summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2015-07-14 09:44:30 +0200
committerGitLab <gitlab@gitlab.com>2016-12-13 13:11:33 +0000
commita6e3b0b040391b5fedcca7b43b46c40f2ce25ef6 (patch)
tree44909da504b214b35e6b908fe5d1ebcae15b2a3f /src
parentf0a8424dde7bf9c3ebe08f830556b50ab8f3c30c (diff)
downloadgnutls-a6e3b0b040391b5fedcca7b43b46c40f2ce25ef6.tar.gz
tpmtool: Added --test-sign parameter
Diffstat (limited to 'src')
-rw-r--r--src/tpmtool-args.def9
-rw-r--r--src/tpmtool.c76
2 files changed, 83 insertions, 2 deletions
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def
index 519ff944bd..0e2833676c 100644
--- a/src/tpmtool-args.def
+++ b/src/tpmtool-args.def
@@ -81,6 +81,15 @@ flag = {
};
flag = {
+ name = test-sign;
+ arg-type = string;
+ arg-name = "url";
+ descrip = "Tests the signature operation of the provided object";
+ doc = "It can be used to test the correct operation of the signature operation.
+This operation will sign and verify the signed data.";
+};
+
+flag = {
name = sec-param;
arg-type = string;
arg-name = "Security parameter";
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 49fc8ffe30..ae89d12245 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -45,12 +45,14 @@
#include "certtool-common.h"
#include "tpmtool-args.h"
+#include "common.h"
static void cmd_parser(int argc, char **argv);
static void tpm_generate(FILE * outfile, unsigned int key_type,
unsigned int bits, unsigned int flags);
static void tpm_pubkey(const char *url, FILE * outfile);
static void tpm_delete(const char *url, FILE * outfile);
+static void tpm_test_sign(const char *url, FILE * outfile);
static void tpm_list(FILE * outfile);
static gnutls_x509_crt_fmt_t incert_format, outcert_format;
@@ -160,6 +162,8 @@ static void cmd_parser(int argc, char **argv)
tpm_delete(OPT_ARG(DELETE), outfile);
} else if (HAVE_OPT(LIST)) {
tpm_list(outfile);
+ } else if (HAVE_OPT(TEST_SIGN)) {
+ tpm_test_sign(OPT_ARG(TEST_SIGN), outfile);
} else {
USAGE(1);
}
@@ -169,6 +173,75 @@ static void cmd_parser(int argc, char **argv)
gnutls_global_deinit();
}
+#define TEST_DATA "Test data to sign"
+
+static void
+tpm_test_sign(const char *url, FILE * out)
+{
+ gnutls_privkey_t privkey;
+ gnutls_pubkey_t pubkey;
+ int ret;
+ gnutls_datum_t data, sig = {NULL, 0};
+ int pk;
+
+ pkcs11_common(NULL);
+
+ data.data = (void*)TEST_DATA;
+ data.size = sizeof(TEST_DATA)-1;
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_privkey_import_url(privkey, url, 0);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot import private key: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pubkey_import_tpm_url(pubkey, url, NULL, 0);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot import public key: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &data, &sig);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot sign data: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
+
+ fprintf(stderr, "Verifying against private key parameters... ");
+ ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1),
+ 0, &data, &sig);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot verify signed data: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(stderr, "ok\n");
+
+ gnutls_free(sig.data);
+ gnutls_pubkey_deinit(pubkey);
+ gnutls_privkey_deinit(privkey);
+}
+
static void tpm_generate(FILE * out, unsigned int key_type,
unsigned int bits, unsigned int flags)
{
@@ -200,8 +273,7 @@ static void tpm_generate(FILE * out, unsigned int key_type,
exit(1);
}
-/* fwrite (pubkey.data, 1, pubkey.size, outfile);
- fputs ("\n", outfile);*/
+
fwrite(privkey.data, 1, privkey.size, out);
fputs("\n", out);