[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-78-g67b3de5
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-78-g67b3de5 |
|
Date: |
Sat, 21 Jul 2012 20:11:22 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=67b3de5fe34d022593ed9ce216122c10a9c4679d
The branch, master has been updated
via 67b3de5fe34d022593ed9ce216122c10a9c4679d (commit)
via 8dedcd323bd0e93313e5f48cdbcb93115e2da6a8 (commit)
from dd68c2b19c9950ce67d78cc30546972aa04398fc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 67b3de5fe34d022593ed9ce216122c10a9c4679d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 21 22:11:38 2012 +0200
tpmtool now accepts the --inder and --outder options.
commit 8dedcd323bd0e93313e5f48cdbcb93115e2da6a8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 21 21:57:51 2012 +0200
Separated TPM key encodings from the X.509 certificates.
Added two TPM-specific encodings the DER and PEM. Even though
they look to be related the are not. The DER encoding is the
one provided using Tspi_EncodeDER_TssBlob, and the PEM is the
compatibility encoding used by create_tpm_key.
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/abstract.h | 5 +-
lib/includes/gnutls/tpm.h | 16 +++-
lib/tpm.c | 273 ++++++++++++++++++++++++----------------
src/tpmtool-args.c | 110 ++++++++++++-----
src/tpmtool-args.def | 18 +++
src/tpmtool-args.h | 14 ++-
src/tpmtool.c | 28 ++++-
7 files changed, 318 insertions(+), 146 deletions(-)
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index da6a459..0f8255b 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -27,6 +27,7 @@
#include <gnutls/x509.h>
#include <gnutls/pkcs11.h>
#include <gnutls/openpgp.h>
+#include <gnutls/tpm.h>
#ifdef __cplusplus
extern "C"
@@ -85,7 +86,7 @@ gnutls_pubkey_import_url (gnutls_pubkey_t key, const char
*url,
int
gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
const char *srk_password,
unsigned int flags);
@@ -224,7 +225,7 @@ int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
int
gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
const char *srk_password,
const char *tpm_password, unsigned int flags);
diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h
index e28e09b..386689b 100644
--- a/lib/includes/gnutls/tpm.h
+++ b/lib/includes/gnutls/tpm.h
@@ -38,11 +38,25 @@ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
#define GNUTLS_TPM_REGISTER_KEY (1<<2)
#define GNUTLS_TPM_KEY_USER (1<<3)
+/**
+ * gnutls_tpmkey_fmt_t:
+ * @GNUTLS_TPM_FMT_DER: The portable data format.
+ * @GNUTLS_TPM_FMT_PEM: A custom data format used by some openssl tools.
+ *
+ * Enumeration of different certificate encoding formats.
+ */
+ typedef enum
+ {
+ GNUTLS_TPMKEY_FMT_DER = 0,
+ GNUTLS_TPMKEY_FMT_PEM = 1
+ } gnutls_tpmkey_fmt_t;
+
int
gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
const char* srk_password,
const char* key_password,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
gnutls_datum_t* privkey,
gnutls_datum_t* pubkey,
unsigned int flags);
diff --git a/lib/tpm.c b/lib/tpm.c
index 976fee8..cc861ee 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -60,7 +60,7 @@ struct tpm_key_list_st
static void tpm_close_session(struct tpm_ctx_st *s);
static int import_tpm_key (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
TSS_UUID *uuid,
TSS_FLAG storage_type,
const char *srk_password,
@@ -315,7 +315,7 @@ static void tpm_close_session(struct tpm_ctx_st *s)
static int
import_tpm_key_cb (gnutls_privkey_t pkey, const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format, TSS_UUID *uuid,
+ gnutls_tpmkey_fmt_t format, TSS_UUID *uuid,
TSS_FLAG storage, const char *srk_password,
const char *key_password)
{
@@ -360,18 +360,88 @@ int ret, ret2;
return ret;
}
+static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
+ const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format,
+ TSS_HKEY* tpm_key)
+{
+int ret, err;
+gnutls_datum_t asn1 = { NULL, 0 };
+size_t slen;
+
+ if (format == GNUTLS_TPMKEY_FMT_PEM)
+ {
+ ret = gnutls_pem_base64_decode_alloc ("TSS KEY BLOB", fdata, &asn1);
+ if (ret)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Error decoding TSS key blob: %s\n",
+ gnutls_strerror (ret));
+ return ret;
+ }
+
+ slen = asn1.size;
+ ret = _gnutls_x509_decode_octet_string(NULL, asn1.data, asn1.size,
asn1.data, &slen);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ asn1.size = slen;
+ }
+ else /* DER */
+ {
+ UINT32 tint2;
+ UINT32 type;
+
+ asn1.size = fdata->size;
+ asn1.data = gnutls_malloc(asn1.size);
+ if (asn1.data == NULL)
+ {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tint2 = asn1.size;
+ err = Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
+ &tint2, asn1.data);
+ if (err != 0)
+ {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ asn1.size = tint2;
+ }
+
+ /* ... we get it here instead. */
+ err = Tspi_Context_LoadKeyByBlob (tpm_ctx, srk,
+ asn1.size, asn1.data, tpm_key);
+ if (err != 0)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ gnutls_free (asn1.data);
+
+ return ret;
+}
+
static int
import_tpm_key (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
TSS_UUID *uuid,
TSS_FLAG storage,
const char *srk_password,
const char *key_password)
{
- gnutls_datum_t asn1 = { NULL, 0 };
- size_t slen;
int err, ret;
struct tpm_ctx_st *s;
gnutls_datum_t tmp_sig;
@@ -392,32 +462,11 @@ import_tpm_key (gnutls_privkey_t pkey,
if (fdata != NULL)
{
- ret = gnutls_pem_base64_decode_alloc ("TSS KEY BLOB", fdata, &asn1);
- if (ret)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Error decoding TSS key blob: %s\n",
- gnutls_strerror (ret));
- goto out_session;
- }
-
- slen = asn1.size;
- ret = _gnutls_x509_decode_octet_string(NULL, asn1.data, asn1.size,
asn1.data, &slen);
+ ret = load_key(s->tpm_ctx, s->srk, fdata, format, &s->tpm_key);
if (ret < 0)
{
gnutls_assert();
- goto out_blob;
- }
- asn1.size = slen;
-
- /* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob (s->tpm_ctx, s->srk,
- asn1.size, asn1.data, &s->tpm_key);
- if (err != 0)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_blob;
+ goto out_session;
}
}
else if (uuid)
@@ -454,44 +503,43 @@ import_tpm_key (gnutls_privkey_t pkey,
if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
{
if (!s->tpm_key_policy)
- {
- err = Tspi_Context_CreateObject (s->tpm_ctx,
- TSS_OBJECT_TYPE_POLICY,
- TSS_POLICY_USAGE,
- &s->tpm_key_policy);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key;
- }
-
- err = Tspi_Policy_AssignToObject (s->tpm_key_policy, s->tpm_key);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key_policy;
- }
- }
+ {
+ err = Tspi_Context_CreateObject (s->tpm_ctx,
+ TSS_OBJECT_TYPE_POLICY,
+ TSS_POLICY_USAGE,
+ &s->tpm_key_policy);
+ if (err)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_key;
+ }
+
+ err = Tspi_Policy_AssignToObject (s->tpm_key_policy, s->tpm_key);
+ if (err)
+ {
+ gnutls_assert ();
+ ret = tss_err(err);
+ goto out_key_policy;
+ }
+ }
err = myTspi_Policy_SetSecret (s->tpm_key_policy,
- SAFE_LEN(key_password), (void *)
key_password);
+ SAFE_LEN(key_password), (void *) key_password);
if (err)
- {
- gnutls_assert ();
- ret = tss_err_key(err);
- goto out_key_policy;
- }
+ {
+ gnutls_assert ();
+ ret = tss_err_key(err);
+ goto out_key_policy;
+ }
}
else if (ret < 0)
{
gnutls_assert ();
- goto out_blob;
+ goto out_session;
}
- gnutls_free (asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
@@ -499,8 +547,6 @@ out_key_policy:
out_key:
Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
s->tpm_key = 0;
-out_blob:
- gnutls_free (asn1.data);
out_session:
tpm_close_session(s);
out_ctx:
@@ -530,7 +576,7 @@ out_ctx:
int
gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
const char *srk_password,
const char *key_password,
unsigned int flags)
@@ -819,8 +865,12 @@ int ret;
goto cleanup;
}
- ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_X509_FMT_PEM,
+ ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_PEM,
srk_password, key_password,
flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret = gnutls_privkey_import_tpm_raw (pkey, &fdata,
GNUTLS_TPMKEY_FMT_DER,
+ srk_password, key_password,
flags);
+
if (ret < 0)
{
gnutls_assert();
@@ -903,13 +953,11 @@ int ret;
static int
import_tpm_pubkey (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
TSS_UUID *uuid,
TSS_FLAG storage,
const char *srk_password)
{
-gnutls_datum_t asn1 = {NULL, 0};
-size_t slen;
int err, ret;
struct tpm_ctx_st s;
@@ -919,31 +967,11 @@ struct tpm_ctx_st s;
if (fdata != NULL)
{
- ret = gnutls_pem_base64_decode_alloc ("TSS KEY BLOB", fdata, &asn1);
- if (ret)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Error decoding TSS key blob: %s\n",
- gnutls_strerror (ret));
- goto out_session;
- }
-
- slen = asn1.size;
- ret = _gnutls_x509_decode_octet_string(NULL, asn1.data, asn1.size,
asn1.data, &slen);
+ ret = load_key(s.tpm_ctx, s.srk, fdata, format, &s.tpm_key);
if (ret < 0)
{
gnutls_assert();
- goto out_blob;
- }
- asn1.size = slen;
-
- err = Tspi_Context_LoadKeyByBlob (s.tpm_ctx, s.srk,
- asn1.size, asn1.data, &s.tpm_key);
- if (err != 0)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_blob;
+ goto out_session;
}
}
else if (uuid)
@@ -969,12 +997,10 @@ struct tpm_ctx_st s;
if (ret < 0)
{
gnutls_assert();
- goto out_blob;
+ goto out_session;
}
ret = 0;
-out_blob:
- gnutls_free (asn1.data);
out_session:
tpm_close_session(&s);
return ret;
@@ -982,11 +1008,11 @@ out_session:
static int
import_tpm_pubkey_cb (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password)
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID *uuid,
+ TSS_FLAG storage,
+ const char *srk_password)
{
unsigned int attempts = 0;
char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
@@ -1041,7 +1067,7 @@ int ret;
int
gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
const char *srk_password,
unsigned int flags)
{
@@ -1097,8 +1123,11 @@ int ret;
goto cleanup;
}
- ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_X509_FMT_PEM,
- srk_password, flags);
+ ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_PEM,
+ srk_password, flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata,
GNUTLS_TPMKEY_FMT_DER,
+ srk_password, flags);
if (ret < 0)
{
gnutls_assert();
@@ -1132,8 +1161,10 @@ cleanup:
* @bits: the security bits
* @srk_password: a password to protect the exported key (optional)
* @key_password: the password for the TPM (optional)
+ * @format: the format of the private key
+ * @pub_format: the format of the public key
* @privkey: the generated key
- * @pubkey: the corresponding public key
+ * @pubkey: the corresponding public key (may be null)
* @flags: should be a list of %GNUTLS_TPM flags
*
* This function will generate a private key in the TPM
@@ -1162,7 +1193,8 @@ int
gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
const char* srk_password,
const char* key_password,
- gnutls_x509_crt_fmt_t format,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
gnutls_datum_t* privkey,
gnutls_datum_t* pubkey,
unsigned int flags)
@@ -1323,15 +1355,16 @@ uint8_t buf[32];
goto err_sa;
}
- ret = _gnutls_x509_encode_octet_string(tdata, tint, &tmpkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- if (format == GNUTLS_X509_FMT_PEM)
+ if (format == GNUTLS_TPMKEY_FMT_PEM)
{
+ ret = _gnutls_x509_encode_octet_string(tdata, tint, &tmpkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
ret = _gnutls_fbase64_encode ("TSS KEY BLOB", tmpkey.data,
tmpkey.size, privkey);
if (ret < 0)
{
@@ -1341,6 +1374,29 @@ uint8_t buf[32];
}
else
{
+ UINT32 tint2;
+
+ tmpkey.size = tint + 32; /* spec says no more than 20 */
+ tmpkey.data = gnutls_malloc(tmpkey.size);
+ if (tmpkey.data == NULL)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tint2 = tmpkey.size;
+ tssret = Tspi_EncodeDER_TssBlob(tint, tdata,
TSS_BLOB_TYPE_PRIVATEKEY,
+ &tint2, tmpkey.data);
+ if (tssret != 0)
+ {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tmpkey.size = tint2;
+
privkey->data = tmpkey.data;
privkey->size = tmpkey.size;
tmpkey.data = NULL;
@@ -1348,7 +1404,8 @@ uint8_t buf[32];
}
/* read the public key */
- {
+ if (pubkey != NULL)
+ {
size_t psize;
ret = gnutls_pubkey_init(&pub);
@@ -1374,7 +1431,7 @@ uint8_t buf[32];
goto pubkey_cleanup;
}
- ret = gnutls_pubkey_export(pub, format, pubkey->data, &psize);
+ ret = gnutls_pubkey_export(pub, pub_format, pubkey->data, &psize);
if (ret < 0)
{
gnutls_assert();
@@ -1383,7 +1440,7 @@ uint8_t buf[32];
pubkey->size = psize;
gnutls_pubkey_deinit(pub);
- }
+ }
ret = 0;
goto cleanup;
diff --git a/src/tpmtool-args.c b/src/tpmtool-args.c
index cc50de3..886e522 100644
--- a/src/tpmtool-args.c
+++ b/src/tpmtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.c)
*
- * It has been AutoGen-ed July 20, 2012 at 10:21:17 PM by AutoGen 5.16
+ * It has been AutoGen-ed July 21, 2012 at 10:09:08 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* tpmtool option static const strings
*/
-static char const tpmtool_opt_strs[2031] =
+static char const tpmtool_opt_strs[2126] =
/* 0 */ "tpmtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -126,21 +126,28 @@ static char const tpmtool_opt_strs[2031] =
/* 1553 */ "Specify the number of bits for key generate\0"
/* 1597 */ "BITS\0"
/* 1602 */ "bits\0"
-/* 1607 */ "Display extended usage information and exit\0"
-/* 1651 */ "help\0"
-/* 1656 */ "Extended usage information passed thru pager\0"
-/* 1701 */ "more-help\0"
-/* 1711 */ "Output version information and exit\0"
-/* 1747 */ "version\0"
-/* 1755 */ "TPMTOOL\0"
-/* 1763 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
+/* 1607 */ "Use the DER format for keys.\0"
+/* 1636 */ "INDER\0"
+/* 1642 */ "no-inder\0"
+/* 1651 */ "no\0"
+/* 1654 */ "Use DER format for output keys\0"
+/* 1685 */ "OUTDER\0"
+/* 1692 */ "no-outder\0"
+/* 1702 */ "Display extended usage information and exit\0"
+/* 1746 */ "help\0"
+/* 1751 */ "Extended usage information passed thru pager\0"
+/* 1796 */ "more-help\0"
+/* 1806 */ "Output version information and exit\0"
+/* 1842 */ "version\0"
+/* 1850 */ "TPMTOOL\0"
+/* 1858 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 1864 */ "address@hidden"
-/* 1883 */ "\n\n\0"
-/* 1886 */ "\n"
+/* 1959 */ "address@hidden"
+/* 1978 */ "\n\n\0"
+/* 1981 */ "\n"
"Program that allows handling cryptographic data from the TPM
chip.\n\0"
-/* 1955 */ "tpmtool @address@hidden"
-/* 1973 */ "tpmtool [options]\n"
+/* 2050 */ "tpmtool @address@hidden"
+/* 2068 */ "tpmtool [options]\n"
"tpmtool --help for usage instructions.\n";
/*
@@ -286,13 +293,33 @@ static int const aSystemCantList[] = {
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
+ * inder option description:
+ */
+#define INDER_DESC (tpmtool_opt_strs+1607)
+#define INDER_NAME (tpmtool_opt_strs+1636)
+#define NOT_INDER_name (tpmtool_opt_strs+1642)
+#define NOT_INDER_PFX (tpmtool_opt_strs+1651)
+#define INDER_name (NOT_INDER_name + 3)
+#define INDER_FLAGS (OPTST_DISABLED)
+
+/*
+ * outder option description:
+ */
+#define OUTDER_DESC (tpmtool_opt_strs+1654)
+#define OUTDER_NAME (tpmtool_opt_strs+1685)
+#define NOT_OUTDER_name (tpmtool_opt_strs+1692)
+#define NOT_OUTDER_PFX (tpmtool_opt_strs+1651)
+#define OUTDER_name (NOT_OUTDER_name + 3)
+#define OUTDER_FLAGS (OPTST_DISABLED)
+
+/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (tpmtool_opt_strs+1607)
-#define HELP_name (tpmtool_opt_strs+1651)
+#define HELP_DESC (tpmtool_opt_strs+1702)
+#define HELP_name (tpmtool_opt_strs+1746)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (tpmtool_opt_strs+1656)
-#define MORE_HELP_name (tpmtool_opt_strs+1701)
+#define MORE_HELP_DESC (tpmtool_opt_strs+1751)
+#define MORE_HELP_name (tpmtool_opt_strs+1796)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -305,8 +332,8 @@ static int const aSystemCantList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (tpmtool_opt_strs+1711)
-#define VER_name (tpmtool_opt_strs+1747)
+#define VER_DESC (tpmtool_opt_strs+1806)
+#define VER_name (tpmtool_opt_strs+1842)
/*
* Declare option callback procedures
*/
@@ -494,6 +521,30 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name,
/* disablement strs */ NULL, NULL },
+ { /* entry idx, value */ 14, VALUE_OPT_INDER,
+ /* equiv idx, value */ 14, VALUE_OPT_INDER,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ INDER_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --inder */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
+ /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
+
+ { /* entry idx, value */ 15, VALUE_OPT_OUTDER,
+ /* equiv idx, value */ 15, VALUE_OPT_OUTDER,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ OUTDER_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --outder */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
+ /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
+
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, VALUE_OPT_VERSION,
/* equivalenced to */ NO_EQUIVALENT,
@@ -538,14 +589,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the tpmtool Option Environment
*/
-#define zPROGNAME (tpmtool_opt_strs+1755)
-#define zUsageTitle (tpmtool_opt_strs+1763)
+#define zPROGNAME (tpmtool_opt_strs+1850)
+#define zUsageTitle (tpmtool_opt_strs+1858)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (tpmtool_opt_strs+1864)
-#define zExplain (tpmtool_opt_strs+1883)
-#define zDetail (tpmtool_opt_strs+1886)
-#define zFullVersion (tpmtool_opt_strs+1955)
+#define zBugsAddr (tpmtool_opt_strs+1959)
+#define zExplain (tpmtool_opt_strs+1978)
+#define zDetail (tpmtool_opt_strs+1981)
+#define zFullVersion (tpmtool_opt_strs+2050)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -559,7 +610,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define tpmtool_full_usage (NULL)
-#define tpmtool_short_usage (tpmtool_opt_strs+1973)
+#define tpmtool_short_usage (tpmtool_opt_strs+2068)
#endif /* not defined __doxygen__ */
@@ -681,6 +732,7 @@ tOptions tpmtoolOptions = {
+ OPTPROC_SHORTOPT
+ OPTPROC_LONGOPT
+ OPTPROC_NO_REQ_OPT
+ + OPTPROC_NEGATIONS
+ OPTPROC_NO_ARGS
+ OPTPROC_GNUUSAGE
+ OPTPROC_MISUSE ),
@@ -701,7 +753,7 @@ tOptions tpmtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 17 /* full option count */, 14 /* user option count */,
+ 19 /* full option count */, 16 /* user option count */,
tpmtool_full_usage, tpmtool_short_usage,
NULL, NULL,
PKGDATADIR, tpmtool_packager_info
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def
index 5afc0fa..48b01f6 100644
--- a/src/tpmtool-args.def
+++ b/src/tpmtool-args.def
@@ -96,6 +96,24 @@ flag = {
doc = "";
};
+flag = {
+ name = inder;
+ descrip = "Use the DER format for keys.";
+ disabled;
+ disable = "no";
+ doc = "The input files will be assumed to be in the portable
+DER format of TPM. The default format is a custom format used by various
+TPM tools";
+};
+
+flag = {
+ name = outder;
+ descrip = "Use DER format for output keys";
+ disabled;
+ disable = "no";
+ doc = "The output will be in the TPM portable DER format.";
+};
+
doc-section = {
ds-type = 'SEE ALSO';
ds-format = 'texi';
diff --git a/src/tpmtool-args.h b/src/tpmtool-args.h
index d268f28..6666794 100644
--- a/src/tpmtool-args.h
+++ b/src/tpmtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.h)
*
- * It has been AutoGen-ed July 20, 2012 at 10:21:17 PM by AutoGen 5.16
+ * It has been AutoGen-ed July 21, 2012 at 10:09:08 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -81,12 +81,14 @@ typedef enum {
INDEX_OPT_DELETE = 11,
INDEX_OPT_SEC_PARAM = 12,
INDEX_OPT_BITS = 13,
- INDEX_OPT_VERSION = 14,
- INDEX_OPT_HELP = 15,
- INDEX_OPT_MORE_HELP = 16
+ INDEX_OPT_INDER = 14,
+ INDEX_OPT_OUTDER = 15,
+ INDEX_OPT_VERSION = 16,
+ INDEX_OPT_HELP = 17,
+ INDEX_OPT_MORE_HELP = 18
} teOptIndex;
-#define OPTION_CT 17
+#define OPTION_CT 19
#define TPMTOOL_VERSION "@VERSION@"
#define TPMTOOL_FULL_VERSION "tpmtool @VERSION@"
@@ -142,6 +144,8 @@ typedef enum {
#define VALUE_OPT_BITS 13
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
+#define VALUE_OPT_INDER 14
+#define VALUE_OPT_OUTDER 15
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
diff --git a/src/tpmtool.c b/src/tpmtool.c
index edd219a..25cee8e 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -55,6 +55,9 @@ static void tpm_pubkey(const char* url, FILE* outfile);
static void tpm_delete(const char* url, FILE* outfile);
static void tpm_list(FILE* outfile);
+static gnutls_x509_crt_fmt_t incert_format, outcert_format;
+static gnutls_tpmkey_fmt_t inkey_format, outkey_format;
+
static FILE *outfile;
static FILE *infile;
int batch = 0;
@@ -95,6 +98,28 @@ cmd_parser (int argc, char **argv)
if (HAVE_OPT(DEBUG))
debug = OPT_VALUE_DEBUG;
+ if (HAVE_OPT(INDER))
+ {
+ incert_format = GNUTLS_X509_FMT_DER;
+ inkey_format = GNUTLS_TPMKEY_FMT_DER;
+ }
+ else
+ {
+ incert_format = GNUTLS_X509_FMT_PEM;
+ inkey_format = GNUTLS_TPMKEY_FMT_PEM;
+ }
+
+ if (HAVE_OPT(OUTDER))
+ {
+ outcert_format = GNUTLS_X509_FMT_DER;
+ outkey_format = GNUTLS_TPMKEY_FMT_DER;
+ }
+ else
+ {
+ outcert_format = GNUTLS_X509_FMT_PEM;
+ outkey_format = GNUTLS_TPMKEY_FMT_PEM;
+ }
+
if (HAVE_OPT(REGISTER))
genflags |= GNUTLS_TPM_REGISTER_KEY;
if (!HAVE_OPT(LEGACY))
@@ -177,7 +202,8 @@ static void tpm_generate(FILE* outfile, unsigned int
key_type, unsigned int bits
key_pass = strdup(srk_pass);
ret = gnutls_tpm_privkey_generate(key_type, bits, srk_pass, key_pass,
- GNUTLS_X509_FMT_PEM, &privkey, &pubkey,
+ outkey_format, outcert_format,
+ &privkey, &pubkey,
flags);
free(key_pass);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-78-g67b3de5,
Nikos Mavrogiannopoulos <=