Showing with 723 additions and 3 deletions.

+7 −2 .travis.yml

+3 −0 Makefile.am

+1 −1 configure.ac

+5 −0 lib/tpm2_util.h

+61 −0 man/tpm2_import.1.md

+77 −0 test/system/test_tpm2_import.sh

+569 −0 tools/tpm2_import.c
diff --git a/.travis.yml b/.travis.yml
@@ -21,8 +21,6 @@ addons:
   apt:
     packages:
     - autoconf-archive
-    - openssl
-    - libssl-dev
     - libcurl4-openssl-dev
     - libdbus-1-dev
     - libglib2.0-dev
@@ -65,6 +63,13 @@ install:
     - sha256sum libcmocka0_1.0.1-2_amd64.deb | grep -q 797155b45a8288a860c4ed9dd3f161420f09ebf362de30166d9f6b98bfc27dd0
     - sudo dpkg -i libcmocka0_1.0.1-2_amd64.deb
     - sudo dpkg -i libcmocka-dev_1.0.1-2_amd64.deb
+    # openssl 1.0.2g
+    - wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb
+    - wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.0.2g-1ubuntu4.6_amd64.deb
+    - sha256sum libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb | grep -q b858321c5858533399320fc2d849962c25288fe17f545dc4fb3ce99630cea5fe
+    - sha256sum libssl-dev_1.0.2g-1ubuntu4.6_amd64.deb | grep -q e4ad54c12aaf88d65c04eaccf1e07baf81ab3d14acf7e118137e8b1e10bdd06b
+    - sudo dpkg -i libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb
+    - sudo dpkg -i libssl-dev_1.0.2g-1ubuntu4.6_amd64.deb
 
 script:
     - ./.ci/travis-build-and-run-tests.sh

diff --git a/Makefile.am b/Makefile.am
@@ -63,6 +63,7 @@ bin_PROGRAMS = \
     tools/tpm2_getrandom \
     tools/tpm2_hash \
     tools/tpm2_hmac \
+    tools/tpm2_import \
     tools/tpm2_listpersistent \
     tools/tpm2_load \
     tools/tpm2_loadexternal \
@@ -178,6 +179,7 @@ tools_tpm2_createpolicy_SOURCES = tools/tpm2_createpolicy.c $(TOOL_SRC)
 tools_tpm2_pcrextend_SOURCES = tools/tpm2_pcrextend.c $(TOOL_SRC)
 tools_tpm2_pcrevent_SOURCES = tools/tpm2_pcrevent.c $(TOOL_SRC)
 tools_tpm2_rc_decode_SOURCES = tools/tpm2_rc_decode.c $(TOOL_SRC)
+tools_tpm2_import_SOURCES = tools/tpm2_import.c $(TOOL_SRC)
 
 if UNIT
 TESTS = $(check_PROGRAMS)
@@ -251,6 +253,7 @@ if HAVE_PANDOC
     man/man1/tpm2_getrandom.1 \
     man/man1/tpm2_hash.1 \
     man/man1/tpm2_hmac.1 \
+    man/man1/tpm2_import.1 \
     man/man1/tpm2_listpersistent.1 \
     man/man1/tpm2_load.1 \
     man/man1/tpm2_loadexternal.1 \

diff --git a/configure.ac b/configure.ac
@@ -75,7 +75,7 @@ AS_IF(
     [AC_MSG_ERROR(
         [no TCTIs: at least one TCTI library must be enabled],
         [1])])
-PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g])
 PKG_CHECK_MODULES([CURL],[libcurl])
 AC_ARG_ENABLE([unit],
             [AS_HELP_STRING([--enable-unit],

diff --git a/lib/tpm2_util.h b/lib/tpm2_util.h
@@ -88,6 +88,11 @@
         .cmdAuths = array, \
     }
 
+#define TSS2_SYS_RSP_AUTHS_INIT(array) { \
+        .rspAuthsCount = ARRAY_LEN(array), \
+        .rspAuths = array, \
+    }
+
 int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLenth, BYTE *byteBuffer);
 
 /**

diff --git a/man/tpm2_import.1.md b/man/tpm2_import.1.md
@@ -0,0 +1,61 @@
+tpm2_import 1 "SEPTEMBER 2017" tpm2-tools
+==================================================
+
+NAME
+----
+
+tpm2_import(8) - imports an external key (AES-128) into the tpm as a TPM managed key object.
+
+SYNOPSIS
+--------
+
+`tpm2_import` [OPTIONS]
+
+DESCRIPTION
+-----------
+This tool imports an external key (Symmetric AES-128) as TPM managed key object.
+It requires the parent handle be persistent and an object of type RSA key.
+
+OPTIONS
+-------
+
+These options control the key importation process:
+
+  * `-k`, `--input-key-file`=_FILE_:
+    Specifies the filename of symmetric key (128 bit data) to be imported.
+
+  * `-H`, `--parent-key-handle`=_HANDLE_:
+    Specifies the persistent parent key handle.
+
+  * `-f`, `--parent-key-public`=_FILE_:
+    Specifies the parent key public data file input. This can be read with
+    tpm2_readpublic tool.
+
+  * `-r`, `--import-key-private`=_FILE_:
+    Specifies the file path required to save the encrypted private portion of
+    the object imported as key.
+
+  * `-q`, `--import-key-public`=_FILE_:
+    Specifies the file path required to save the public portion of the object imported as key
+
+[common options](common/options.md)
+
+[common tcti options](common/tcti.md)
+
+EXAMPLES
+--------
+
+tpm2_import -k sym.key -H 0x81010001 -f parent.pub -q import_key.pub -r import_key.priv
+
+RETURNS
+-------
+0 on success or 1 on failure.
+
+BUGS
+----
+[Github Issues](https://github.com/01org/tpm2-tools/issues)
+
+HELP
+----
+See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
+
diff --git a/test/system/test_tpm2_import.sh b/test/system/test_tpm2_import.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+#;**********************************************************************;
+#
+# Copyright (c) 2017, Intel Corporation
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of Intel Corporation nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#;**********************************************************************;
+
+onerror() {
+    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
+    exit 1
+}
+trap onerror ERR
+
+cleanup() {
+    tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005 2>/dev/null
+    rm -f import_key.ctx  import_key.name  import_key.priv  import_key.pub \
+          parent.ctx parent.pub  plain.dec.ssl  plain.enc  plain.txt  sym.key
+}
+trap cleanup EXIT
+
+cleanup
+
+tpm2_createprimary -G 1 -g 0xb -A o -C parent.ctx
+tpm2_evictcontrol -A o -c parent.ctx -S 0x81010005
+
+dd if=/dev/urandom of=sym.key bs=1 count=16
+
+tpm2_readpublic -H 0x81010005 --opu parent.pub
+
+tpm2_import -k sym.key -H 0x81010005 -f parent.pub -q import_key.pub \
+-r import_key.priv
+
+tpm2_load  -H 0x81010005 -u import_key.pub -r import_key.priv -n import_key.name \
+-C import_key.ctx
+
+echo "plaintext" > "plain.txt"
+
+tpm2_encryptdecrypt -c import_key.ctx -D NO -I plain.txt -o plain.enc
+
+openssl enc -in plain.enc -out plain.dec.ssl -d -K `xxd -p sym.key` -iv 0 \
+-aes-128-cfb
+
+diff plain.txt plain.dec.ssl
+if [ $? != 0 ];then
+echo "TEST: tpm2_import failed"
+exit 1
+fi
+
+echo "TEST: tpm2_import succeeded"
+
+exit 0