diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-07-14 09:44:30 +0200 |
---|---|---|
committer | GitLab <gitlab@gitlab.com> | 2016-12-13 13:11:33 +0000 |
commit | a6e3b0b040391b5fedcca7b43b46c40f2ce25ef6 (patch) | |
tree | 44909da504b214b35e6b908fe5d1ebcae15b2a3f /src | |
parent | f0a8424dde7bf9c3ebe08f830556b50ab8f3c30c (diff) | |
download | gnutls-a6e3b0b040391b5fedcca7b43b46c40f2ce25ef6.tar.gz |
tpmtool: Added --test-sign parameter
Diffstat (limited to 'src')
-rw-r--r-- | src/tpmtool-args.def | 9 | ||||
-rw-r--r-- | src/tpmtool.c | 76 |
2 files changed, 83 insertions, 2 deletions
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def index 519ff944bd..0e2833676c 100644 --- a/src/tpmtool-args.def +++ b/src/tpmtool-args.def @@ -81,6 +81,15 @@ flag = { }; flag = { + name = test-sign; + arg-type = string; + arg-name = "url"; + descrip = "Tests the signature operation of the provided object"; + doc = "It can be used to test the correct operation of the signature operation. +This operation will sign and verify the signed data."; +}; + +flag = { name = sec-param; arg-type = string; arg-name = "Security parameter"; diff --git a/src/tpmtool.c b/src/tpmtool.c index 49fc8ffe30..ae89d12245 100644 --- a/src/tpmtool.c +++ b/src/tpmtool.c @@ -45,12 +45,14 @@ #include "certtool-common.h" #include "tpmtool-args.h" +#include "common.h" static void cmd_parser(int argc, char **argv); static void tpm_generate(FILE * outfile, unsigned int key_type, unsigned int bits, unsigned int flags); static void tpm_pubkey(const char *url, FILE * outfile); static void tpm_delete(const char *url, FILE * outfile); +static void tpm_test_sign(const char *url, FILE * outfile); static void tpm_list(FILE * outfile); static gnutls_x509_crt_fmt_t incert_format, outcert_format; @@ -160,6 +162,8 @@ static void cmd_parser(int argc, char **argv) tpm_delete(OPT_ARG(DELETE), outfile); } else if (HAVE_OPT(LIST)) { tpm_list(outfile); + } else if (HAVE_OPT(TEST_SIGN)) { + tpm_test_sign(OPT_ARG(TEST_SIGN), outfile); } else { USAGE(1); } @@ -169,6 +173,75 @@ static void cmd_parser(int argc, char **argv) gnutls_global_deinit(); } +#define TEST_DATA "Test data to sign" + +static void +tpm_test_sign(const char *url, FILE * out) +{ + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey; + int ret; + gnutls_datum_t data, sig = {NULL, 0}; + int pk; + + pkcs11_common(NULL); + + data.data = (void*)TEST_DATA; + data.size = sizeof(TEST_DATA)-1; + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_import_url(privkey, url, 0); + if (ret < 0) { + fprintf(stderr, "Cannot import private key: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_import_tpm_url(pubkey, url, NULL, 0); + if (ret < 0) { + fprintf(stderr, "Cannot import public key: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fprintf(stderr, "Cannot sign data: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); + + fprintf(stderr, "Verifying against private key parameters... "); + ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1), + 0, &data, &sig); + if (ret < 0) { + fprintf(stderr, "Cannot verify signed data: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + fprintf(stderr, "ok\n"); + + gnutls_free(sig.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); +} + static void tpm_generate(FILE * out, unsigned int key_type, unsigned int bits, unsigned int flags) { @@ -200,8 +273,7 @@ static void tpm_generate(FILE * out, unsigned int key_type, exit(1); } -/* fwrite (pubkey.data, 1, pubkey.size, outfile); - fputs ("\n", outfile);*/ + fwrite(privkey.data, 1, privkey.size, out); fputs("\n", out); |