1commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
2Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
3Date:   Wed Jun 19 18:57:13 2013 +0800
4
5support reading SRK password from env TPM_SRK_PW
6
7Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially,
8use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
9
10Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
11
12Index: git/src/e_tpm.c
13===================================================================
14--- git.orig/src/e_tpm.c
15+++ git/src/e_tpm.c
16@@ -38,6 +38,8 @@
17 #include "e_tpm.h"
18 #include "ssl_compat.h"
19
20+#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
21+
22 //#define DLOPEN_TSPI
23
24 #ifndef OPENSSL_NO_HW
25@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
26 	TSS_RESULT result;
27 	UINT32 authusage;
28 	BYTE *auth;
29+	char *srkPasswd = NULL;
30+	TSS_FLAG secretMode = secret_mode;
31+	int authlen = 0;
32+
33
34 	if (hSRK != NULL_HKEY) {
35 		DBGFN("SRK is already loaded.");
36@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
37 		return 0;
38 	}
39
40-	if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
41-				cb_data)) {
42-		Tspi_Context_CloseObject(hContext, hSRK);
43-		free(auth);
44-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
45-		return 0;
46+	srkPasswd = getenv("TPM_SRK_PW");
47+	if (NULL != srkPasswd) {
48+		if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
49+			memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
50+			secretMode = TSS_SECRET_MODE_SHA1;
51+			authlen = TPM_WELL_KNOWN_KEY_LEN;
52+		} else {
53+			int authbuflen = 128;
54+			memset(auth, 0, authbuflen);
55+			strncpy(auth, srkPasswd, authbuflen-1);
56+			secretMode = TSS_SECRET_MODE_PLAIN;
57+			authlen = strlen(auth);
58+		}
59+	}
60+	else {
61+		if (!tpm_engine_get_auth(ui, (char *)auth, 128,
62+				"SRK authorization: ", cb_data)) {
63+			Tspi_Context_CloseObject(hContext, hSRK);
64+			free(auth);
65+			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
66+			return 0;
67+		}
68+		secretMode = secret_mode;
69+		authlen = strlen(auth);
70 	}
71
72 	/* secret_mode is a global that may be set by engine ctrl
73 	 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
74-	if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
75-					      strlen((char *)auth), auth))) {
76+	if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode,
77+					      authlen, auth))) {
78 		Tspi_Context_CloseObject(hContext, hSRK);
79 		free(auth);
80 		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
81