diff options
| author | Hongxu Jia <hongxu.jia@windriver.com> | 2018-09-26 00:10:13 +0800 |
|---|---|---|
| committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-09-26 08:28:11 +0800 |
| commit | 176178136118dde3ca40a81b239d64083aa579b2 (patch) | |
| tree | f45ec57a38fa3fb95af754396666d0fbf72e90b2 | |
| parent | c2ce285ad744fe2d41cef1c1de127272dddaea1a (diff) | |
| download | meta-secure-core-176178136118dde3ca40a81b239d64083aa579b2.tar.gz | |
openssl-tpm-engine: rebase 0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch to 0.5.0
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
2 files changed, 41 insertions, 33 deletions
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch index 0301308..d60362a 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch | |||
| @@ -16,17 +16,20 @@ export TPM_KEY_ENC_PW=xxxxxxxx | |||
| 16 | "xxxxxxxx" is the encrypted TPM key password for libtpm.so. | 16 | "xxxxxxxx" is the encrypted TPM key password for libtpm.so. |
| 17 | 17 | ||
| 18 | Signed-off-by: Meng Li <Meng.Li@windriver.com> | 18 | Signed-off-by: Meng Li <Meng.Li@windriver.com> |
| 19 | |||
| 20 | Rebase to 0.5.0 | ||
| 21 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 19 | --- | 22 | --- |
| 20 | e_tpm.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++-------------- | 23 | src/e_tpm.c | 110 +++++++++++++++++++++++++++++++++++++++++++------------- |
| 21 | e_tpm.h | 4 +-- | 24 | src/e_tpm.h | 4 +-- |
| 22 | e_tpm_err.c | 4 +-- | 25 | src/e_tpm_err.c | 4 +-- |
| 23 | 3 files changed, 89 insertions(+), 29 deletions(-) | 26 | 3 files changed, 89 insertions(+), 29 deletions(-) |
| 24 | 27 | ||
| 25 | diff --git a/e_tpm.c b/e_tpm.c | 28 | diff --git a/src/e_tpm.c b/src/e_tpm.c |
| 26 | index 11bf74b..ee86a3a 100644 | 29 | index afbf720..6347f0e 100644 |
| 27 | --- a/e_tpm.c | 30 | --- a/src/e_tpm.c |
| 28 | +++ b/e_tpm.c | 31 | +++ b/src/e_tpm.c |
| 29 | @@ -275,7 +275,7 @@ static int tpm_decode_base64(unsigned char *indata, | 32 | @@ -290,7 +290,7 @@ static int tpm_decode_base64(unsigned char *indata, |
| 30 | return 0; | 33 | return 0; |
| 31 | } | 34 | } |
| 32 | 35 | ||
| @@ -35,7 +38,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 35 | unsigned char *outdata, | 38 | unsigned char *outdata, |
| 36 | int *out_len) | 39 | int *out_len) |
| 37 | { | 40 | { |
| 38 | @@ -288,35 +288,35 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, | 41 | @@ -303,35 +303,35 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, |
| 39 | const EVP_MD *dgst = NULL; | 42 | const EVP_MD *dgst = NULL; |
| 40 | EVP_CIPHER_CTX *ctx = NULL; | 43 | EVP_CIPHER_CTX *ctx = NULL; |
| 41 | 44 | ||
| @@ -80,7 +83,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 80 | free(aes_pw); | 83 | free(aes_pw); |
| 81 | return 1; | 84 | return 1; |
| 82 | } | 85 | } |
| 83 | @@ -325,14 +325,14 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, | 86 | @@ -340,14 +340,14 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, |
| 84 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); | 87 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); |
| 85 | 88 | ||
| 86 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 0)) { | 89 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 0)) { |
| @@ -97,7 +100,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 97 | free(aes_pw); | 100 | free(aes_pw); |
| 98 | EVP_CIPHER_CTX_free(ctx); | 101 | EVP_CIPHER_CTX_free(ctx); |
| 99 | return 1; | 102 | return 1; |
| 100 | @@ -340,7 +340,7 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, | 103 | @@ -355,7 +355,7 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, |
| 101 | 104 | ||
| 102 | if (!EVP_CipherFinal_ex(ctx, dec_data + dec_data_len, &dec_data_lenfinal)) { | 105 | if (!EVP_CipherFinal_ex(ctx, dec_data + dec_data_len, &dec_data_lenfinal)) { |
| 103 | /* Error */ | 106 | /* Error */ |
| @@ -106,7 +109,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 106 | free(aes_pw); | 109 | free(aes_pw); |
| 107 | EVP_CIPHER_CTX_free(ctx); | 110 | EVP_CIPHER_CTX_free(ctx); |
| 108 | return 1; | 111 | return 1; |
| 109 | @@ -448,8 +448,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) | 112 | @@ -463,8 +463,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) |
| 110 | return 0; | 113 | return 0; |
| 111 | } | 114 | } |
| 112 | 115 | ||
| @@ -116,7 +119,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 116 | Tspi_Context_CloseObject(hContext, hSRK); | 119 | Tspi_Context_CloseObject(hContext, hSRK); |
| 117 | free(auth); | 120 | free(auth); |
| 118 | free(out_buf); | 121 | free(out_buf); |
| 119 | @@ -460,7 +459,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) | 122 | @@ -475,7 +474,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) |
| 120 | free(out_buf); | 123 | free(out_buf); |
| 121 | } | 124 | } |
| 122 | #ifdef TPM_SRK_PLAIN_PW | 125 | #ifdef TPM_SRK_PLAIN_PW |
| @@ -125,7 +128,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 125 | if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { | 128 | if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { |
| 126 | memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); | 129 | memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); |
| 127 | secretMode = TSS_SECRET_MODE_SHA1; | 130 | secretMode = TSS_SECRET_MODE_SHA1; |
| 128 | @@ -807,6 +806,9 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, | 131 | @@ -832,6 +831,9 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, |
| 129 | if (authusage) { | 132 | if (authusage) { |
| 130 | TSS_HPOLICY hPolicy; | 133 | TSS_HPOLICY hPolicy; |
| 131 | BYTE *auth; | 134 | BYTE *auth; |
| @@ -135,7 +138,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 135 | 138 | ||
| 136 | if ((auth = calloc(1, 128)) == NULL) { | 139 | if ((auth = calloc(1, 128)) == NULL) { |
| 137 | Tspi_Context_CloseObject(hContext, hKey); | 140 | Tspi_Context_CloseObject(hContext, hKey); |
| 138 | @@ -814,13 +816,71 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, | 141 | @@ -839,13 +841,71 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, |
| 139 | return NULL; | 142 | return NULL; |
| 140 | } | 143 | } |
| 141 | 144 | ||
| @@ -214,7 +217,7 @@ index 11bf74b..ee86a3a 100644 | |||
| 214 | } | 217 | } |
| 215 | 218 | ||
| 216 | if ((result = Tspi_Context_CreateObject(hContext, | 219 | if ((result = Tspi_Context_CreateObject(hContext, |
| 217 | @@ -842,8 +902,8 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, | 220 | @@ -867,8 +927,8 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, |
| 218 | } | 221 | } |
| 219 | 222 | ||
| 220 | if ((result = Tspi_Policy_SetSecret(hPolicy, | 223 | if ((result = Tspi_Policy_SetSecret(hPolicy, |
| @@ -225,10 +228,10 @@ index 11bf74b..ee86a3a 100644 | |||
| 225 | Tspi_Context_CloseObject(hContext, hKey); | 228 | Tspi_Context_CloseObject(hContext, hKey); |
| 226 | Tspi_Context_CloseObject(hContext, hPolicy); | 229 | Tspi_Context_CloseObject(hContext, hPolicy); |
| 227 | free(auth); | 230 | free(auth); |
| 228 | diff --git a/e_tpm.h b/e_tpm.h | 231 | diff --git a/src/e_tpm.h b/src/e_tpm.h |
| 229 | index 56ff202..7faf744 100644 | 232 | index 56ff202..7faf744 100644 |
| 230 | --- a/e_tpm.h | 233 | --- a/src/e_tpm.h |
| 231 | +++ b/e_tpm.h | 234 | +++ b/src/e_tpm.h |
| 232 | @@ -67,7 +67,7 @@ void ERR_TSS_error(int function, int reason, char *file, int line); | 235 | @@ -67,7 +67,7 @@ void ERR_TSS_error(int function, int reason, char *file, int line); |
| 233 | #define TPM_F_TPM_ENGINE_GET_AUTH 117 | 236 | #define TPM_F_TPM_ENGINE_GET_AUTH 117 |
| 234 | #define TPM_F_TPM_CREATE_SRK_POLICY 118 | 237 | #define TPM_F_TPM_CREATE_SRK_POLICY 118 |
| @@ -247,11 +250,11 @@ index 56ff202..7faf744 100644 | |||
| 247 | 250 | ||
| 248 | /* structure pointed to by the RSA object's app_data pointer */ | 251 | /* structure pointed to by the RSA object's app_data pointer */ |
| 249 | struct rsa_app_data | 252 | struct rsa_app_data |
| 250 | diff --git a/e_tpm_err.c b/e_tpm_err.c | 253 | diff --git a/src/e_tpm_err.c b/src/e_tpm_err.c |
| 251 | index 439e267..f8ce624 100644 | 254 | index bffe686..b04dffb 100644 |
| 252 | --- a/e_tpm_err.c | 255 | --- a/src/e_tpm_err.c |
| 253 | +++ b/e_tpm_err.c | 256 | +++ b/src/e_tpm_err.c |
| 254 | @@ -236,7 +236,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { | 257 | @@ -235,7 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { |
| 255 | {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, | 258 | {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, |
| 256 | {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, | 259 | {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, |
| 257 | {ERR_PACK(0, TPM_F_TPM_DECODE_BASE64, 0), "TPM_DECODE_BASE64"}, | 260 | {ERR_PACK(0, TPM_F_TPM_DECODE_BASE64, 0), "TPM_DECODE_BASE64"}, |
| @@ -260,7 +263,7 @@ index 439e267..f8ce624 100644 | |||
| 260 | {0, NULL} | 263 | {0, NULL} |
| 261 | }; | 264 | }; |
| 262 | 265 | ||
| 263 | @@ -268,7 +268,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { | 266 | @@ -267,7 +267,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { |
| 264 | {TPM_R_ID_INVALID, "engine id doesn't match"}, | 267 | {TPM_R_ID_INVALID, "engine id doesn't match"}, |
| 265 | {TPM_R_UI_METHOD_FAILED, "ui function failed"}, | 268 | {TPM_R_UI_METHOD_FAILED, "ui function failed"}, |
| 266 | {TPM_R_DECODE_BASE64_FAILED, "decode base64 failed"}, | 269 | {TPM_R_DECODE_BASE64_FAILED, "decode base64 failed"}, |
| @@ -270,5 +273,5 @@ index 439e267..f8ce624 100644 | |||
| 270 | }; | 273 | }; |
| 271 | 274 | ||
| 272 | -- | 275 | -- |
| 273 | 2.9.3 | 276 | 2.7.4 |
| 274 | 277 | ||
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 0f98b79..3d7bd05 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | |||
| @@ -13,6 +13,7 @@ SRC_URI = "\ | |||
| 13 | file://0002-libtpm-support-env-TPM_SRK_PW.patch \ | 13 | file://0002-libtpm-support-env-TPM_SRK_PW.patch \ |
| 14 | file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ | 14 | file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ |
| 15 | file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ | 15 | file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ |
| 16 | file://0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch \ | ||
| 16 | file://openssl11_build_fix.patch \ | 17 | file://openssl11_build_fix.patch \ |
| 17 | " | 18 | " |
| 18 | SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf" | 19 | SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf" |
| @@ -27,19 +28,23 @@ inherit autotools-brokensep pkgconfig | |||
| 27 | # srk_dec_pw = "incendia" | 28 | # srk_dec_pw = "incendia" |
| 28 | # srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" | 29 | # srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" |
| 29 | # srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" | 30 | # srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" |
| 30 | # | 31 | |
| 32 | # The definitions below are used to decrypt the passwords of both srk and loaded key. | ||
| 33 | dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" | ||
| 34 | dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" | ||
| 35 | CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" | ||
| 36 | |||
| 31 | # Due to the limit of escape character, the hybrid must be written in | 37 | # Due to the limit of escape character, the hybrid must be written in |
| 32 | # above style. The actual values defined below in C code style are: | 38 | # above style. The actual values defined below in C code style are: |
| 33 | # srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' }; | 39 | # dec_pw[] = {0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a'}; |
| 34 | # srk_dec_salt[] = { 'r', 0x00, 0x00, 't' }; | 40 | # dec_salt[] = {'r', 0x00, 0x00, 't'}; |
| 35 | srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" | ||
| 36 | srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" | ||
| 37 | |||
| 38 | CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" | ||
| 39 | 41 | ||
| 40 | # Uncomment below line if using the plain srk password for development | 42 | # Uncomment below line if using the plain srk password for development |
| 41 | #CFLAGS_append += "-DTPM_SRK_PLAIN_PW" | 43 | #CFLAGS_append += "-DTPM_SRK_PLAIN_PW" |
| 42 | 44 | ||
| 45 | # Uncomment below line if using the plain tpm key password for development | ||
| 46 | #CFLAGS_append += "-DTPM_KEY_PLAIN_PW" | ||
| 47 | |||
| 43 | do_configure_prepend() { | 48 | do_configure_prepend() { |
| 44 | cd ${B} | 49 | cd ${B} |
| 45 | cp LICENSE COPYING | 50 | cp LICENSE COPYING |