ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

libtpmtss: Generalize AIK keys to signature keys

This commit is contained in:
Andreas Steffen 2018-10-23 18:55:16 +02:00 committed by Tobias Brunner
parent 526c5abd0f
commit 3150bd2b81
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/libtpmtss/tpm_tss_tss2_v1.c
View File

@ -421,7 +421,7 @@ METHOD(tpm_tss_t, get_version_info, chunk_t,
} }
/** /**
* read the public key portion of a TSS 2.0 AIK key from NVRAM * read the public key portion of a TSS 2.0 key from NVRAM
*/ */
bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
TPM2B_PUBLIC *public) TPM2B_PUBLIC *public)
@ -471,9 +471,9 @@ METHOD(tpm_tss_t, get_public, chunk_t,
} }
aik_blob = chunk_create((u_char*)&public, sizeof(public)); aik_blob = chunk_create((u_char*)&public, sizeof(public));
DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); DBG3(DBG_LIB, "%s public key blob: %B", LABEL, &aik_blob);
/* convert TSS 2.0 AIK public key blot into PKCS#1 format */ /* convert TSS 2.0 public key blot into PKCS#1 format */
switch (public.t.publicArea.type) switch (public.t.publicArea.type)
{ {
case TPM_ALG_RSA: case TPM_ALG_RSA:
@ -490,12 +490,12 @@ METHOD(tpm_tss_t, get_public, chunk_t,
aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size); aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
/* subjectPublicKeyInfo encoding of AIK RSA key */ /* subjectPublicKeyInfo encoding of RSA public key */
if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
{ {
DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of public key "
"failed", LABEL); "failed", LABEL);
return chunk_empty; return chunk_empty;
} }
@ -526,7 +526,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
pos += ecc->x.t.size; pos += ecc->x.t.size;
/* copy y coordinate of ECC point */ /* copy y coordinate of ECC point */
memcpy(pos, ecc->y.t.buffer, ecc->y.t.size); memcpy(pos, ecc->y.t.buffer, ecc->y.t.size);
/* subjectPublicKeyInfo encoding of AIK ECC key */ /* subjectPublicKeyInfo encoding of ECC public key */
aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_wrap(ASN1_SEQUENCE, "mm", asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_EC_PUBLICKEY), asn1_build_known_oid(OID_EC_PUBLICKEY),
@ -536,10 +536,10 @@ METHOD(tpm_tss_t, get_public, chunk_t,
break; break;
} }
default: default:
DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); DBG1(DBG_PTS, "%s unsupported key type", LABEL);
return chunk_empty; return chunk_empty;
} }
DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", DBG1(DBG_PTS, "signature algorithm is %N with %N hash",
tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg);
return aik_pubkey; return aik_pubkey;
} }
@ -624,7 +624,7 @@ METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*,
break; break;
} }
default: default:
DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); DBG1(DBG_PTS, "%s unsupported key type", LABEL);
return enumerator_create_empty(); return enumerator_create_empty();
} }
return enumerator_create_single(signature_params_clone(&supported_scheme), return enumerator_create_single(signature_params_clone(&supported_scheme),

18
src/libtpmtss/tpm_tss_tss2_v2.c
View File

@ -381,7 +381,7 @@ METHOD(tpm_tss_t, get_version_info, chunk_t,
} }
/** /**
* read the public key portion of a TSS 2.0 AIK key from NVRAM * read the public key portion of a TSS 2.0 key from NVRAM
*/ */
bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
TPM2B_PUBLIC *public) TPM2B_PUBLIC *public)
@ -425,9 +425,9 @@ METHOD(tpm_tss_t, get_public, chunk_t,
} }
aik_blob = chunk_create((u_char*)&public, sizeof(public)); aik_blob = chunk_create((u_char*)&public, sizeof(public));
DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); DBG3(DBG_LIB, "%s public key blob: %B", LABEL, &aik_blob);
/* convert TSS 2.0 AIK public key blot into PKCS#1 format */ /* convert TSS 2.0 public key blot into PKCS#1 format */
switch (public.publicArea.type) switch (public.publicArea.type)
{ {
case TPM2_ALG_RSA: case TPM2_ALG_RSA:
@ -444,12 +444,12 @@ METHOD(tpm_tss_t, get_public, chunk_t,
aik_modulus = chunk_create(rsa->buffer, rsa->size); aik_modulus = chunk_create(rsa->buffer, rsa->size);
aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
/* subjectPublicKeyInfo encoding of AIK RSA key */ /* subjectPublicKeyInfo encoding of RSA public key */
if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
{ {
DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of public key "
"failed", LABEL); "failed", LABEL);
return chunk_empty; return chunk_empty;
} }
@ -480,7 +480,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
pos += ecc->x.size; pos += ecc->x.size;
/* copy y coordinate of ECC point */ /* copy y coordinate of ECC point */
memcpy(pos, ecc->y.buffer, ecc->y.size); memcpy(pos, ecc->y.buffer, ecc->y.size);
/* subjectPublicKeyInfo encoding of AIK ECC key */ /* subjectPublicKeyInfo encoding of ECC public key */
aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_wrap(ASN1_SEQUENCE, "mm", asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_EC_PUBLICKEY), asn1_build_known_oid(OID_EC_PUBLICKEY),
@ -490,10 +490,10 @@ METHOD(tpm_tss_t, get_public, chunk_t,
break; break;
} }
default: default:
DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); DBG1(DBG_PTS, "%s unsupported key type", LABEL);
return chunk_empty; return chunk_empty;
} }
DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", DBG1(DBG_PTS, "signature algorithm is %N with %N hash",
tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg);
return aik_pubkey; return aik_pubkey;
} }
@ -578,7 +578,7 @@ METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*,
break; break;
} }
default: default:
DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); DBG1(DBG_PTS, "%s unsupported key type", LABEL);
return enumerator_create_empty(); return enumerator_create_empty();
} }
return enumerator_create_single(signature_params_clone(&supported_scheme), return enumerator_create_single(signature_params_clone(&supported_scheme),