1Upstream-Status: Pending
2
3commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
4Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
5Date:   Wed Jun 19 18:57:13 2013 +0800
6
7support reading SRK password from env TPM_SRK_PW
8
9Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially,
10use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
11
12Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
13
14Index: git/src/e_tpm.c
15===================================================================
16--- git.orig/src/e_tpm.c
17+++ git/src/e_tpm.c
18@@ -38,6 +38,8 @@
19 #include "e_tpm.h"
20 #include "ssl_compat.h"
21
22+#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
23+
24 //#define DLOPEN_TSPI
25
26 #ifndef OPENSSL_NO_HW
27@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
28 	TSS_RESULT result;
29 	UINT32 authusage;
30 	BYTE *auth;
31+	char *srkPasswd = NULL;
32+	TSS_FLAG secretMode = secret_mode;
33+	int authlen = 0;
34+
35
36 	if (hSRK != NULL_HKEY) {
37 		DBGFN("SRK is already loaded.");
38@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
39 		return 0;
40 	}
41
42-	if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
43-				cb_data)) {
44-		Tspi_Context_CloseObject(hContext, hSRK);
45-		free(auth);
46-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
47-		return 0;
48+	srkPasswd = getenv("TPM_SRK_PW");
49+	if (NULL != srkPasswd) {
50+		if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
51+			memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
52+			secretMode = TSS_SECRET_MODE_SHA1;
53+			authlen = TPM_WELL_KNOWN_KEY_LEN;
54+		} else {
55+			int authbuflen = 128;
56+			memset(auth, 0, authbuflen);
57+			strncpy(auth, srkPasswd, authbuflen-1);
58+			secretMode = TSS_SECRET_MODE_PLAIN;
59+			authlen = strlen(auth);
60+		}
61+	}
62+	else {
63+		if (!tpm_engine_get_auth(ui, (char *)auth, 128,
64+				"SRK authorization: ", cb_data)) {
65+			Tspi_Context_CloseObject(hContext, hSRK);
66+			free(auth);
67+			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
68+			return 0;
69+		}
70+		secretMode = secret_mode;
71+		authlen = strlen(auth);
72 	}
73
74 	/* secret_mode is a global that may be set by engine ctrl
75 	 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
76-	if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
77-					      strlen((char *)auth), auth))) {
78+	if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode,
79+					      authlen, auth))) {
80 		Tspi_Context_CloseObject(hContext, hSRK);
81 		free(auth);
82 		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
83