diff options
Diffstat (limited to 'src/tpmtool.c')
-rw-r--r-- | src/tpmtool.c | 421 |
1 files changed, 198 insertions, 223 deletions
diff --git a/src/tpmtool.c b/src/tpmtool.c index 9b2168e349..0ce6bfb4b4 100644 --- a/src/tpmtool.c +++ b/src/tpmtool.c @@ -46,11 +46,12 @@ #include "certtool-common.h" #include "tpmtool-args.h" -static void cmd_parser (int argc, char **argv); -static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int bits, unsigned int flags); -static void tpm_pubkey(const char* url, FILE* outfile); -static void tpm_delete(const char* url, FILE* outfile); -static void tpm_list(FILE* outfile); +static void cmd_parser(int argc, char **argv); +static void tpm_generate(FILE * outfile, unsigned int key_type, + unsigned int bits, unsigned int flags); +static void tpm_pubkey(const char *url, FILE * outfile); +static void tpm_delete(const char *url, FILE * outfile); +static void tpm_list(FILE * outfile); static gnutls_x509_crt_fmt_t incert_format, outcert_format; static gnutls_tpmkey_fmt_t inkey_format, outkey_format; @@ -59,252 +60,226 @@ static FILE *outfile; static FILE *infile; int batch = 0; -static void -tls_log_func (int level, const char *str) +static void tls_log_func(int level, const char *str) { - fprintf (stderr, "|<%d>| %s", level, str); + fprintf(stderr, "|<%d>| %s", level, str); } -int -main (int argc, char **argv) +int main(int argc, char **argv) { - cmd_parser (argc, argv); + cmd_parser(argc, argv); - return 0; + return 0; } -static void -cmd_parser (int argc, char **argv) +static void cmd_parser(int argc, char **argv) { - int ret, debug = 0; - unsigned int optct; - unsigned int key_type = GNUTLS_PK_UNKNOWN; - unsigned int bits = 0; - unsigned int genflags = 0; - /* Note that the default sec-param is legacy because several TPMs - * cannot handle larger keys. - */ - const char* sec_param = "legacy"; - - optct = optionProcess( &tpmtoolOptions, argc, argv); - argc += optct; - argv += optct; - - if (HAVE_OPT(DEBUG)) - debug = OPT_VALUE_DEBUG; - - if (HAVE_OPT(INDER)) - { - incert_format = GNUTLS_X509_FMT_DER; - inkey_format = GNUTLS_TPMKEY_FMT_DER; - } - else - { - incert_format = GNUTLS_X509_FMT_PEM; - inkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM; - } - - if (HAVE_OPT(OUTDER)) - { - outcert_format = GNUTLS_X509_FMT_DER; - outkey_format = GNUTLS_TPMKEY_FMT_DER; - } - else - { - outcert_format = GNUTLS_X509_FMT_PEM; - outkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM; - } - - if (HAVE_OPT(REGISTER)) - genflags |= GNUTLS_TPM_REGISTER_KEY; - if (!HAVE_OPT(LEGACY)) - genflags |= GNUTLS_TPM_KEY_SIGNING; - if (HAVE_OPT(USER)) - genflags |= GNUTLS_TPM_KEY_USER; - - gnutls_global_set_log_function (tls_log_func); - gnutls_global_set_log_level (debug); - if (debug > 1) - printf ("Setting log level to %d\n", debug); - - if ((ret = gnutls_global_init ()) < 0) - { - fprintf (stderr, "global_init: %s", gnutls_strerror (ret)); - exit(1); - } - - if (HAVE_OPT(OUTFILE)) - { - outfile = safe_open_rw (OPT_ARG(OUTFILE), 0); - if (outfile == NULL) - { - fprintf (stderr, "%s", OPT_ARG(OUTFILE)); - exit(1); - } - } - else - outfile = stdout; - - if (HAVE_OPT(INFILE)) - { - infile = fopen (OPT_ARG(INFILE), "rb"); - if (infile == NULL) - { - fprintf (stderr, "%s", OPT_ARG(INFILE)); - exit(1); - } - } - else - infile = stdin; - - if (HAVE_OPT(SEC_PARAM)) - sec_param = OPT_ARG(SEC_PARAM); - if (HAVE_OPT(BITS)) - bits = OPT_VALUE_BITS; - - - if (HAVE_OPT(GENERATE_RSA)) - { - key_type = GNUTLS_PK_RSA; - bits = get_bits (key_type, bits, sec_param, 0); - tpm_generate (outfile, key_type, bits, genflags); - } - else if (HAVE_OPT(PUBKEY)) - { - tpm_pubkey (OPT_ARG(PUBKEY), outfile); - } - else if (HAVE_OPT(DELETE)) - { - tpm_delete (OPT_ARG(DELETE), outfile); - } - else if (HAVE_OPT(LIST)) - { - tpm_list (outfile); - } - else - { - USAGE(1); - } - - fclose (outfile); - - gnutls_global_deinit (); + int ret, debug = 0; + unsigned int optct; + unsigned int key_type = GNUTLS_PK_UNKNOWN; + unsigned int bits = 0; + unsigned int genflags = 0; + /* Note that the default sec-param is legacy because several TPMs + * cannot handle larger keys. + */ + const char *sec_param = "legacy"; + + optct = optionProcess(&tpmtoolOptions, argc, argv); + argc += optct; + argv += optct; + + if (HAVE_OPT(DEBUG)) + debug = OPT_VALUE_DEBUG; + + if (HAVE_OPT(INDER)) { + incert_format = GNUTLS_X509_FMT_DER; + inkey_format = GNUTLS_TPMKEY_FMT_DER; + } else { + incert_format = GNUTLS_X509_FMT_PEM; + inkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM; + } + + if (HAVE_OPT(OUTDER)) { + outcert_format = GNUTLS_X509_FMT_DER; + outkey_format = GNUTLS_TPMKEY_FMT_DER; + } else { + outcert_format = GNUTLS_X509_FMT_PEM; + outkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM; + } + + if (HAVE_OPT(REGISTER)) + genflags |= GNUTLS_TPM_REGISTER_KEY; + if (!HAVE_OPT(LEGACY)) + genflags |= GNUTLS_TPM_KEY_SIGNING; + if (HAVE_OPT(USER)) + genflags |= GNUTLS_TPM_KEY_USER; + + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(debug); + if (debug > 1) + printf("Setting log level to %d\n", debug); + + if ((ret = gnutls_global_init()) < 0) { + fprintf(stderr, "global_init: %s", gnutls_strerror(ret)); + exit(1); + } + + if (HAVE_OPT(OUTFILE)) { + outfile = safe_open_rw(OPT_ARG(OUTFILE), 0); + if (outfile == NULL) { + fprintf(stderr, "%s", OPT_ARG(OUTFILE)); + exit(1); + } + } else + outfile = stdout; + + if (HAVE_OPT(INFILE)) { + infile = fopen(OPT_ARG(INFILE), "rb"); + if (infile == NULL) { + fprintf(stderr, "%s", OPT_ARG(INFILE)); + exit(1); + } + } else + infile = stdin; + + if (HAVE_OPT(SEC_PARAM)) + sec_param = OPT_ARG(SEC_PARAM); + if (HAVE_OPT(BITS)) + bits = OPT_VALUE_BITS; + + + if (HAVE_OPT(GENERATE_RSA)) { + key_type = GNUTLS_PK_RSA; + bits = get_bits(key_type, bits, sec_param, 0); + tpm_generate(outfile, key_type, bits, genflags); + } else if (HAVE_OPT(PUBKEY)) { + tpm_pubkey(OPT_ARG(PUBKEY), outfile); + } else if (HAVE_OPT(DELETE)) { + tpm_delete(OPT_ARG(DELETE), outfile); + } else if (HAVE_OPT(LIST)) { + tpm_list(outfile); + } else { + USAGE(1); + } + + fclose(outfile); + + gnutls_global_deinit(); } -static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int bits, unsigned int flags) +static void tpm_generate(FILE * outfile, unsigned int key_type, + unsigned int bits, unsigned int flags) { - int ret; - char* srk_pass, *key_pass = NULL; - gnutls_datum_t privkey, pubkey; - - srk_pass = getpass ("Enter SRK password: "); - if (srk_pass != NULL) - srk_pass = strdup(srk_pass); - - if (!(flags & GNUTLS_TPM_REGISTER_KEY)) - { - key_pass = getpass ("Enter key password: "); - if (key_pass != NULL) - key_pass = strdup(srk_pass); - } - - ret = gnutls_tpm_privkey_generate(key_type, bits, srk_pass, key_pass, - outkey_format, outcert_format, - &privkey, &pubkey, - flags); - - free(key_pass); - free(srk_pass); - - if (ret < 0) - { - fprintf (stderr, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret)); - exit(1); - } + int ret; + char *srk_pass, *key_pass = NULL; + gnutls_datum_t privkey, pubkey; + + srk_pass = getpass("Enter SRK password: "); + if (srk_pass != NULL) + srk_pass = strdup(srk_pass); + + if (!(flags & GNUTLS_TPM_REGISTER_KEY)) { + key_pass = getpass("Enter key password: "); + if (key_pass != NULL) + key_pass = strdup(srk_pass); + } + + ret = + gnutls_tpm_privkey_generate(key_type, bits, srk_pass, key_pass, + outkey_format, outcert_format, + &privkey, &pubkey, flags); + + free(key_pass); + free(srk_pass); + + if (ret < 0) { + fprintf(stderr, "gnutls_tpm_privkey_generate: %s", + gnutls_strerror(ret)); + exit(1); + } /* fwrite (pubkey.data, 1, pubkey.size, outfile); fputs ("\n", outfile);*/ - fwrite (privkey.data, 1, privkey.size, outfile); - fputs ("\n", outfile); - - gnutls_free(privkey.data); - gnutls_free(pubkey.data); + fwrite(privkey.data, 1, privkey.size, outfile); + fputs("\n", outfile); + + gnutls_free(privkey.data); + gnutls_free(pubkey.data); } -static void tpm_delete(const char* url, FILE* outfile) +static void tpm_delete(const char *url, FILE * outfile) { - int ret; - char* srk_pass; - - srk_pass = getpass ("Enter SRK password: "); - - ret = gnutls_tpm_privkey_delete(url, srk_pass); - if (ret < 0) - { - fprintf (stderr, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret)); - exit(1); - } - - fprintf (outfile, "Key %s deleted\n", url); + int ret; + char *srk_pass; + + srk_pass = getpass("Enter SRK password: "); + + ret = gnutls_tpm_privkey_delete(url, srk_pass); + if (ret < 0) { + fprintf(stderr, "gnutls_tpm_privkey_delete: %s", + gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "Key %s deleted\n", url); } -static void tpm_list(FILE* outfile) +static void tpm_list(FILE * outfile) { - int ret; - gnutls_tpm_key_list_t list; - unsigned int i; - char* url; - - ret = gnutls_tpm_get_registered (&list); - if (ret < 0) - { - fprintf (stderr, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret)); - exit(1); - } - - fprintf(outfile, "Available keys:\n"); - for (i=0;;i++) - { - ret = gnutls_tpm_key_list_get_url(list, i, &url, 0); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - else if (ret < 0) - { - fprintf (stderr, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret)); - exit(1); - } - - fprintf(outfile, "\t%u: %s\n", i, url); - gnutls_free(url); - } - - fputs ("\n", outfile); + int ret; + gnutls_tpm_key_list_t list; + unsigned int i; + char *url; + + ret = gnutls_tpm_get_registered(&list); + if (ret < 0) { + fprintf(stderr, "gnutls_tpm_get_registered: %s", + gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "Available keys:\n"); + for (i = 0;; i++) { + ret = gnutls_tpm_key_list_get_url(list, i, &url, 0); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + else if (ret < 0) { + fprintf(stderr, "gnutls_tpm_key_list_get_url: %s", + gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\t%u: %s\n", i, url); + gnutls_free(url); + } + + fputs("\n", outfile); } -static void tpm_pubkey(const char* url, FILE* outfile) +static void tpm_pubkey(const char *url, FILE * outfile) { - int ret; - char* srk_pass; - gnutls_pubkey_t pubkey; - - srk_pass = getpass ("Enter SRK password: "); - if (srk_pass != NULL) - srk_pass = strdup(srk_pass); + int ret; + char *srk_pass; + gnutls_pubkey_t pubkey; + + srk_pass = getpass("Enter SRK password: "); + if (srk_pass != NULL) + srk_pass = strdup(srk_pass); - gnutls_pubkey_init(&pubkey); + gnutls_pubkey_init(&pubkey); - ret = gnutls_pubkey_import_tpm_url(pubkey, url, srk_pass, 0); + ret = gnutls_pubkey_import_tpm_url(pubkey, url, srk_pass, 0); - free(srk_pass); + free(srk_pass); - if (ret < 0) - { - fprintf (stderr, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret)); - exit(1); - } + if (ret < 0) { + fprintf(stderr, "gnutls_pubkey_import_tpm_url: %s", + gnutls_strerror(ret)); + exit(1); + } - _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey); + _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey); - gnutls_pubkey_deinit(pubkey); + gnutls_pubkey_deinit(pubkey); } |