1 #ifdef HAVE_CONFIG_H
2 #include <config.h>
3 #endif
4
5 #include <stdbool.h>
6 #include <stdlib.h>
7 #include <stdio.h>
8 #include <inttypes.h>
9 #include <openssl/evp.h>
10 #include <openssl/rsa.h>
11 #include <openssl/pem.h>
12
13 #include "tss2_sys.h"
14 #include "tss2_mu.h"
15
16 #define LOGMODULE test
17 #include "util/log.h"
18 #include "test-options.h"
19 #include "context-util.h"
20
21 int
main(int argc,char * argv[])22 main (int argc, char *argv[])
23 {
24 TSS2_RC rc;
25 TSS2_SYS_CONTEXT *sapi_context;
26 TSS2L_SYS_AUTH_COMMAND auth_cmd = {
27 .auths = {{ .sessionHandle = TPM2_RS_PW }},
28 .count = 1
29 };
30 TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
31 TPM2B_PUBLIC in_public = {
32 .publicArea = {
33 .type = TPM2_ALG_RSA,
34 .nameAlg = TPM2_ALG_SHA256,
35 .objectAttributes = (
36 TPMA_OBJECT_FIXEDTPM |
37 TPMA_OBJECT_FIXEDPARENT |
38 TPMA_OBJECT_SENSITIVEDATAORIGIN |
39 TPMA_OBJECT_ADMINWITHPOLICY |
40 TPMA_OBJECT_RESTRICTED |
41 TPMA_OBJECT_DECRYPT
42 ),
43 .authPolicy = {
44 .size = 32,
45 .buffer = 0x83, 0x71, 0x97, 0x67, 0x44, 0x84,
46 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D,
47 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52,
48 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
49 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14,
50 0x69, 0xAA,
51 },
52 .parameters.rsaDetail = {
53 .symmetric = {
54 .algorithm = TPM2_ALG_AES,
55 .keyBits.aes = 128,
56 .mode.aes = TPM2_ALG_CFB,
57 },
58 .scheme = {
59 .scheme = TPM2_ALG_NULL,
60 },
61 .keyBits = 2048,
62 .exponent = 0,
63 },
64 .unique.rsa = {
65 .size = 256,
66 .buffer = {0},
67 }
68 }
69 };
70 TPML_PCR_SELECTION creation_pcr = { 0 };
71 TPM2_HANDLE handle;
72 TPM2B_PUBLIC out_public = { 0 };
73 TSS2L_SYS_AUTH_RESPONSE auth_rsp = {
74 .count = 0
75 };
76
77 test_opts_t opts = {
78 .tcti_type = TCTI_DEFAULT,
79 .device_file = DEVICE_PATH_DEFAULT,
80 .socket_address = HOSTNAME_DEFAULT,
81 .socket_port = PORT_DEFAULT,
82 };
83
84 get_test_opts_from_env (&opts);
85 if (sanity_check_test_opts (&opts) != 0)
86 exit (1);
87
88 sapi_context = sapi_init_from_opts (&opts);
89 if (sapi_context == NULL)
90 exit (1);
91
92 /* Generate the EK key */
93
94 rc = Tss2_Sys_CreatePrimary(sapi_context, TPM2_RH_ENDORSEMENT, &auth_cmd,
95 &in_sensitive, &in_public, NULL, &creation_pcr,
96 &handle, &out_public, NULL, NULL, NULL, NULL, &auth_rsp);
97 if (rc != TSS2_RC_SUCCESS) {
98 LOG_ERROR("TPM CreatePrimary FAILED: 0x%"PRIx32, rc);
99 exit(1);
100 }
101
102 rc = Tss2_Sys_FlushContext(sapi_context, handle);
103 if (rc != TSS2_RC_SUCCESS) {
104 LOG_ERROR("TPM FlushContext FAILED: 0x%"PRIx32, rc);
105 exit(1);
106 }
107
108 sapi_teardown_full (sapi_context);
109
110 /* Convert the key from out_public to PEM */
111
112 EVP_PKEY *evp = EVP_PKEY_new();
113 BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
114 RSA *rsa = RSA_new();
115 BIGNUM *e = BN_new();
116 BIGNUM *d = BN_new();
117 BIGNUM *p = BN_new();
118 BIGNUM *q = BN_new();
119 BIGNUM *dmp1 = BN_new();
120 BIGNUM *dmq1 = BN_new();
121 BIGNUM *iqmp = BN_new();
122 BIGNUM *n = BN_bin2bn(out_public.publicArea.unique.rsa.buffer,
123 out_public.publicArea.unique.rsa.size, NULL);
124 BN_set_word(d, 0);
125 BN_set_word(p, 0);
126 BN_set_word(q, 0);
127 BN_set_word(dmp1, 0);
128 BN_set_word(dmq1, 0);
129 BN_set_word(iqmp, 0);
130 uint32_t exp;
131 if (out_public.publicArea.parameters.rsaDetail.exponent == 0)
132 exp = 65537;
133 else
134 exp = out_public.publicArea.parameters.rsaDetail.exponent;
135 BN_set_word(e, exp);
136
137 #if OPENSSL_VERSION_NUMBER < 0x10100000
138 rsa->e = e;
139 rsa->n = n;
140 rsa->d = d;
141 rsa->p = p;
142 rsa->q = q;
143 rsa->dmp1 = dmp1;
144 rsa->dmq1 = dmq1;
145 rsa->iqmp = iqmp;
146 #else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
147 RSA_set0_key(rsa, n, e, d);
148 RSA_set0_factors(rsa, p, q);
149 RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
150 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
151
152 EVP_PKEY_assign_RSA(evp, rsa);
153
154 if (!PEM_write_bio_PUBKEY(bio, evp)) {
155 LOG_ERROR("PEM_write failed");
156 exit(1);
157 }
158
159 EVP_PKEY_free(evp);
160 BIO_free(bio);
161
162 return 0;
163 }
164