Add create_ek() to tpm.rs

Signed-off-by: Lily Sturmann <lsturman@redhat.com>
keylime · Nov 12, 2020 · 72bad05 · 72bad05
1 parent 2added7
commit 72bad05
Showing 1 changed file with 36 additions and 2 deletions.
diff --git a/src/tpm.rs b/src/tpm.rs
@@ -1,10 +1,11 @@
 use std::str::FromStr;
 
+use crate::common::config_get;
 use crate::Result;
 
 use tss_esapi::{
-    constants::{algorithm::HashingAlgorithm, tss::*},
-    Context, Tcti,
+    abstraction::ek, constants::algorithm::AsymmetricAlgorithm,
+    handles::KeyHandle, Context, Tcti,
 };
 
 /*
@@ -24,3 +25,36 @@ pub(crate) fn get_tpm2_ctx() -> Result<tss_esapi::Context> {
     let tcti = Tcti::from_str(tcti_path)?;
     unsafe { Context::new(tcti) }.map_err(|e| e.into())
 }
+
+/*
+ * Input: Connection context, asymmetric algo (optional)
+ * Return: (Key handle, public cert)
+ * Example call:
+ * let (key, cert) = tpm::create_ek(context, Some(AsymmetricAlgorithm::Rsa))
+ */
+pub(crate) fn create_ek(
+    context: &mut Context,
+    alg: Option<AsymmetricAlgorithm>,
+) -> Result<(KeyHandle, Vec<u8>)> {
+    let alg = match alg {
+        Some(a) => a,
+        None => {
+            // TODO: What other values could be in keylime.conf?
+            match config_get(
+                "/etc/keylime.conf",
+                "cloud_agent",
+                "tpm_encryption_alg",
+            )?
+            .as_str()
+            {
+                "rsa" => AsymmetricAlgorithm::Rsa,
+                _ => AsymmetricAlgorithm::Ecc,
+            }
+        }
+    };
+
+    let handle = ek::create_ek_object(context, alg)?;
+    let cert = ek::retrieve_ek_pubcert(context, alg)?;
+
+    Ok((handle, cert))
+}