_pubkey.ptr);
free(aik_keyid.ptr);
options->destroy(options);
@@ -126,7 +120,7 @@ static void exit_aikpub2(err_t message, ...)
vsnprintf(m, sizeof(m), message, args);
va_end(args);
- fprintf(stderr, "error: %s\n", m);
+ fprintf(stderr, "aikpub2 error: %s\n", m);
status = -1;
}
library_deinit();
@@ -142,12 +136,11 @@ static void exit_aikpub2(err_t message, ...)
static void usage(const char *message)
{
fprintf(stderr,
- "Usage: aikpub2 [--in <filename>|--handle <handle>] --out <filename>\n"
+ "Usage: aikpub2 --handle <handle> --out <filename>\n"
" [--force] [--quiet] [--debug <level>]\n"
- " aikpub2 --help\n"
+ " aikpub2 --help\n"
"\n"
"Options:\n"
- " --in (-i) TSS 2.0 AIK public key blob\n"
" --handle (-H) TSS 2.0 AIK object handle\n"
" --out (-o) AIK public key in PKCS #1 format\n"
" --force (-f) force to overwrite existing files\n"
@@ -160,105 +153,9 @@ static void usage(const char *message)
exit_aikpub2(message);
}
-/**
- * Some symbols required by libtctisocket
- */
-FILE *outFp;
-uint8_t simulator = 1;
-
-int TpmClientPrintf (uint8_t type, const char *format, ...)
-{
- return 0;
-}
/**
- * read the public key portion of a TSS 2.0 AIK key from NVRAM
- */
-void read_public(TPMI_DH_OBJECT handle, TPM2B_PUBLIC *public)
-{
- size_t tcti_context_size;
- uint32_t sys_context_size, rval;
-
- TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME,
- DEFAULT_RESMGR_TPM_PORT
- };
-
- TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP,
- TSS_SAPI_FIRST_FAMILY,
- TSS_SAPI_FIRST_LEVEL,
- TSS_SAPI_FIRST_VERSION
- };
-
- TPM2B_NAME name = { { sizeof(TPM2B_NAME)-2, } };
- TPM2B_NAME qualified_name = { { sizeof(TPM2B_NAME)-2, } };
-
- TSS2_TCTI_CONTEXT *tcti_context;
- TSS2_SYS_CONTEXT *sys_context;
-
- TPMS_AUTH_RESPONSE session_data;
- TSS2_SYS_RSP_AUTHS sessions_data;
- TPMS_AUTH_RESPONSE *session_data_array[1];
-
- session_data_array[0] = &session_data;
- sessions_data.rspAuths = &session_data_array[0];
- sessions_data.rspAuthsCount = 1;
-
- /* determine size of tcti context */
- rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0);
- if (rval != TSS2_RC_SUCCESS)
- {
- exit_aikpub2("could not get tcti_context size: 0x%06x", rval);
- }
-
- /* allocate memory for tcti context */
- tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size);
-
- /* initialize tcti context */
- rval = InitSocketTcti(tcti_context, &tcti_context_size, &rm_if_config, 0);
- if (rval != TSS2_RC_SUCCESS)
- {
- exit_aikpub2("could not get tcti_context: 0x%06x", rval);
- }
-
- /* determine size of sys context */
- sys_context_size = Tss2_Sys_GetContextSize(0);
-
- /* allocate memory for sys context */
- sys_context = malloc(sys_context_size);
-
- /* initialize sys context */
- rval = Tss2_Sys_Initialize(sys_context, sys_context_size, tcti_context,
- &abi_version);
- if (rval != TSS2_RC_SUCCESS)
- {
- TeardownSocketTcti(tcti_context);
- exit_aikpub2("could not get sys_context: 0x%06x", rval);
- }
-
- /* always send simulator platform command, ignored by true RM */
- PlatformCommand(tcti_context ,MS_SIM_POWER_ON );
- PlatformCommand(tcti_context, MS_SIM_NV_ON );
-
- /* read public key for a given object handle from TPM 2.0 NVRAM */
- rval = Tss2_Sys_ReadPublic(sys_context, handle, 0, public, &name,
- &qualified_name, &sessions_data);
-
- PlatformCommand(tcti_context, MS_SIM_POWER_OFF);
-
- /* clean up connection to TPM 2.0 */
- TeardownSocketTcti(tcti_context);
- Tss2_Sys_Finalize(sys_context);
- free(sys_context);
-
- if (rval != TPM_RC_SUCCESS)
- {
- exit_aikpub2("could not read TSS 2.0 public key from handle 0x%08x:"
- " 0x%06x", handle, rval);
- }
-}
-
-/**
- * @brief main of aikpub2 which generates an Attestation Identity Key (AIK)
+ * @brief main of aikpub2 which extracts an Attestation Identity Key (AIK)
*
* @param argc number of arguments
* @param argv pointer to the argument values
@@ -269,15 +166,11 @@ int main(int argc, char *argv[])
extern char * optarg;
extern int optind;
- uint32_t aik_handle = 0;
- char *aik_in_filename = NULL;
char *aik_out_filename = DEFAULT_FILENAME_AIKPUBKEY;
- chunk_t *aik_mapped;
+ uint32_t aik_handle = 0;
bool force = FALSE;
hasher_t *hasher;
-
- /* TSS 2.0 variables */
- TPM2B_PUBLIC public = { { 0, } };
+ tpm_tss_t *tpm;
atexit(library_deinit);
if (!library_init(NULL, "aikpub2"))
@@ -331,10 +224,6 @@ int main(int argc, char *argv[])
aik_handle = strtoll(optarg, NULL, 16);
continue;
- case 'i': /* --in <filename> */
- aik_in_filename = optarg;
- continue;
-
case 'o': /* --out <filename> */
aik_out_filename = optarg;
continue;
@@ -365,90 +254,26 @@ int main(int argc, char *argv[])
{
exit_aikpub2("plugin loading failed");
}
- if (!aik_in_filename && !aik_handle)
+ if (!aik_handle)
{
- usage("either --in or --handle option is required");
+ usage("--handle option is required");
}
- if (aik_handle)
- {
- /* read public key blob directly from TPM 2.0 */
- read_public(aik_handle, &public);
- aik_blob = chunk_clone(chunk_create((u_char*)&public, sizeof(public)));
- }
- else
+ /* try to find a TPM 2.0 */
+ tpm = tpm_tss_probe(TPM_VERSION_2_0);
+ if (!tpm)
{
- /* read stored TPM 2.0 public key blob from a file */
- aik_mapped = chunk_map(aik_in_filename, FALSE);
- if (!aik_mapped)
- {
- exit_aikpub2("could not read TSS 2.0 public key file '%s'",
- aik_in_filename);
- }
- aik_blob = chunk_clone(*aik_mapped);
- chunk_unmap(aik_mapped);
-
- if (aik_blob.len != sizeof(TPM2B_PUBLIC))
- {
- exit_aikpub2("size of aikblob is not %d bytes",
- sizeof(TPM2B_PUBLIC));
- }
- public = *(TPM2B_PUBLIC*)aik_blob.ptr;
+ exit_aikpub2("no TPM 2.0 found");
}
- DBG3(DBG_LIB, "TSS 2.0 AIK blob: %B", &aik_blob);
+ /* get AIK public key from TPM */
+ aik_pubkey = tpm->get_public(tpm, aik_handle);
+ tpm->destroy(tpm);
- switch (public.t.publicArea.type)
+ /* exit if AIK public key retrieval failed */
+ if (aik_pubkey.len == 0)
{
- case TPM_ALG_RSA:
- {
- TPM2B_PUBLIC_KEY_RSA *rsa;
- chunk_t aik_exponent, aik_modulus;
-
- rsa = &public.t.publicArea.unique.rsa;
- aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
- aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
-
- /* subjectPublicKeyInfo encoding of AIK RSA key */
- if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
- NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
- CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
- {
- exit_aikpub2("subjectPublicKeyInfo encoding of AIK key failed");
- }
- break;
- }
- case TPM_ALG_ECC:
- {
- TPMS_ECC_POINT *ecc;
- chunk_t ecc_point;
- uint8_t *pos;
-
- ecc = &public.t.publicArea.unique.ecc;
-
- /* allocate space for bit string */
- pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING,
- 2 + ecc->x.t.size + ecc->y.t.size);
- /* bit string length is a multiple of octets */
- *pos++ = 0x00;
- /* uncompressed ECC point format */
- *pos++ = 0x04;
- /* copy x coordinate of ECC point */
- memcpy(pos, ecc->x.t.buffer, ecc->x.t.size);
- pos += ecc->x.t.size;
- /* copy y coordinate of ECC point */
- memcpy(pos, ecc->y.t.buffer, ecc->y.t.size);
- /* subjectPublicKeyInfo encoding of AIK ECC key */
- aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_build_known_oid(OID_EC_PUBLICKEY),
- asn1_build_known_oid(ecc->x.t.size == 32 ?
- OID_PRIME256V1 : OID_SECT384R1)),
- ecc_point);
- break;
- }
- default:
- exit_aikpub2("unsupported key type");
+ exit_aikpub2("retrieval of AIK public key failed");
}
/* store AIK subjectPublicKeyInfo to file */
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 23:51:29 +0000