Added -K argument for the user supplied password ThisIsMyKeyAuth

Author: aidangarske

README.md

@@ -574,22 +574,8 @@ server:
 
     $ ./examples/echoserver/echoserver
 
-From another terminal run the client with the keyblob. You must specify which
-key type to use:
-
-Using primary endorsement key (recommened)
-    $ ./examples/client/client -i ../wolfTPM/keyblob.bin -u hansel -s pk
-
-Using storage root key
-    $ ./examples/client/client -i ../wolfTPM/keyblob.bin -u hansel -s srk
-
-For debuging run server like above then:
-
-    $ <lldb, gdb, etc.> ./examples/client/client
-
-Set break point or just run:
-
-    $ r -i ../wolfTPM/keyblob.bin -u hansel
+From another terminal run the client with the keyblob. Using primary endorsement key
+    $ ./examples/client/client -i ../wolfTPM/keyblob.bin -u hansel -K <keyAuth>
 
 WOLFSSH APPLICATIONS
 ====================

configure.ac

@@ -237,8 +237,6 @@ AS_IF([test "x$ENABLED_SSHCLIENT" = "xyes"],
       [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_SSHCLIENT"])
 AS_IF([test "x$ENABLED_TPM" = "xyes"],
       [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_TPM"])
-AS_IF([test "x$ENABLED_SMALLSTACK" = "xyes"],
-      [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_SMALL_STACK"])
 
 if test "$ENABLED_SSHD" = "yes"; then
     if test -n "$PAM_LIB"

examples/client/client.c

@@ -93,6 +93,9 @@ static void ShowUsage(void)
     printf(" -p <num>      port to connect on, default %d\n", wolfSshPort);
     printf(" -u <username> username to authenticate as (REQUIRED)\n");
     printf(" -P <password> password for username, prompted if omitted\n");
+#ifdef WOLFSSH_TPM
+    printf(" -K <password> TPM key authentication password\n");
+#endif
     printf(" -i <filename> filename for the user's private key\n");
     printf(" -j <filename> filename for the user's public key\n");
     printf(" -x            exit after successful connection without doing\n"
@@ -644,6 +647,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
     char* host = (char*)wolfSshIp;
     const char* username = NULL;
     const char* password = NULL;
+    const char* tpmKeyAuth = NULL;
     const char* cmd      = NULL;
     const char* privKeyName = NULL;
     const char* keyList = NULL;
@@ -665,7 +669,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
 
     (void)keepOpen;
 
-    while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:q")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:qK:")) != -1) {
         switch (ch) {
             case 'h':
                 host = myoptarg;
@@ -769,6 +773,12 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
                 break;
         #endif
 
+        #ifdef WOLFSSH_TPM
+            case 'K':
+                tpmKeyAuth = myoptarg;
+                break;
+        #endif
+
             case '?':
                 ShowUsage();
                 exit(EXIT_SUCCESS);
@@ -798,7 +808,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
     }
     #endif
 #endif
-    ret = ClientSetPrivateKey(privKeyName, userEcc, NULL);
+    ret = ClientSetPrivateKey(privKeyName, userEcc, NULL, tpmKeyAuth);
     if (ret != 0) {
         err_sys("Error setting private key");
     }
@@ -853,7 +863,8 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
         err_sys("Couldn't create wolfSSH session.");
 
 #ifdef WOLFSSH_TPM
-    CLientSetTpm(ssh);
+    if (tpmKeyAuth != NULL)
+        ClientSetTpm(ssh);
 #endif
 #if defined(WOLFSSL_PTHREADS) && defined(WOLFSSL_TEST_GLOBAL_REQ)
     wolfSSH_SetGlobalReq(ctx, callbackGlobalReq);

examples/client/common.c

@@ -756,13 +756,6 @@ int ClientUseCert(const char* certName, void* heap)
 
 #ifdef WOLFSSH_TPM
 
-/* Key Authentication Password */
-#ifndef WOLFSSH_TPM_KEY_AUTH
-    #define WOLFSSH_TPM_KEY_AUTH      "ThisIsMyKeyAuth"
-#endif
-
-static const char gKeyAuth[] = WOLFSSH_TPM_KEY_AUTH;
-
 static int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
 {
     int rc = 0;
@@ -848,7 +841,7 @@ static int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
 }
 
 static int wolfSSH_TPM_InitKey(WOLFTPM2_DEV* dev, const char* name,
-                               WOLFTPM2_KEY* pTpmKey)
+    WOLFTPM2_KEY* pTpmKey, const char* tpmKeyAuth)
 {
     int rc = 0;
     WOLFTPM2_KEY endorse;
@@ -862,7 +855,8 @@ static int wolfSSH_TPM_InitKey(WOLFTPM2_DEV* dev, const char* name,
     if (rc == 0) {
         rc = wolfTPM2_Init(dev, TPM2_IoCb, NULL);
         if (rc != 0) {
-            WLOG(WS_LOG_DEBUG, "TPM 2.0 Device initialization failed, rc: %d", rc);
+            WLOG(WS_LOG_DEBUG,
+                "TPM 2.0 Device initialization failed, rc: %d", rc);
         }
     }
 
@@ -879,7 +873,8 @@ static int wolfSSH_TPM_InitKey(WOLFTPM2_DEV* dev, const char* name,
         endorse.handle.policyAuth = 1;
         rc = wolfTPM2_CreateAuthSession_EkPolicy(dev, &tpmSession);
         if (rc != 0) {
-            WLOG(WS_LOG_DEBUG, "Creating EK policy session failed, rc: %d", rc);
+            WLOG(WS_LOG_DEBUG,
+                "Creating EK policy session failed, rc: %d", rc);
         }
     }
 
@@ -899,10 +894,10 @@ static int wolfSSH_TPM_InitKey(WOLFTPM2_DEV* dev, const char* name,
         }
     }
 
-    /* Set auth for key */
-    if (rc == 0) {
-        tpmKeyBlob.handle.auth.size = (int)sizeof(gKeyAuth)-1;
-        XMEMCPY(tpmKeyBlob.handle.auth.buffer, gKeyAuth,
+    /* Use global auth if provided */
+    if (rc == 0 && tpmKeyAuth != NULL) {
+        tpmKeyBlob.handle.auth.size = (word32)XSTRLEN(tpmKeyAuth);
+        XMEMCPY(tpmKeyBlob.handle.auth.buffer, tpmKeyAuth,
             tpmKeyBlob.handle.auth.size);
     }
 
@@ -963,9 +958,8 @@ static void wolfSSH_TPM_Cleanup(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key)
     WLOG(WS_LOG_DEBUG, "Leaving wolfSSH_TPM_Cleanup()");
 }
 
-/* Set the tpm device and
- * key for the client side */
-int CLientSetTpm(WOLFSSH* ssh)
+/* Set the tpm device and key for the client side */
+int ClientSetTpm(WOLFSSH* ssh)
 {
     if (ssh != NULL) {
         wolfSSH_SetTpmDev(ssh, &tpmDev);
@@ -979,9 +973,11 @@ int CLientSetTpm(WOLFSSH* ssh)
 
 /* Reads the private key to use from file name privKeyName.
  * returns 0 on success */
-int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap)
+int ClientSetPrivateKey(const char* privKeyName, int userEcc,
+    void* heap, const char* tpmKeyAuth)
 {
     int ret = 0;
+    (void)tpmKeyAuth; /* Not used*/
 
     if (privKeyName == NULL) {
         if (userEcc) {
@@ -1015,7 +1011,7 @@ int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap)
          */
         WMEMSET(&tpmDev, 0, sizeof(tpmDev));
         WMEMSET(&tpmKey, 0, sizeof(tpmKey));
-        ret = wolfSSH_TPM_InitKey(&tpmDev, privKeyName, &tpmKey);
+        ret = wolfSSH_TPM_InitKey(&tpmDev, privKeyName, &tpmKey, tpmKeyAuth);
     #elif !defined(NO_FILESYSTEM)
         userPrivateKey = NULL; /* create new buffer based on parsed input */
         userPrivateKeyAlloc = 1;

examples/client/common.h

@@ -22,18 +22,18 @@
 #define WOLFSSH_COMMON_H
 int ClientLoadCA(WOLFSSH_CTX* ctx, const char* caCert);
 int ClientUsePubKey(const char* pubKeyName, int userEcc, void* heap);
-int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap);
+int ClientSetPrivateKey(const char* privKeyName, int userEcc,
+        void* heap, const char* tpmKeyAuth);
 int ClientUseCert(const char* certName, void* heap);
 int ClientSetEcho(int type);
 int ClientUserAuth(byte authType,
-                      WS_UserAuthData* authData,
-                      void* ctx);
+        WS_UserAuthData* authData, void* ctx);
 int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx);
 void ClientIPOverride(int flag);
 void ClientFreeBuffers(const char* pubKeyName, const char* privKeyName,
         void* heap);
 #ifdef WOLFSSH_TPM
-int CLientSetTpm(WOLFSSH* ssh);
+int ClientSetTpm(WOLFSSH* ssh);
 #endif
 
 #endif /* WOLFSSH_COMMON_H */