Skip to content

Commit 5cea35b

Browse files
mcrmcr
committed
feat: allow cmdline argument to choose choice of algorithm
1 parent b8659bf commit 5cea35b

File tree

2 files changed

+49
-23
lines changed

2 files changed

+49
-23
lines changed

tss-esapi/Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ strum = { version = "0.26.3", optional = true }
6464
strum_macros = { version = "0.26.4", optional = true }
6565
paste = "1.0.14"
6666
getrandom = "0.2.11"
67+
env = "*"
6768

6869
[dev-dependencies]
6970
serial_test = { version = "*", features = ["file_locks"] }

tss-esapi/examples/certify.rs

Lines changed: 48 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -111,10 +111,12 @@ use tss_esapi::{
111111
interface_types::{
112112
algorithm::{HashingAlgorithm, PublicAlgorithm, SignatureSchemeAlgorithm},
113113
ecc::EccCurve,
114+
key_bits::RsaKeyBits,
114115
reserved_handles::Hierarchy,
115116
session_handles::PolicySession,
116117
},
117118
structures::{
119+
//RsaScheme, RsaExponent,
118120
Data, Digest, EccPoint, EccScheme, HashScheme, MaxBuffer, PublicBuilder,
119121
PublicEccParametersBuilder, SignatureScheme, SymmetricCipherParameters,
120122
SymmetricDefinition, SymmetricDefinitionObject,
@@ -124,6 +126,8 @@ use tss_esapi::{
124126
};
125127

126128
use std::convert::{TryFrom, TryInto};
129+
use std::env;
130+
use std::process::exit;
127131

128132
fn main() {
129133
env_logger::init();
@@ -137,13 +141,26 @@ fn main() {
137141
TctiNameConf::from_environment_variable()
138142
.expect("Failed to get TCTI / TPM2TOOLS_TCTI from environment. Try `export TCTI=device:/dev/tpmrm0`"),
139143
)
140-
.expect("Failed to create Context");
144+
.expect("Failed to create Context");
141145

142146
let mut context_2 = Context::new(
143147
TctiNameConf::from_environment_variable()
144148
.expect("Failed to get TCTI / TPM2TOOLS_TCTI from environment. Try `export TCTI=device:/dev/tpmrm0`"),
145149
)
146-
.expect("Failed to create Context");
150+
.expect("Failed to create Context");
151+
152+
let mut args = env::args();
153+
let _ = args.next(); // eat argv[0], cmd-name.
154+
155+
let selection = {
156+
if let Some(arg1) = args.next() {
157+
arg1.parse::<i32>().unwrap()
158+
} else {
159+
0 // default if no arguments.
160+
}
161+
};
162+
163+
println!("Selecting method {}", selection);
147164

148165
// First we need the endorsement key. This is bound to the manufacturer of the TPM
149166
// and will serve as proof that the TPM is trustworthy.
@@ -154,29 +171,37 @@ fn main() {
154171
// Remember, the Hash alg in many cases has to match the key type, especially
155172
// with ecdsa.
156173

157-
// == RSA
158-
// let ek_alg = AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048);
159-
// let hash_alg = HashingAlgorithm::Sha256;
160-
// let sign_alg = SignatureSchemeAlgorithm::RsaPss;
161-
// let sig_scheme = SignatureScheme::RsaPss {
162-
// scheme: HashScheme::new(hash_alg),
163-
// };
164-
165-
// == ECDSA P384
166-
let ek_alg = AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384);
167-
let hash_alg = HashingAlgorithm::Sha384;
168-
let sign_alg = SignatureSchemeAlgorithm::EcDsa;
169-
let sig_scheme = SignatureScheme::EcDsa {
170-
scheme: HashScheme::new(hash_alg),
174+
let (ek_alg, hash_alg, sign_alg, sig_scheme) = match selection {
175+
0 => {
176+
// == RSA
177+
let hash_alg = HashingAlgorithm::Sha256;
178+
(AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048),// ek_alg
179+
hash_alg, // hash_alg
180+
SignatureSchemeAlgorithm::RsaPss, // sign_alg
181+
SignatureScheme::RsaPss { scheme: HashScheme::new(hash_alg) }) // sig_scheme
182+
},
183+
1 => {
184+
// == ECDSA P384
185+
let hash_alg = HashingAlgorithm::Sha256;
186+
(AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384),
187+
hash_alg,
188+
SignatureSchemeAlgorithm::EcDsa,
189+
SignatureScheme::EcDsa { scheme: HashScheme::new(hash_alg) })
190+
},
191+
2 => {
192+
// == ECDSA P256
193+
let hash_alg = HashingAlgorithm::Sha256;
194+
(AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256),
195+
hash_alg,
196+
SignatureSchemeAlgorithm::EcDsa,
197+
SignatureScheme::EcDsa { scheme: HashScheme::new(hash_alg) })
198+
},
199+
_ => {
200+
println!("Select 0 - RSA, 1 - P384, 2 - P256");
201+
exit(1);
202+
}
171203
};
172204

173-
// == ECDSA P256
174-
// let ek_alg = AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256);
175-
// let hash_alg = HashingAlgorithm::Sha256;
176-
// let sign_alg = SignatureSchemeAlgorithm::EcDsa;
177-
// let sig_scheme = SignatureScheme::EcDsa {
178-
// scheme: HashScheme::new(hash_alg),
179-
// };
180205

181206
// If you wish to see the EK cert, you can fetch it's X509 DER here.
182207
let ek_pubcert = retrieve_ek_pubcert(&mut context_1, ek_alg).unwrap();

0 commit comments

Comments
 (0)