[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-35-gf5b4b1e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-35-gf5b4b1e |
|
Date: |
Sat, 14 Jul 2012 08:42:36 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=f5b4b1eee98c4e03ee45c59f23bb625a1d9f38c2
The branch, master has been updated
via f5b4b1eee98c4e03ee45c59f23bb625a1d9f38c2 (commit)
via 9a931a9de38e7ef29b33e04258fde243a28bda52 (commit)
via 61e04c3e3f0ca09eacbe9f7a44d40dc52c7aebb4 (commit)
via f4559dbb0a42dea56c0c45610b182f3951211759 (commit)
from 21080193e5d7b9da46bea1e30212ccbf206a1474 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f5b4b1eee98c4e03ee45c59f23bb625a1d9f38c2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 14 10:42:25 2012 +0200
Allow generation of system and user keys.
commit 9a931a9de38e7ef29b33e04258fde243a28bda52
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 14 10:38:27 2012 +0200
Allow handling of user and system keys.
commit 61e04c3e3f0ca09eacbe9f7a44d40dc52c7aebb4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 14 10:11:49 2012 +0200
minor fixes in TPM code
commit f4559dbb0a42dea56c0c45610b182f3951211759
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 14 09:56:52 2012 +0200
Enabled the generation of signing keys.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_privkey.c | 3 +-
lib/includes/gnutls/abstract.h | 2 +-
lib/includes/gnutls/tpm.h | 5 +-
lib/tpm.c | 147 ++++++++++-------------
src/tpmtool-args.c | 257 +++++++++++++++++++++++++++++-----------
src/tpmtool-args.def | 33 +++++
src/tpmtool-args.h | 38 ++++---
src/tpmtool.c | 19 ++--
8 files changed, 320 insertions(+), 184 deletions(-)
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 66aece2..cb0aa00 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -967,6 +967,7 @@ cleanup:
* gnutls_privkey_import_url:
* @key: A key of type #gnutls_pubkey_t
* @url: A PKCS 11 url
+ * @flags: should be zero
*
* This function will import a PKCS11 or TPM URL as a
* private key.
@@ -977,7 +978,7 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_privkey_import_url (gnutls_privkey_t key, const char *url)
+gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int
flags)
{
#ifdef ENABLE_PKCS11
if (strstr(url, "pkcs11:") != NULL)
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 08fea1a..6dce2e7 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -225,7 +225,7 @@ gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
const char* url, const char *srk_password, const char *key_password,
unsigned int flags);
-int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url);
+int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned
int flags);
int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url);
diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h
index 4f17a4f..e28e09b 100644
--- a/lib/includes/gnutls/tpm.h
+++ b/lib/includes/gnutls/tpm.h
@@ -34,8 +34,9 @@ extern "C"
struct tpm_key_list_st;
typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
-#define GNUTLS_TPM_KEY_SIGNING (1<<2)
-#define GNUTLS_TPM_REGISTER_KEY (1<<3)
+#define GNUTLS_TPM_KEY_SIGNING (1<<1)
+#define GNUTLS_TPM_REGISTER_KEY (1<<2)
+#define GNUTLS_TPM_KEY_USER (1<<3)
int
gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
diff --git a/lib/tpm.c b/lib/tpm.c
index c9cdbd3..2c018b2 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -53,7 +53,7 @@ struct tpm_ctx_st
struct tpm_key_list_st
{
UINT32 size;
- TSS_KM_KEYINFO * ki;
+ TSS_KM_KEYINFO2 * ki;
TSS_HCONTEXT tpm_ctx;
};
@@ -62,9 +62,10 @@ static int import_tpm_key (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
TSS_UUID *uuid,
+ TSS_FLAG storage_type,
const char *srk_password,
const char *key_password);
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, const TSS_UUID*
parent);
+static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG
storage);
/* TPM URL format:
*
@@ -76,7 +77,7 @@ static int encode_tpmkey_url(char** url, const TSS_UUID*
uuid, const TSS_UUID* p
static int tss_err_pwd(TSS_RESULT err, int pwd_error)
{
- _gnutls_debug_log("TPM error: %s (%x)\n", Trspi_Error_String(err), (unsigned
int)Trspi_Error_Code(err));
+ _gnutls_debug_log("TPM (%s) error: %s (%x)\n", Trspi_Error_Layer(err),
Trspi_Error_String(err), (unsigned int)Trspi_Error_Code(err));
switch(ERROR_LAYER(err))
{
@@ -88,9 +89,10 @@ static int tss_err_pwd(TSS_RESULT err, int pwd_error)
case TPM_E_NOSRK:
return GNUTLS_E_TPM_UNINITIALIZED;
default:
- return GNUTLS_E_TPM_ERROR;
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
case TSS_LAYER_TCS:
+ case TSS_LAYER_TSP:
switch(ERROR_CODE(err))
{
case TSS_E_COMM_FAILURE:
@@ -101,10 +103,10 @@ static int tss_err_pwd(TSS_RESULT err, int pwd_error)
case TSS_E_PS_KEY_NOTFOUND:
return GNUTLS_E_TPM_KEY_NOT_FOUND;
default:
- return GNUTLS_E_TPM_ERROR;
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
default:
- return GNUTLS_E_TPM_ERROR;
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
}
@@ -173,8 +175,8 @@ static const unsigned char nullpass[20];
static const gnutls_datum_t nulldata = {(void*)nullpass, 20};
const TSS_UUID srk_uuid = TSS_UUID_SRK;
-static int tpm_pin(const TSS_UUID* uuid, char* pin, unsigned int pin_size,
- unsigned int attempts)
+static int tpm_pin(const TSS_UUID* uuid, TSS_FLAG storage, char* pin,
+ unsigned int pin_size, unsigned int attempts)
{
unsigned int flags = 0;
const char* label;
@@ -190,7 +192,7 @@ int ret;
label = "SRK";
else
{
- ret = encode_tpmkey_url(&url, uuid, NULL);
+ ret = encode_tpmkey_url(&url, uuid, storage);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -275,8 +277,6 @@ int err, ret;
if (err)
{
gnutls_assert ();
- _gnutls_debug_log ("Failed to set TPM PIN: %s\n",
- Trspi_Error_String (err));
ret = tss_err(err);
goto out_srkpol;
}
@@ -311,6 +311,7 @@ import_tpm_key_cb (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
TSS_UUID *uuid,
+ TSS_FLAG storage,
const char *srk_password,
const char *key_password)
{
@@ -321,14 +322,14 @@ int ret, ret2;
do
{
- ret = import_tpm_key(pkey, fdata, format, uuid, srk_password,
key_password);
+ ret = import_tpm_key(pkey, fdata, format, uuid, storage, srk_password,
key_password);
if (attempts > 3 || _gnutls_pin_func == NULL)
break;
if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
{
- ret2 = tpm_pin(&srk_uuid, pin1, sizeof(pin1), attempts++);
+ ret2 = tpm_pin(&srk_uuid, storage, pin1, sizeof(pin1), attempts++);
if (ret2 < 0)
{
gnutls_assert();
@@ -339,7 +340,7 @@ int ret, ret2;
if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
{
- ret2 = tpm_pin(uuid, pin2, sizeof(pin2), attempts++);
+ ret2 = tpm_pin(uuid, storage, pin2, sizeof(pin2), attempts++);
if (ret2 < 0)
{
gnutls_assert();
@@ -361,6 +362,7 @@ import_tpm_key (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
TSS_UUID *uuid,
+ TSS_FLAG storage,
const char *srk_password,
const char *key_password)
{
@@ -417,8 +419,9 @@ import_tpm_key (gnutls_privkey_t pkey,
else if (uuid)
{
err =
- Tspi_Context_LoadKeyByUUID (s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
- *uuid, &s->tpm_key);
+ Tspi_Context_LoadKeyByUUID (s->tpm_ctx, storage,
+ *uuid, &s->tpm_key);
+
if (err)
{
gnutls_assert ();
@@ -455,9 +458,6 @@ import_tpm_key (gnutls_privkey_t pkey,
if (err)
{
gnutls_assert ();
- _gnutls_debug_log
- ("Failed to create key policy object: %s\n",
- Trspi_Error_String (err));
ret = tss_err(err);
goto out_key;
}
@@ -466,8 +466,6 @@ import_tpm_key (gnutls_privkey_t pkey,
if (err)
{
gnutls_assert ();
- _gnutls_debug_log ("Failed to assign policy to key: %s\n",
- Trspi_Error_String (err));
ret = tss_err(err);
goto out_key_policy;
}
@@ -479,8 +477,6 @@ import_tpm_key (gnutls_privkey_t pkey,
if (err)
{
gnutls_assert ();
- _gnutls_debug_log ("Failed to set key PIN: %s\n",
- Trspi_Error_String (err));
ret = tss_err_key(err);
goto out_key_policy;
}
@@ -536,15 +532,16 @@ gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
unsigned int flags)
{
if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- return import_tpm_key(pkey, fdata, format, NULL, srk_password,
key_password);
+ return import_tpm_key(pkey, fdata, format, NULL, 0, srk_password,
key_password);
else
- return import_tpm_key_cb(pkey, fdata, format, NULL, srk_password,
key_password);
+ return import_tpm_key_cb(pkey, fdata, format, NULL, 0, srk_password,
key_password);
}
struct tpmkey_url_st
{
char* filename;
TSS_UUID uuid;
+ TSS_FLAG storage;
unsigned int uuid_set;
};
@@ -621,7 +618,7 @@ static int randomize_uuid(TSS_UUID* uuid)
return 0;
}
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, const TSS_UUID*
parent)
+static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG
storage)
{
size_t size = (UUID_SIZE*2+4)*2+32;
uint8_t u1[UUID_SIZE];
@@ -660,35 +657,12 @@ int ret;
goto cleanup;
}
-#if 0
- if (parent)
+ ret = _gnutls_buffer_append_printf(&buf, ";storage=%s",
(storage==TSS_PS_TYPE_USER)?"user":"system");
+ if (ret < 0)
{
- memcpy(u1, &parent->ulTimeLow, 4);
- memcpy(&u1[4], &parent->usTimeMid, 2);
- memcpy(&u1[6], &parent->usTimeHigh, 2);
- u1[8] = parent->bClockSeqHigh;
- u1[9] = parent->bClockSeqLow;
- memcpy(&u1[10], parent->rgbNode, 6);
-
- ret = _gnutls_buffer_append_str(&buf, ";parent=");
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_printf(&buf,
"%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
- (unsigned int)u1[0], (unsigned int)u1[1], (unsigned int)u1[2],
(unsigned int)u1[3],
- (unsigned int)u1[4], (unsigned int)u1[5], (unsigned int)u1[6],
(unsigned int)u1[7],
- (unsigned int)u1[8], (unsigned int)u1[9], (unsigned int)u1[10],
(unsigned int)u1[11],
- (unsigned int)u1[12], (unsigned int)u1[13], (unsigned int)u1[14],
(unsigned int)u1[15]);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
+ gnutls_assert();
+ goto cleanup;
}
-#endif
ret = _gnutls_buffer_to_datum(&buf, &dret);
if (ret < 0)
@@ -722,7 +696,7 @@ static int decode_tpmkey_url(const char* url, struct
tpmkey_url_st *s)
{
p += sizeof ("file=") - 1;
size = strlen(p);
- s->filename = gnutls_malloc(size);
+ s->filename = gnutls_malloc(size+1);
if (s->filename == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
@@ -732,6 +706,7 @@ static int decode_tpmkey_url(const char* url, struct
tpmkey_url_st *s)
gnutls_assert();
goto cleanup;
}
+ s->filename[size] = 0;
}
else if ((p = strstr(url, "uuid=")) != NULL)
{
@@ -772,6 +747,11 @@ static int decode_tpmkey_url(const char* url, struct
tpmkey_url_st *s)
return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
}
+ if ((p = strstr(url, "storage=user")) != NULL)
+ s->storage = TSS_PS_TYPE_USER;
+ else
+ s->storage = TSS_PS_TYPE_SYSTEM;
+
return 0;
cleanup:
@@ -825,6 +805,7 @@ int ret;
if (ret < 0)
{
gnutls_assert();
+ _gnutls_debug_log("Error loading %s\n", durl.filename);
goto cleanup;
}
@@ -839,9 +820,9 @@ int ret;
else if (durl.uuid_set)
{
if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- ret = import_tpm_key (pkey, NULL, 0, &durl.uuid, srk_password,
key_password);
+ ret = import_tpm_key (pkey, NULL, 0, &durl.uuid, durl.storage,
srk_password, key_password);
else
- ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, srk_password,
key_password);
+ ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, durl.storage,
srk_password, key_password);
if (ret < 0)
{
gnutls_assert();
@@ -914,6 +895,7 @@ import_tpm_pubkey (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
TSS_UUID *uuid,
+ TSS_FLAG storage,
const char *srk_password)
{
gnutls_datum_t asn1 = {NULL, 0};
@@ -949,27 +931,16 @@ struct tpm_ctx_st s;
asn1.size, asn1.data, &s.tpm_key);
if (err != 0)
{
- if (srk_password)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Failed to load TPM key blob: %s\n",
- Trspi_Error_String (err));
- }
-
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_blob;
- }
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_blob;
}
}
else if (uuid)
{
err =
- Tspi_Context_LoadKeyByUUID (s.tpm_ctx, TSS_PS_TYPE_SYSTEM,
- *uuid, &s.tpm_key);
+ Tspi_Context_LoadKeyByUUID (s.tpm_ctx, storage,
+ *uuid, &s.tpm_key);
if (err)
{
gnutls_assert ();
@@ -1004,23 +975,23 @@ import_tpm_pubkey_cb (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
TSS_UUID *uuid,
+ TSS_FLAG storage,
const char *srk_password)
{
unsigned int attempts = 0;
char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
int ret;
-
do
{
- ret = import_tpm_pubkey(pkey, fdata, format, uuid, srk_password);
+ ret = import_tpm_pubkey(pkey, fdata, format, uuid, storage,
srk_password);
if (attempts > 3 || _gnutls_pin_func == NULL)
break;
if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
{
- ret = tpm_pin(&srk_uuid, pin1, sizeof(pin1), attempts++);
+ ret = tpm_pin(&srk_uuid, storage, pin1, sizeof(pin1), attempts++);
if (ret < 0)
{
gnutls_assert();
@@ -1065,9 +1036,9 @@ gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
unsigned int flags)
{
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- return import_tpm_pubkey_cb(pkey, fdata, format, NULL, srk_password);
+ return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0, srk_password);
else
- return import_tpm_pubkey(pkey, fdata, format, NULL, srk_password);
+ return import_tpm_pubkey(pkey, fdata, format, NULL, 0, srk_password);
}
/**
@@ -1127,9 +1098,9 @@ int ret;
else if (durl.uuid_set)
{
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- ret = import_tpm_pubkey (pkey, NULL, 0, &durl.uuid, srk_password);
+ ret = import_tpm_pubkey (pkey, NULL, 0, &durl.uuid, durl.storage,
srk_password);
else
- ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, srk_password);
+ ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, durl.storage,
srk_password);
if (ret < 0)
{
gnutls_assert();
@@ -1196,12 +1167,18 @@ gnutls_datum_t tmpkey = {NULL, 0};
TSS_HPOLICY key_policy;
gnutls_pubkey_t pub;
struct tpm_ctx_st s;
+TSS_FLAG storage_type;
if (flags & GNUTLS_TPM_KEY_SIGNING)
tpm_flags |= TSS_KEY_TYPE_SIGNING;
else
tpm_flags |= TSS_KEY_TYPE_LEGACY;
+ if (flags & GNUTLS_TPM_KEY_USER)
+ storage_type = TSS_PS_TYPE_USER;
+ else
+ storage_type = TSS_PS_TYPE_SYSTEM;
+
if (bits <= 512)
tpm_flags |= TSS_KEY_SIZE_512;
else if (bits <= 1024)
@@ -1276,7 +1253,7 @@ struct tpm_ctx_st s;
goto err_sa;
}
- tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, TSS_PS_TYPE_SYSTEM,
+ tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, storage_type,
key_uuid, TSS_PS_TYPE_SYSTEM,
srk_uuid);
if (tssret != 0)
{
@@ -1285,12 +1262,12 @@ struct tpm_ctx_st s;
goto err_sa;
}
- ret = encode_tpmkey_url((char**)&privkey->data, &key_uuid, &srk_uuid);
+ ret = encode_tpmkey_url((char**)&privkey->data, &key_uuid, storage_type);
if (ret < 0)
{
TSS_HKEY tkey;
- Tspi_Context_UnregisterKey(s.tpm_ctx, TSS_PS_TYPE_SYSTEM, key_uuid,
&tkey);
+ Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type, key_uuid, &tkey);
gnutls_assert();
goto err_sa;
}
@@ -1431,7 +1408,7 @@ gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list,
unsigned int idx, char*
if (idx >= list->size)
return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- return encode_tpmkey_url(url, &list->ki[idx].keyUUID,
&list->ki[idx].parentKeyUUID);
+ return encode_tpmkey_url(url, &list->ki[idx].keyUUID,
list->ki[idx].persistentStorageType);
}
/**
@@ -1474,7 +1451,7 @@ int ret;
}
tssret =
- Tspi_Context_GetRegisteredKeysByUUID((*list)->tpm_ctx,
TSS_PS_TYPE_SYSTEM,
+ Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
TSS_PS_TYPE_SYSTEM,
NULL, &(*list)->size, &(*list)->ki);
if (tssret)
{
@@ -1523,7 +1500,7 @@ int ret;
if (ret < 0)
return gnutls_assert_val(ret);
- tssret = Tspi_Context_UnregisterKey(s.tpm_ctx, TSS_PS_TYPE_SYSTEM,
durl.uuid, &tkey);
+ tssret = Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
&tkey);
if (tssret != 0)
{
gnutls_assert();
diff --git a/src/tpmtool-args.c b/src/tpmtool-args.c
index 424cd5b..a2474b1 100644
--- a/src/tpmtool-args.c
+++ b/src/tpmtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.c)
*
- * It has been AutoGen-ed July 13, 2012 at 11:26:27 AM by AutoGen 5.16
+ * It has been AutoGen-ed July 14, 2012 at 10:40:19 AM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* tpmtool option static const strings
*/
-static char const tpmtool_opt_strs[1821] =
+static char const tpmtool_opt_strs[2031] =
/* 0 */ "tpmtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -99,36 +99,48 @@ static char const tpmtool_opt_strs[1821] =
/* 1030 */ "Any generated key will be registered in the TPM\0"
/* 1078 */ "REGISTER\0"
/* 1087 */ "register\0"
-/* 1096 */ "Prints the public key of the provided key\0"
-/* 1138 */ "PUBKEY\0"
-/* 1145 */ "pubkey\0"
-/* 1152 */ "Lists all stored keys in the TPM\0"
-/* 1185 */ "LIST\0"
-/* 1190 */ "list\0"
-/* 1195 */ "Delete the key identified by the given URL (UUID).\0"
-/* 1246 */ "DELETE\0"
-/* 1253 */ "delete\0"
-/* 1260 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
-/* 1323 */ "SEC_PARAM\0"
-/* 1333 */ "sec-param\0"
-/* 1343 */ "Specify the number of bits for key generate\0"
-/* 1387 */ "BITS\0"
-/* 1392 */ "bits\0"
-/* 1397 */ "Display extended usage information and exit\0"
-/* 1441 */ "help\0"
-/* 1446 */ "Extended usage information passed thru pager\0"
-/* 1491 */ "more-help\0"
-/* 1501 */ "Output version information and exit\0"
-/* 1537 */ "version\0"
-/* 1545 */ "TPMTOOL\0"
-/* 1553 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
+/* 1096 */ "Any generated key will be a signing key\0"
+/* 1136 */ "SIGNING\0"
+/* 1144 */ "signing\0"
+/* 1152 */ "Any registered key will be a user key\0"
+/* 1190 */ "USER\0"
+/* 1195 */ "user\0"
+/* 1200 */ "Any registred key will be a system key\0"
+/* 1239 */ "SYSTEM\0"
+/* 1246 */ "system\0"
+/* 1253 */ "Any generated key will be a legacy key\0"
+/* 1292 */ "LEGACY\0"
+/* 1299 */ "legacy\0"
+/* 1306 */ "Prints the public key of the provided key\0"
+/* 1348 */ "PUBKEY\0"
+/* 1355 */ "pubkey\0"
+/* 1362 */ "Lists all stored keys in the TPM\0"
+/* 1395 */ "LIST\0"
+/* 1400 */ "list\0"
+/* 1405 */ "Delete the key identified by the given URL (UUID).\0"
+/* 1456 */ "DELETE\0"
+/* 1463 */ "delete\0"
+/* 1470 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
+/* 1533 */ "SEC_PARAM\0"
+/* 1543 */ "sec-param\0"
+/* 1553 */ "Specify the number of bits for key generate\0"
+/* 1597 */ "BITS\0"
+/* 1602 */ "bits\0"
+/* 1607 */ "Display extended usage information and exit\0"
+/* 1651 */ "help\0"
+/* 1656 */ "Extended usage information passed thru pager\0"
+/* 1701 */ "more-help\0"
+/* 1711 */ "Output version information and exit\0"
+/* 1747 */ "version\0"
+/* 1755 */ "TPMTOOL\0"
+/* 1763 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 1654 */ "address@hidden"
-/* 1673 */ "\n\n\0"
-/* 1676 */ "\n"
+/* 1864 */ "address@hidden"
+/* 1883 */ "\n\n\0"
+/* 1886 */ "\n"
"Program that allows handling cryptographic data from the TPM
chip.\n\0"
-/* 1745 */ "tpmtool @address@hidden"
-/* 1763 */ "tpmtool [options]\n"
+/* 1955 */ "tpmtool @address@hidden"
+/* 1973 */ "tpmtool [options]\n"
"tpmtool --help for usage instructions.\n";
/*
@@ -167,65 +179,120 @@ static char const tpmtool_opt_strs[1821] =
#define GENERATE_RSA_FLAGS (OPTST_DISABLED)
/*
- * register option description:
+ * register option description with
+ * "Must also have options" and "Incompatible options":
*/
#define REGISTER_DESC (tpmtool_opt_strs+1030)
#define REGISTER_NAME (tpmtool_opt_strs+1078)
#define REGISTER_name (tpmtool_opt_strs+1087)
+static int const aRegisterMustList[] = {
+ INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
#define REGISTER_FLAGS (OPTST_DISABLED)
/*
+ * signing option description with
+ * "Must also have options" and "Incompatible options":
+ */
+#define SIGNING_DESC (tpmtool_opt_strs+1096)
+#define SIGNING_NAME (tpmtool_opt_strs+1136)
+#define SIGNING_name (tpmtool_opt_strs+1144)
+static int const aSigningMustList[] = {
+ INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
+static int const aSigningCantList[] = {
+ INDEX_OPT_LEGACY, NO_EQUIVALENT };
+#define SIGNING_FLAGS (OPTST_DISABLED)
+
+/*
+ * user option description with
+ * "Must also have options" and "Incompatible options":
+ */
+#define USER_DESC (tpmtool_opt_strs+1152)
+#define USER_NAME (tpmtool_opt_strs+1190)
+#define USER_name (tpmtool_opt_strs+1195)
+static int const aUserMustList[] = {
+ INDEX_OPT_REGISTER, NO_EQUIVALENT };
+static int const aUserCantList[] = {
+ INDEX_OPT_SYSTEM, NO_EQUIVALENT };
+#define USER_FLAGS (OPTST_DISABLED)
+
+/*
+ * system option description with
+ * "Must also have options" and "Incompatible options":
+ */
+#define SYSTEM_DESC (tpmtool_opt_strs+1200)
+#define SYSTEM_NAME (tpmtool_opt_strs+1239)
+#define SYSTEM_name (tpmtool_opt_strs+1246)
+static int const aSystemMustList[] = {
+ INDEX_OPT_REGISTER, NO_EQUIVALENT };
+static int const aSystemCantList[] = {
+ INDEX_OPT_USER, NO_EQUIVALENT };
+#define SYSTEM_FLAGS (OPTST_DISABLED)
+
+/*
+ * legacy option description with
+ * "Must also have options" and "Incompatible options":
+ */
+#define LEGACY_DESC (tpmtool_opt_strs+1253)
+#define LEGACY_NAME (tpmtool_opt_strs+1292)
+#define LEGACY_name (tpmtool_opt_strs+1299)
+static int const aLegacyMustList[] = {
+ INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
+static int const aLegacyCantList[] = {
+ INDEX_OPT_SIGNING, NO_EQUIVALENT };
+#define LEGACY_FLAGS (OPTST_DISABLED)
+
+/*
* pubkey option description:
*/
-#define PUBKEY_DESC (tpmtool_opt_strs+1096)
-#define PUBKEY_NAME (tpmtool_opt_strs+1138)
-#define PUBKEY_name (tpmtool_opt_strs+1145)
+#define PUBKEY_DESC (tpmtool_opt_strs+1306)
+#define PUBKEY_NAME (tpmtool_opt_strs+1348)
+#define PUBKEY_name (tpmtool_opt_strs+1355)
#define PUBKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* list option description:
*/
-#define LIST_DESC (tpmtool_opt_strs+1152)
-#define LIST_NAME (tpmtool_opt_strs+1185)
-#define LIST_name (tpmtool_opt_strs+1190)
+#define LIST_DESC (tpmtool_opt_strs+1362)
+#define LIST_NAME (tpmtool_opt_strs+1395)
+#define LIST_name (tpmtool_opt_strs+1400)
#define LIST_FLAGS (OPTST_DISABLED)
/*
* delete option description:
*/
-#define DELETE_DESC (tpmtool_opt_strs+1195)
-#define DELETE_NAME (tpmtool_opt_strs+1246)
-#define DELETE_name (tpmtool_opt_strs+1253)
+#define DELETE_DESC (tpmtool_opt_strs+1405)
+#define DELETE_NAME (tpmtool_opt_strs+1456)
+#define DELETE_name (tpmtool_opt_strs+1463)
#define DELETE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* sec-param option description:
*/
-#define SEC_PARAM_DESC (tpmtool_opt_strs+1260)
-#define SEC_PARAM_NAME (tpmtool_opt_strs+1323)
-#define SEC_PARAM_name (tpmtool_opt_strs+1333)
+#define SEC_PARAM_DESC (tpmtool_opt_strs+1470)
+#define SEC_PARAM_NAME (tpmtool_opt_strs+1533)
+#define SEC_PARAM_name (tpmtool_opt_strs+1543)
#define SEC_PARAM_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* bits option description:
*/
-#define BITS_DESC (tpmtool_opt_strs+1343)
-#define BITS_NAME (tpmtool_opt_strs+1387)
-#define BITS_name (tpmtool_opt_strs+1392)
+#define BITS_DESC (tpmtool_opt_strs+1553)
+#define BITS_NAME (tpmtool_opt_strs+1597)
+#define BITS_name (tpmtool_opt_strs+1602)
#define BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (tpmtool_opt_strs+1397)
-#define HELP_name (tpmtool_opt_strs+1441)
+#define HELP_DESC (tpmtool_opt_strs+1607)
+#define HELP_name (tpmtool_opt_strs+1651)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (tpmtool_opt_strs+1446)
-#define MORE_HELP_name (tpmtool_opt_strs+1491)
+#define MORE_HELP_DESC (tpmtool_opt_strs+1656)
+#define MORE_HELP_name (tpmtool_opt_strs+1701)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -238,8 +305,8 @@ static char const tpmtool_opt_strs[1821] =
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (tpmtool_opt_strs+1501)
-#define VER_name (tpmtool_opt_strs+1537)
+#define VER_DESC (tpmtool_opt_strs+1711)
+#define VER_name (tpmtool_opt_strs+1747)
/*
* Declare option callback procedures
*/
@@ -314,13 +381,61 @@ static tOptDesc optDesc[OPTION_CT] = {
/* opt state flags */ REGISTER_FLAGS, 0,
/* last opt argumnt */ { NULL }, /* --register */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
+ /* must/cannot opts */ aRegisterMustList, NULL,
/* option proc */ NULL,
/* desc, NAME, name */ REGISTER_DESC, REGISTER_NAME, REGISTER_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 5, VALUE_OPT_PUBKEY,
- /* equiv idx, value */ 5, VALUE_OPT_PUBKEY,
+ { /* entry idx, value */ 5, VALUE_OPT_SIGNING,
+ /* equiv idx, value */ 5, VALUE_OPT_SIGNING,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ SIGNING_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --signing */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aSigningMustList, aSigningCantList,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ SIGNING_DESC, SIGNING_NAME, SIGNING_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 6, VALUE_OPT_USER,
+ /* equiv idx, value */ 6, VALUE_OPT_USER,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ USER_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --user */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aUserMustList, aUserCantList,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ USER_DESC, USER_NAME, USER_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 7, VALUE_OPT_SYSTEM,
+ /* equiv idx, value */ 7, VALUE_OPT_SYSTEM,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ SYSTEM_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --system */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aSystemMustList, aSystemCantList,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ SYSTEM_DESC, SYSTEM_NAME, SYSTEM_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 8, VALUE_OPT_LEGACY,
+ /* equiv idx, value */ 8, VALUE_OPT_LEGACY,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ LEGACY_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --legacy */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aLegacyMustList, aLegacyCantList,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ LEGACY_DESC, LEGACY_NAME, LEGACY_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 9, VALUE_OPT_PUBKEY,
+ /* equiv idx, value */ 9, VALUE_OPT_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PUBKEY_FLAGS, 0,
@@ -331,8 +446,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PUBKEY_DESC, PUBKEY_NAME, PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_LIST,
- /* equiv idx, value */ 6, VALUE_OPT_LIST,
+ { /* entry idx, value */ 10, VALUE_OPT_LIST,
+ /* equiv idx, value */ 10, VALUE_OPT_LIST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LIST_FLAGS, 0,
@@ -343,8 +458,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LIST_DESC, LIST_NAME, LIST_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_DELETE,
- /* equiv idx, value */ 7, VALUE_OPT_DELETE,
+ { /* entry idx, value */ 11, VALUE_OPT_DELETE,
+ /* equiv idx, value */ 11, VALUE_OPT_DELETE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DELETE_FLAGS, 0,
@@ -355,8 +470,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DELETE_DESC, DELETE_NAME, DELETE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 8, VALUE_OPT_SEC_PARAM,
- /* equiv idx, value */ 8, VALUE_OPT_SEC_PARAM,
+ { /* entry idx, value */ 12, VALUE_OPT_SEC_PARAM,
+ /* equiv idx, value */ 12, VALUE_OPT_SEC_PARAM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SEC_PARAM_FLAGS, 0,
@@ -367,8 +482,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 9, VALUE_OPT_BITS,
- /* equiv idx, value */ 9, VALUE_OPT_BITS,
+ { /* entry idx, value */ 13, VALUE_OPT_BITS,
+ /* equiv idx, value */ 13, VALUE_OPT_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BITS_FLAGS, 0,
@@ -423,14 +538,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the tpmtool Option Environment
*/
-#define zPROGNAME (tpmtool_opt_strs+1545)
-#define zUsageTitle (tpmtool_opt_strs+1553)
+#define zPROGNAME (tpmtool_opt_strs+1755)
+#define zUsageTitle (tpmtool_opt_strs+1763)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (tpmtool_opt_strs+1654)
-#define zExplain (tpmtool_opt_strs+1673)
-#define zDetail (tpmtool_opt_strs+1676)
-#define zFullVersion (tpmtool_opt_strs+1745)
+#define zBugsAddr (tpmtool_opt_strs+1864)
+#define zExplain (tpmtool_opt_strs+1883)
+#define zDetail (tpmtool_opt_strs+1886)
+#define zFullVersion (tpmtool_opt_strs+1955)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -444,7 +559,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define tpmtool_full_usage (NULL)
-#define tpmtool_short_usage (tpmtool_opt_strs+1763)
+#define tpmtool_short_usage (tpmtool_opt_strs+1973)
#endif /* not defined __doxygen__ */
@@ -586,7 +701,7 @@ tOptions tpmtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 13 /* full option count */, 10 /* user option count */,
+ 17 /* full option count */, 14 /* user option count */,
tpmtool_full_usage, tpmtool_short_usage,
NULL, NULL,
PKGDATADIR, tpmtool_packager_info
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def
index 79187f0..59bb846 100644
--- a/src/tpmtool-args.def
+++ b/src/tpmtool-args.def
@@ -19,6 +19,39 @@ flag = {
flag = {
name = register;
descrip = "Any generated key will be registered in the TPM";
+ flags_must = generate-rsa;
+ doc = "";
+};
+
+flag = {
+ name = signing;
+ descrip = "Any generated key will be a signing key";
+ flags_must = generate-rsa;
+ flags_cant = legacy;
+ doc = "";
+};
+
+flag = {
+ name = user;
+ descrip = "Any registered key will be a user key";
+ flags_must = register;
+ flags_cant = system;
+ doc = "The generated key will be stored in a user specific persistent
storage.";
+};
+
+flag = {
+ name = system;
+ descrip = "Any registred key will be a system key";
+ flags_must = register;
+ flags_cant = user;
+ doc = "The generated key will be stored in system persistent storage.";
+};
+
+flag = {
+ name = legacy;
+ descrip = "Any generated key will be a legacy key";
+ flags_must = generate-rsa;
+ flags_cant = signing;
doc = "";
};
diff --git a/src/tpmtool-args.h b/src/tpmtool-args.h
index d582d45..f4d98ae 100644
--- a/src/tpmtool-args.h
+++ b/src/tpmtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.h)
*
- * It has been AutoGen-ed July 13, 2012 at 11:26:27 AM by AutoGen 5.16
+ * It has been AutoGen-ed July 14, 2012 at 10:40:19 AM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -72,17 +72,21 @@ typedef enum {
INDEX_OPT_OUTFILE = 2,
INDEX_OPT_GENERATE_RSA = 3,
INDEX_OPT_REGISTER = 4,
- INDEX_OPT_PUBKEY = 5,
- INDEX_OPT_LIST = 6,
- INDEX_OPT_DELETE = 7,
- INDEX_OPT_SEC_PARAM = 8,
- INDEX_OPT_BITS = 9,
- INDEX_OPT_VERSION = 10,
- INDEX_OPT_HELP = 11,
- INDEX_OPT_MORE_HELP = 12
+ INDEX_OPT_SIGNING = 5,
+ INDEX_OPT_USER = 6,
+ INDEX_OPT_SYSTEM = 7,
+ INDEX_OPT_LEGACY = 8,
+ INDEX_OPT_PUBKEY = 9,
+ INDEX_OPT_LIST = 10,
+ INDEX_OPT_DELETE = 11,
+ INDEX_OPT_SEC_PARAM = 12,
+ INDEX_OPT_BITS = 13,
+ INDEX_OPT_VERSION = 14,
+ INDEX_OPT_HELP = 15,
+ INDEX_OPT_MORE_HELP = 16
} teOptIndex;
-#define OPTION_CT 13
+#define OPTION_CT 17
#define TPMTOOL_VERSION "@VERSION@"
#define TPMTOOL_FULL_VERSION "tpmtool @VERSION@"
@@ -127,11 +131,15 @@ typedef enum {
#define VALUE_OPT_OUTFILE 2
#define VALUE_OPT_GENERATE_RSA 3
#define VALUE_OPT_REGISTER 4
-#define VALUE_OPT_PUBKEY 5
-#define VALUE_OPT_LIST 6
-#define VALUE_OPT_DELETE 7
-#define VALUE_OPT_SEC_PARAM 8
-#define VALUE_OPT_BITS 9
+#define VALUE_OPT_SIGNING 5
+#define VALUE_OPT_USER 6
+#define VALUE_OPT_SYSTEM 7
+#define VALUE_OPT_LEGACY 8
+#define VALUE_OPT_PUBKEY 9
+#define VALUE_OPT_LIST 10
+#define VALUE_OPT_DELETE 11
+#define VALUE_OPT_SEC_PARAM 12
+#define VALUE_OPT_BITS 13
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
#define VALUE_OPT_HELP 'h'
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 7f689b5..1a84e1c 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -50,7 +50,7 @@
#include "tpmtool-args.h"
static void cmd_parser (int argc, char **argv);
-static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int
bits, int reg);
+static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int
bits, unsigned int flags);
static void tpm_pubkey(const char* url, FILE* outfile);
static void tpm_delete(const char* url, FILE* outfile);
static void tpm_list(FILE* outfile);
@@ -81,7 +81,8 @@ cmd_parser (int argc, char **argv)
int ret, debug = 0;
unsigned int optct;
unsigned int key_type = GNUTLS_PK_UNKNOWN;
- unsigned int bits = 0, reg = 0;
+ unsigned int bits = 0;
+ unsigned int genflags = 0;
/* Note that the default sec-param is legacy because several TPMs
* cannot handle larger keys.
*/
@@ -95,7 +96,11 @@ cmd_parser (int argc, char **argv)
debug = OPT_VALUE_DEBUG;
if (HAVE_OPT(REGISTER))
- reg = 1;
+ genflags |= GNUTLS_TPM_REGISTER_KEY;
+ if (HAVE_OPT(SIGNING))
+ genflags |= GNUTLS_TPM_KEY_SIGNING;
+ if (HAVE_OPT(USER))
+ genflags |= GNUTLS_TPM_KEY_USER;
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (debug);
@@ -133,7 +138,7 @@ cmd_parser (int argc, char **argv)
{
key_type = GNUTLS_PK_RSA;
bits = get_bits (key_type, bits, sec_param);
- tpm_generate (outfile, key_type, bits, reg);
+ tpm_generate (outfile, key_type, bits, genflags);
}
else if (HAVE_OPT(PUBKEY))
{
@@ -157,15 +162,11 @@ cmd_parser (int argc, char **argv)
gnutls_global_deinit ();
}
-static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int
bits, int reg)
+static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int
bits, unsigned int flags)
{
int ret;
char* srk_pass, *key_pass;
gnutls_datum_t privkey, pubkey;
- unsigned int flags = 0;
-
- if (reg)
- flags |= GNUTLS_TPM_REGISTER_KEY;
srk_pass = getpass ("Enter SRK password: ");
if (srk_pass != NULL)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-35-gf5b4b1e,
Nikos Mavrogiannopoulos <=