From 17305dbb68b172049455af2e433394c475b20dca Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 26 Sep 2008 23:47:33 -0600 Subject: [PATCH] Take TPM SRK password on command line too, optionally The callback does seem to work; a GUI client might want something more special. --- anyconnect.h | 1 + main.c | 7 ++++++- ssl.c | 10 ++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/anyconnect.h b/anyconnect.h index c45779a..c6fc7c5 100644 --- a/anyconnect.h +++ b/anyconnect.h @@ -41,6 +41,7 @@ struct anyconnect_info { const char *hostname; const char *cert; const char *tpmkey; + char *tpmpass; const char *cookie; struct vpn_option *cstp_options; diff --git a/main.c b/main.c index 12cfe67..756cb79 100644 --- a/main.c +++ b/main.c @@ -47,6 +47,7 @@ static struct option long_options[] = { {"useragent", 1, 0, 'u'}, {"interface", 1, 0, 'i'}, {"tpm-key", 1, 0, 't'}, + {"tpm-password", 1, 0, 'p'}, }; int main(int argc, char **argv) @@ -79,11 +80,15 @@ int main(int argc, char **argv) else vpninfo->localname = "localhost"; - while ((opt = getopt_long(argc, argv, "C:c:h:vdu:i:t:", long_options, &optind))) { + while ((opt = getopt_long(argc, argv, "C:c:h:vdu:i:t:p:", + long_options, &optind))) { if (opt < 0) break; switch (opt) { + case 'p': + vpninfo->tpmpass = optarg; + break; case 't': vpninfo->tpmkey = optarg; break; diff --git a/ssl.c b/ssl.c index 677229d..272d962 100644 --- a/ssl.c +++ b/ssl.c @@ -78,6 +78,8 @@ static int my_SSL_gets(SSL *ssl, char *buf, size_t len) buf[i] = 0; return i?:ret; } + + static int load_certificate(struct anyconnect_info *vpninfo, SSL_CTX *https_ctx) { @@ -110,6 +112,14 @@ static int load_certificate(struct anyconnect_info *vpninfo, return -EINVAL; } + if (vpninfo->tpmpass) { + if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->tpmpass), + vpninfo->tpmpass, NULL, 0)) { + fprintf(stderr, "Failed to set TPM SRK password\n"); + ERR_print_errors_fp(stderr); + } + /* Try it manually */ + } key = ENGINE_load_private_key(e, vpninfo->tpmkey, NULL, NULL); if (!key) { -- 2.7.4