From 176178136118dde3ca40a81b239d64083aa579b2 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Wed, 26 Sep 2018 00:10:13 +0800 Subject: openssl-tpm-engine: rebase 0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch to 0.5.0 Signed-off-by: Hongxu Jia --- ...-tpm-engine-parse-an-encrypted-TPM-key-pa.patch | 55 ++++++++++++---------- .../openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 19 +++++--- 2 files changed, 41 insertions(+), 33 deletions(-) diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch index 0301308..d60362a 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch @@ -16,17 +16,20 @@ export TPM_KEY_ENC_PW=xxxxxxxx "xxxxxxxx" is the encrypted TPM key password for libtpm.so. Signed-off-by: Meng Li + +Rebase to 0.5.0 +Signed-off-by: Hongxu Jia --- - e_tpm.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++-------------- - e_tpm.h | 4 +-- - e_tpm_err.c | 4 +-- + src/e_tpm.c | 110 +++++++++++++++++++++++++++++++++++++++++++------------- + src/e_tpm.h | 4 +-- + src/e_tpm_err.c | 4 +-- 3 files changed, 89 insertions(+), 29 deletions(-) -diff --git a/e_tpm.c b/e_tpm.c -index 11bf74b..ee86a3a 100644 ---- a/e_tpm.c -+++ b/e_tpm.c -@@ -275,7 +275,7 @@ static int tpm_decode_base64(unsigned char *indata, +diff --git a/src/e_tpm.c b/src/e_tpm.c +index afbf720..6347f0e 100644 +--- a/src/e_tpm.c ++++ b/src/e_tpm.c +@@ -290,7 +290,7 @@ static int tpm_decode_base64(unsigned char *indata, return 0; } @@ -35,7 +38,7 @@ index 11bf74b..ee86a3a 100644 unsigned char *outdata, int *out_len) { -@@ -288,35 +288,35 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, +@@ -303,35 +303,35 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, const EVP_MD *dgst = NULL; EVP_CIPHER_CTX *ctx = NULL; @@ -80,7 +83,7 @@ index 11bf74b..ee86a3a 100644 free(aes_pw); return 1; } -@@ -325,14 +325,14 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, +@@ -340,14 +340,14 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 0)) { @@ -97,7 +100,7 @@ index 11bf74b..ee86a3a 100644 free(aes_pw); EVP_CIPHER_CTX_free(ctx); return 1; -@@ -340,7 +340,7 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, +@@ -355,7 +355,7 @@ static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, if (!EVP_CipherFinal_ex(ctx, dec_data + dec_data_len, &dec_data_lenfinal)) { /* Error */ @@ -106,7 +109,7 @@ index 11bf74b..ee86a3a 100644 free(aes_pw); EVP_CIPHER_CTX_free(ctx); return 1; -@@ -448,8 +448,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -463,8 +463,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) return 0; } @@ -116,7 +119,7 @@ index 11bf74b..ee86a3a 100644 Tspi_Context_CloseObject(hContext, hSRK); free(auth); free(out_buf); -@@ -460,7 +459,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -475,7 +474,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) free(out_buf); } #ifdef TPM_SRK_PLAIN_PW @@ -125,7 +128,7 @@ index 11bf74b..ee86a3a 100644 if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); secretMode = TSS_SECRET_MODE_SHA1; -@@ -807,6 +806,9 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, +@@ -832,6 +831,9 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, if (authusage) { TSS_HPOLICY hPolicy; BYTE *auth; @@ -135,7 +138,7 @@ index 11bf74b..ee86a3a 100644 if ((auth = calloc(1, 128)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); -@@ -814,13 +816,71 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, +@@ -839,13 +841,71 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, return NULL; } @@ -214,7 +217,7 @@ index 11bf74b..ee86a3a 100644 } if ((result = Tspi_Context_CreateObject(hContext, -@@ -842,8 +902,8 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, +@@ -867,8 +927,8 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, } if ((result = Tspi_Policy_SetSecret(hPolicy, @@ -225,10 +228,10 @@ index 11bf74b..ee86a3a 100644 Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); -diff --git a/e_tpm.h b/e_tpm.h +diff --git a/src/e_tpm.h b/src/e_tpm.h index 56ff202..7faf744 100644 ---- a/e_tpm.h -+++ b/e_tpm.h +--- a/src/e_tpm.h ++++ b/src/e_tpm.h @@ -67,7 +67,7 @@ void ERR_TSS_error(int function, int reason, char *file, int line); #define TPM_F_TPM_ENGINE_GET_AUTH 117 #define TPM_F_TPM_CREATE_SRK_POLICY 118 @@ -247,11 +250,11 @@ index 56ff202..7faf744 100644 /* structure pointed to by the RSA object's app_data pointer */ struct rsa_app_data -diff --git a/e_tpm_err.c b/e_tpm_err.c -index 439e267..f8ce624 100644 ---- a/e_tpm_err.c -+++ b/e_tpm_err.c -@@ -236,7 +236,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { +diff --git a/src/e_tpm_err.c b/src/e_tpm_err.c +index bffe686..b04dffb 100644 +--- a/src/e_tpm_err.c ++++ b/src/e_tpm_err.c +@@ -235,7 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, {ERR_PACK(0, TPM_F_TPM_DECODE_BASE64, 0), "TPM_DECODE_BASE64"}, @@ -260,7 +263,7 @@ index 439e267..f8ce624 100644 {0, NULL} }; -@@ -268,7 +268,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { +@@ -267,7 +267,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { {TPM_R_ID_INVALID, "engine id doesn't match"}, {TPM_R_UI_METHOD_FAILED, "ui function failed"}, {TPM_R_DECODE_BASE64_FAILED, "decode base64 failed"}, @@ -270,5 +273,5 @@ index 439e267..f8ce624 100644 }; -- -2.9.3 +2.7.4 diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 0f98b79..3d7bd05 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -13,6 +13,7 @@ SRC_URI = "\ file://0002-libtpm-support-env-TPM_SRK_PW.patch \ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ + file://0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch \ file://openssl11_build_fix.patch \ " SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf" @@ -27,19 +28,23 @@ inherit autotools-brokensep pkgconfig # srk_dec_pw = "incendia" # srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" # srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" -# + +# The definitions below are used to decrypt the passwords of both srk and loaded key. +dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" +dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" +CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}" + # Due to the limit of escape character, the hybrid must be written in # above style. The actual values defined below in C code style are: -# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' }; -# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' }; -srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" -srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" - -CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" +# dec_pw[] = {0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a'}; +# dec_salt[] = {'r', 0x00, 0x00, 't'}; # Uncomment below line if using the plain srk password for development #CFLAGS_append += "-DTPM_SRK_PLAIN_PW" +# Uncomment below line if using the plain tpm key password for development +#CFLAGS_append += "-DTPM_KEY_PLAIN_PW" + do_configure_prepend() { cd ${B} cp LICENSE COPYING -- cgit v1.2.3-54-g00ecf