1 //**********************************************************************;
2 // Copyright (c) 2017, SUSE Linux GmbH
3 // All rights reserved.
5 // Redistribution and use in source and binary forms, with or without
6 // modification, are permitted provided that the following conditions are met:
8 // 1. Redistributions of source code must retain the above copyright notice,
9 // this list of conditions and the following disclaimer.
11 // 2. Redistributions in binary form must reproduce the above copyright notice,
12 // this list of conditions and the following disclaimer in the documentation
13 // and/or other materials provided with the distribution.
15 // 3. Neither the name of Intel Corporation nor the names of its contributors
16 // may be used to endorse or promote products derived from this software without
17 // specific prior written permission.
19 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 // ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
23 // LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 // CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 // SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 // CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
29 // THE POSSIBILITY OF SUCH DAMAGE.
30 //**********************************************************************;
35 #include <openssl/rsa.h>
36 #include <openssl/pem.h>
37 #include <openssl/bn.h>
38 #include <openssl/err.h>
42 #include "tpm2_alg_util.h"
43 #include "tpm2_convert.h"
44 #include "tpm2_util.h"
46 static bool tpm2_convert_pubkey_ssl(TPMT_PUBLIC *public, tpm2_convert_pubkey_fmt format, const char *path);
48 tpm2_convert_pubkey_fmt tpm2_convert_pubkey_fmt_from_optarg(const char *label) {
49 if (strcasecmp(label, "der") == 0) {
50 return pubkey_format_der;
52 else if (strcasecmp(label, "pem") == 0) {
53 return pubkey_format_pem;
55 else if (strcasecmp(label, "tss") == 0) {
56 return pubkey_format_tss;
59 LOG_ERR("Invalid public key output format '%s' specified", label);
61 return pubkey_format_err;
64 tpm2_convert_sig_fmt tpm2_convert_sig_fmt_from_optarg(const char *label) {
65 if (strcasecmp(label, "tss") == 0) {
66 return signature_format_tss;
68 else if (strcasecmp(label, "plain") == 0) {
69 return signature_format_plain;
72 LOG_ERR("Invalid signature output format '%s' specified", label);
74 return signature_format_err;
77 static void print_ssl_error(const char *failed_action) {
78 char errstr[256] = {0};
79 unsigned long errnum = ERR_get_error();
81 ERR_error_string_n(errnum, errstr, sizeof(errstr));
82 LOG_ERR("%s: %s", failed_action, errstr);
85 bool tpm2_convert_pubkey_save(TPM2B_PUBLIC *public, tpm2_convert_pubkey_fmt format, const char *path) {
87 if (format == pubkey_format_der || format == pubkey_format_pem) {
88 return tpm2_convert_pubkey_ssl(&public->publicArea, format, path);
90 else if (format == pubkey_format_tss) {
91 return files_save_public(public, path);
94 LOG_ERR("Unsupported public key output format.");
98 static bool tpm2_convert_pubkey_ssl(TPMT_PUBLIC *public, tpm2_convert_pubkey_fmt format, const char *path) {
101 RSA *ssl_rsa_key = NULL;
102 BIGNUM *e = NULL, *n = NULL;
104 // need this before the first SSL call for getting human readable error
105 // strings in print_ssl_error()
106 ERR_load_crypto_strings();
108 if (public->type != TPM2_ALG_RSA) {
109 LOG_ERR("Unsupported key type for requested output format. Only RSA is supported.");
113 UINT32 exponent = (public->parameters).rsaDetail.exponent;
118 // OpenSSL expects this in network byte order
119 exponent = tpm2_util_hton_32(exponent);
120 ssl_rsa_key = RSA_new();
122 print_ssl_error("Failed to allocate OpenSSL RSA structure");
126 e = BN_bin2bn((void*)&exponent, sizeof(exponent), NULL);
127 n = BN_bin2bn(public->unique.rsa.buffer, public->unique.rsa.size,
131 print_ssl_error("Failed to convert data to SSL internal format");
135 #if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
139 if (!RSA_set0_key(ssl_rsa_key, n, e, NULL)) {
140 print_ssl_error("Failed to set RSA modulus and exponent components");
145 /* modulus and exponent components are now owned by the RSA struct */
148 fp = fopen(path, "wb");
150 LOG_ERR("Failed to open public key output file '%s': %s",
151 path, strerror(errno));
158 case pubkey_format_pem:
159 ssl_res = PEM_write_RSA_PUBKEY(fp, ssl_rsa_key);
161 case pubkey_format_der:
162 ssl_res = i2d_RSA_PUBKEY_fp(fp, ssl_rsa_key);
165 LOG_ERR("Invalid OpenSSL target format %d encountered", format);
170 print_ssl_error("OpenSSL public key conversion failed");
187 RSA_free(ssl_rsa_key);
194 bool tpm2_convert_sig(TPMT_SIGNATURE *signature, tpm2_convert_sig_fmt format, const char *path) {
197 case signature_format_tss:
198 return files_save_signature(signature, path);
199 case signature_format_plain: {
203 buffer = tpm2_extract_plain_signature(&size, signature);
204 if (buffer == NULL) {
208 bool ret = files_save_bytes_to_file(path, buffer, size);
213 LOG_ERR("Unsupported signature output format.");