1 files changed, 99 insertions, 0 deletions
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
new file mode 100644
index 0000000..67071b6
--- /dev/null
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
@@ -0,0 +1,99 @@
+commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
+Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
+Date:   Wed Jun 19 18:57:13 2013 +0800
+support well-known password in openssl-tpm-engine.
+Add "-z" option to select well known password in create_tpm_key tool.
+Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
+diff --git a/create_tpm_key.c b/create_tpm_key.c
+index fee917f..7b94d62 100644
+--- a/create_tpm_key.c
+++ b/create_tpm_key.c
+@@ -46,6 +46,8 @@
+ #include <trousers/tss.h>
+ #include <trousers/trousers.h>
+ 
+#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
+
+ #define print_error(a,b) \
+        fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
+                a, b, Trspi_Error_String(b))
+@@ -70,6 +72,7 @@ usage(char *argv0)
+                "\t\t-e|--enc-scheme  encryption scheme to use [PKCSV15] or OAEP\n"
+                "\t\t-q|--sig-scheme  signature scheme to use [DER] or SHA1\n"
+                "\t\t-s|--key-size    key size in bits [2048]\n"
+               "\t\t-z|--zerokey     use well known 20 bytes zero as SRK password.\n"
+                "\t\t-a|--auth        require a password for the key [NO]\n"
+                "\t\t-p|--popup       use TSS GUI popup dialogs to get the password "
+                "for the\n\t\t\t\t key [NO] (implies --auth)\n"
+@@ -147,6 +150,7 @@ int main(int argc, char **argv)
+        int             asn1_len;
+        char            *filename, c, *openssl_key = NULL;
+        int             option_index, auth = 0, popup = 0, wrap = 0;
+       int             wellknownkey = 0;
+        UINT32          enc_scheme = TSS_ES_RSAESPKCSV15;
+        UINT32          sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
+        UINT32          key_size = 2048;
+@@ -154,12 +158,15 @@ int main(int argc, char **argv)
+ 
+        while (1) {
+                option_index = 0;
+-               c = getopt_long(argc, argv, "pe:q:s:ahw:",
+               c = getopt_long(argc, argv, "pe:q:s:zahw:",
+                                long_options, &option_index);
+                if (c == -1)
+                        break;
+ 
+                switch (c) {
+                       case 'z':
+                               wellknownkey = 1;
+                               break;
+                        case 'a':
+                                initFlags |= TSS_KEY_AUTHORIZATION;
+                                auth = 1;
+@@ -293,6 +300,8 @@ int main(int argc, char **argv)
+ 
+        if (srk_authusage) {
+                char *authdata = calloc(1, 128);
+               TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
+               int authlen = 0;
+ 
+                if (!authdata) {
+                        fprintf(stderr, "malloc failed.\n");
+@@ -309,17 +318,26 @@ int main(int argc, char **argv)
+                        exit(result);
+                }
+ 
+-               if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
+-                       Tspi_Context_CloseObject(hContext, hKey);
+-                       Tspi_Context_Close(hContext);
+-                       free(authdata);
+-                       exit(result);
+               if (wellknownkey) {
+                       memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
+                       secretMode = TSS_SECRET_MODE_SHA1;
+                       authlen = TPM_WELL_KNOWN_KEY_LEN;
+               }
+               else {
+                       if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
+                               Tspi_Context_CloseObject(hContext, hKey);
+                               Tspi_Context_Close(hContext);
+                               free(authdata);
+                               exit(result);
+                       }
+                       secretMode = TSS_SECRET_MODE_PLAIN;
+                       authlen = strlen(authdata);
+                }
+ 
+                //Set Secret
+                if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
+-                                                   TSS_SECRET_MODE_PLAIN,
+-                                                   strlen(authdata),
+                                                   secretMode,
+                                                   authlen,
+                                                    (BYTE *)authdata))) {
+                        print_error("Tspi_Policy_SetSecret", result);
+                        free(authdata);

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch new file mode 100644 index 0000000..67071b6 --- /dev/null +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
@@ -0,0 +1,99 @@
	1	commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
	2	Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
	3	Date: Wed Jun 19 18:57:13 2013 +0800
	4
	5	support well-known password in openssl-tpm-engine.
	6
	7	Add "-z" option to select well known password in create_tpm_key tool.
	8
	9	Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
	10
	11	diff --git a/create_tpm_key.c b/create_tpm_key.c
	12	index fee917f..7b94d62 100644
	13	--- a/create_tpm_key.c
	14	+++ b/create_tpm_key.c
	15	@@ -46,6 +46,8 @@
	16	#include <trousers/tss.h>
	17	#include <trousers/trousers.h>
	18
	19	+#define TPM_WELL_KNOWN_KEY_LEN 20 /well know key length is 20 bytes zero/
	20	+
	21	#define print_error(a,b) \
	22	fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
	23	a, b, Trspi_Error_String(b))
	24	@@ -70,6 +72,7 @@ usage(char *argv0)
	25	"\t\t-e\|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
	26	"\t\t-q\|--sig-scheme signature scheme to use [DER] or SHA1\n"
	27	"\t\t-s\|--key-size key size in bits [2048]\n"
	28	+ "\t\t-z\|--zerokey use well known 20 bytes zero as SRK password.\n"
	29	"\t\t-a\|--auth require a password for the key [NO]\n"
	30	"\t\t-p\|--popup use TSS GUI popup dialogs to get the password "
	31	"for the\n\t\t\t\t key [NO] (implies --auth)\n"
	32	@@ -147,6 +150,7 @@ int main(int argc, char **argv)
	33	int asn1_len;
	34	char filename, c, openssl_key = NULL;
	35	int option_index, auth = 0, popup = 0, wrap = 0;
	36	+ int wellknownkey = 0;
	37	UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
	38	UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
	39	UINT32 key_size = 2048;
	40	@@ -154,12 +158,15 @@ int main(int argc, char **argv)
	41
	42	while (1) {
	43	option_index = 0;
	44	- c = getopt_long(argc, argv, "pe:q:s:ahw:",
	45	+ c = getopt_long(argc, argv, "pe:q:s:zahw:",
	46	long_options, &option_index);
	47	if (c == -1)
	48	break;
	49
	50	switch (c) {
	51	+ case 'z':
	52	+ wellknownkey = 1;
	53	+ break;
	54	case 'a':
	55	initFlags \|= TSS_KEY_AUTHORIZATION;
	56	auth = 1;
	57	@@ -293,6 +300,8 @@ int main(int argc, char **argv)
	58
	59	if (srk_authusage) {
	60	char *authdata = calloc(1, 128);
	61	+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
	62	+ int authlen = 0;
	63
	64	if (!authdata) {
	65	fprintf(stderr, "malloc failed.\n");
	66	@@ -309,17 +318,26 @@ int main(int argc, char **argv)
	67	exit(result);
	68	}
	69
	70	- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
	71	- Tspi_Context_CloseObject(hContext, hKey);
	72	- Tspi_Context_Close(hContext);
	73	- free(authdata);
	74	- exit(result);
	75	+ if (wellknownkey) {
	76	+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
	77	+ secretMode = TSS_SECRET_MODE_SHA1;
	78	+ authlen = TPM_WELL_KNOWN_KEY_LEN;
	79	+ }
	80	+ else {
	81	+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
	82	+ Tspi_Context_CloseObject(hContext, hKey);
	83	+ Tspi_Context_Close(hContext);
	84	+ free(authdata);
	85	+ exit(result);
	86	+ }
	87	+ secretMode = TSS_SECRET_MODE_PLAIN;
	88	+ authlen = strlen(authdata);
	89	}
	90
	91	//Set Secret
	92	if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
	93	- TSS_SECRET_MODE_PLAIN,
	94	- strlen(authdata),
	95	+ secretMode,
	96	+ authlen,
	97	(BYTE *)authdata))) {
	98	print_error("Tspi_Policy_SetSecret", result);
	99	free(authdata);