|
| 1 | +/* external_import.c |
| 2 | + * |
| 3 | + * Copyright (C) 2006-2023 wolfSSL Inc. |
| 4 | + * |
| 5 | + * This file is part of wolfTPM. |
| 6 | + * |
| 7 | + * wolfTPM is free software; you can redistribute it and/or modify |
| 8 | + * it under the terms of the GNU General Public License as published by |
| 9 | + * the Free Software Foundation; either version 2 of the License, or |
| 10 | + * (at your option) any later version. |
| 11 | + * |
| 12 | + * wolfTPM is distributed in the hope that it will be useful, |
| 13 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 15 | + * GNU General Public License for more details. |
| 16 | + * |
| 17 | + * You should have received a copy of the GNU General Public License |
| 18 | + * along with this program; if not, write to the Free Software |
| 19 | + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| 20 | + */ |
| 21 | + |
| 22 | +/* Example for importing an external RSA key with seed and creating a |
| 23 | + * child key under it. */ |
| 24 | + |
| 25 | +#include <wolftpm/tpm2_wrap.h> |
| 26 | + |
| 27 | +#include <stdio.h> |
| 28 | + |
| 29 | +#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) |
| 30 | + |
| 31 | +#include <examples/keygen/keygen.h> |
| 32 | +#include <hal/tpm_io.h> |
| 33 | + |
| 34 | +/* from certs/example-rsa-key.pem */ |
| 35 | +const char* extRSAPrivatePem = |
| 36 | +"-----BEGIN PRIVATE KEY-----\n" |
| 37 | +"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCePbYR1SIZAL/2\n" |
| 38 | +"8FYbgpxynENgvHACM9LczZnsgVkZYxx3O9DTba2VTxhMN21i/aocJCzZB35qvz+R\n" |
| 39 | +"ickyvWBqPDXauJEn9icPXgSknqxzw0ZATzL0wbq/Tk5T+oITFFCGJ8/baFoktOKu\n" |
| 40 | +"iP5H50Dx6X2W1qNHiLkbGq7NbXHA8YG2wzK9kwikowSXQVB7pZ5bgjW2q73vIGSs\n" |
| 41 | +"eW802f7I/30wbf4oR1vfk4OQursT9sl2CFLNt5bJSw6lFTm4BOgC7Q3bpHPzC/YK\n" |
| 42 | +"uFYWKGeQL9GCsEZVWHCM6vzek6SNwQ0eoQ0i9IuF0os/0nJDwdXEZX9OoBhFT717\n" |
| 43 | +"svlxDXpFAgMBAAECggEABYIV6Jx/5ZloVTbr9GSxP+8PDFq61mTJ6fwxJ7Gf8ZmI\n" |
| 44 | +"1+Cp5fYrJOeeK6cBRIEabwTWV86iOKKEGrOOYJkFdmU2pbCngtnXZbpK1JUeYSAy\n" |
| 45 | +"vZHULv9gWgDmipdNeE8Md4MCwfspqh3uxw8HNOcIlHMhd0Ls55RLhzVAUO/GliXz\n" |
| 46 | +"5HIDhohyQAUvPvkwz1yrPNn5BQwMlJBARc2OKSKf+pJrlFw1KJWR9TKzGvRzMbI4\n" |
| 47 | +"gwrq9BZ5LCX5y6C7BpuzXdySHXofwihPNmi1KU/88cWhas2E0Xz+p+N/ifmkquTN\n" |
| 48 | +"3EqzqKBW+xobryM6X9JfQ6has211eUaZKNuU2/idKQKBgQC5rymu0UKHuAkr4uPS\n" |
| 49 | +"NLGmaWb4p+kDNxbVyzS2ENjtoJ6JyEo/pZQrTG4S/kCWFgGsuztCbx+1Kgk0Pgwi\n" |
| 50 | +"znaGvcfrjiP9XE1oVfMifA2JmH+drjASyjPqNfsf0BKQtlk0nZXwUO/C1FQ5vUU4\n" |
| 51 | +"lpmpx4EhTnucQ9E7r0+uXnQHTQKBgQDaKh4bBV7dLBF4ZxwCdydMMSZkBgckBiH7\n" |
| 52 | +"83BvyLW6I0GKXcFTa7KKLgTj41pXeWh6bmM9365+Cr8fxTZop28EfGRYFBMp08/g\n" |
| 53 | +"wHpmS3NZ4moSgirJ+PhZsH+nBq89W75INR7BqV4SAc3n4lcwv9eBL9q0Q/YJZ1ph\n" |
| 54 | +"NCKvz79y2QKBgFyDFPVwdQFBg/BFntRARLJwmUkR/1oGvG3QTHbZdfsOp25mR/fl\n" |
| 55 | +"+yiHb+AupOciF7uDnUbALsAILYXF1C4TR6JiM5T8wJmev0JYcEaiH+yJ+isJehIi\n" |
| 56 | +"hDMQqglzlYxcDZ3VVbrh2FLtjvklf7Nt9SlNqNx7ScLVVw2xjrWFgbGRAoGBAMjo\n" |
| 57 | +"Wnsl0fu6Noh74/Z9RmpLJQCd8HuDTk6ZHCVFX91/1D6ZIo0xM+U+hfBbkfnWa5m8\n" |
| 58 | +"CJaVZDrcqK+YTQfJkVo/N6VJL3Coh9qBRvbnat4OvQI4bzE6n3LxME1fwYeu8ifL\n" |
| 59 | +"C3zq/R92G+n8rbDOKqbkq/KwV2bHkBrOCVeA6NzZAoGACztyZbS5jCuSlPqk/xoN\n" |
| 60 | +"EzX9Cev/GipF5tZMeOcQlty+anPg3TC70O06yZ1SIJKLzOOyoPCUDNrM2M5TCaau\n" |
| 61 | +"vT0vW1GeNAryc+q9aOmFT3AlZ93Tfst+90Q+NJecEEhkO43tU5S1ZK2iVf9XAOV6\n" |
| 62 | +"ovHegJU35IUeaoyg23HjFWU=\n" |
| 63 | +"-----END PRIVATE KEY-----"; |
| 64 | + |
| 65 | +static void usage(void) |
| 66 | +{ |
| 67 | + printf("Expected usage:\n"); |
| 68 | + printf("./examples/keygen/external_import [-ecc/-rsa]\n"); |
| 69 | + printf("Primary Key Type:\n"); |
| 70 | + printf("\t-rsa: Use RSA SRK (DEFAULT)\n"); |
| 71 | + printf("\t-ecc: Use ECC SRK\n"); |
| 72 | +} |
| 73 | + |
| 74 | +int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[]) |
| 75 | +{ |
| 76 | + int rc; |
| 77 | + WOLFTPM2_DEV dev; |
| 78 | + WOLFTPM2_KEY storage; /* SRK */ |
| 79 | + WOLFTPM2_KEY *primary; |
| 80 | + WOLFTPM2_KEYBLOB* key2; |
| 81 | + WOLFTPM2_KEYBLOB* rsaKey3; |
| 82 | + TPM2B_DIGEST seedValue; |
| 83 | + TPMT_PUBLIC publicTemplate3; |
| 84 | + TPMA_OBJECT attributes; |
| 85 | + TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; |
| 86 | + |
| 87 | + if (argc >= 2) { |
| 88 | + if (XSTRCMP(argv[1], "-?") == 0 || |
| 89 | + XSTRCMP(argv[1], "-h") == 0 || |
| 90 | + XSTRCMP(argv[1], "--help") == 0) { |
| 91 | + usage(); |
| 92 | + return 0; |
| 93 | + } |
| 94 | + } |
| 95 | + while (argc > 1) { |
| 96 | + if (XSTRCMP(argv[argc-1], "-rsa") == 0) { |
| 97 | + alg = TPM_ALG_RSA; |
| 98 | + } |
| 99 | + else if (XSTRCMP(argv[argc-1], "-ecc") == 0) { |
| 100 | + alg = TPM_ALG_ECC; |
| 101 | + } |
| 102 | + else { |
| 103 | + printf("Warning: Unrecognized option: %s\n", argv[argc-1]); |
| 104 | + } |
| 105 | + |
| 106 | + argc--; |
| 107 | + } |
| 108 | + |
| 109 | + key2 = wolfTPM2_NewKeyBlob(); |
| 110 | + rsaKey3 = wolfTPM2_NewKeyBlob(); |
| 111 | + primary = &storage; |
| 112 | + |
| 113 | + rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL); |
| 114 | + if (rc != TPM_RC_SUCCESS) { |
| 115 | + printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); |
| 116 | + goto exit; |
| 117 | + } |
| 118 | + |
| 119 | + /* RSA or ECC (faster) SRK */ |
| 120 | + rc = wolfTPM2_CreateSRK(&dev, &storage, alg, NULL, 0); |
| 121 | + if (rc != 0) { |
| 122 | + printf("Failed to wolfTPM2_CreateSRK\n"); |
| 123 | + goto exit; |
| 124 | + } |
| 125 | + |
| 126 | + /* Second level key */ |
| 127 | + attributes = (TPMA_OBJECT_restricted | |
| 128 | + TPMA_OBJECT_sensitiveDataOrigin | |
| 129 | + TPMA_OBJECT_decrypt | |
| 130 | + TPMA_OBJECT_userWithAuth | |
| 131 | + TPMA_OBJECT_noDA); |
| 132 | + |
| 133 | + /* Generate random seed */ |
| 134 | + XMEMSET(&seedValue, 0, sizeof(seedValue)); |
| 135 | + seedValue.size = TPM2_GetHashDigestSize(TPM_ALG_SHA256); |
| 136 | + TPM2_GetNonce(seedValue.buffer, seedValue.size); |
| 137 | +#ifdef DEBUG_WOLFTPM |
| 138 | + printf("Import RSA Seed %d\n", seedValue.size); |
| 139 | + TPM2_PrintBin(seedValue.buffer, seedValue.size); |
| 140 | +#endif |
| 141 | + |
| 142 | + rc = wolfTPM2_ImportPrivateKeyBuffer(&dev, &storage, TPM_ALG_RSA, key2, |
| 143 | + ENCODING_TYPE_PEM, extRSAPrivatePem, (word32)strlen(extRSAPrivatePem), |
| 144 | + NULL, attributes, seedValue.buffer, seedValue.size); |
| 145 | + if (rc != 0) { |
| 146 | + printf("Failed to wolfTPM2_RsaPrivateKeyImportPem\n"); |
| 147 | + goto exit; |
| 148 | + } |
| 149 | + |
| 150 | + rc = wolfTPM2_LoadKey(&dev, key2, &primary->handle); |
| 151 | + if (rc != 0) { |
| 152 | + printf("Failed to wolfTPM2_LoadKey\n"); |
| 153 | + goto exit; |
| 154 | + } |
| 155 | + |
| 156 | + /* The 3rd level RSA key */ |
| 157 | + rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate3, |
| 158 | + TPMA_OBJECT_sensitiveDataOrigin | |
| 159 | + TPMA_OBJECT_userWithAuth | |
| 160 | + TPMA_OBJECT_sign | |
| 161 | + TPMA_OBJECT_noDA); |
| 162 | + if (rc != 0) { |
| 163 | + printf("Failed to wolfTPM2_GetKeyTemplate_RSA\n"); |
| 164 | + goto exit; |
| 165 | + } |
| 166 | + rc = wolfTPM2_CreateKey(&dev, rsaKey3, &key2->handle, |
| 167 | + &publicTemplate3, NULL, 0); |
| 168 | + if (rc != TPM_RC_SUCCESS) { |
| 169 | + printf("wolfTPM2_CreateKey failed for the 3rd level key: %d\n", rc); |
| 170 | + goto exit; |
| 171 | + } |
| 172 | + |
| 173 | + /* load the rsa key */ |
| 174 | + rc = wolfTPM2_LoadKey(&dev, rsaKey3, &key2->handle); |
| 175 | + |
| 176 | + if (rc != 0) { |
| 177 | + printf("Failed to wolfTPM2_LoadKey %d\n", rc); |
| 178 | + goto exit; |
| 179 | + } |
| 180 | + |
| 181 | +exit: |
| 182 | + wolfTPM2_UnloadHandle(&dev, &rsaKey3->handle); |
| 183 | + wolfTPM2_UnloadHandle(&dev, &key2->handle); |
| 184 | + wolfTPM2_UnloadHandle(&dev, &primary->handle); |
| 185 | + |
| 186 | + wolfTPM2_FreeKeyBlob(key2); |
| 187 | + wolfTPM2_FreeKeyBlob(rsaKey3); |
| 188 | + |
| 189 | + wolfTPM2_Cleanup(&dev); |
| 190 | + |
| 191 | + (void)userCtx; |
| 192 | + (void)argc; |
| 193 | + |
| 194 | + |
| 195 | + return rc; |
| 196 | +} |
| 197 | +#endif /* !WOLFTPM2_NO_WRAPPER && !WOLFTPM2_NO_WOLFCRYPT */ |
| 198 | + |
| 199 | +#ifndef NO_MAIN_DRIVER |
| 200 | +int main(int argc, char *argv[]) |
| 201 | +{ |
| 202 | + int rc = NOT_COMPILED_IN; |
| 203 | + |
| 204 | +#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) |
| 205 | + rc = TPM2_ExternalImport_Example(NULL, argc, argv); |
| 206 | +#else |
| 207 | + printf("Example for external import and child key creation (not compiled in)\n"); |
| 208 | + (void)argc; |
| 209 | + (void)argv; |
| 210 | +#endif |
| 211 | + |
| 212 | + return rc; |
| 213 | +} |
| 214 | +#endif |
0 commit comments