|
Javier Martinez Canillas |
af88e8 |
From 993da58a612238bf2dd53a015dfdb2a6c0eb00b9 Mon Sep 17 00:00:00 2001
|
|
Javier Martinez Canillas |
af88e8 |
From: jetwhiz <Charles.Munson@ll.mit.edu>
|
|
Javier Martinez Canillas |
af88e8 |
Date: Mon, 22 Apr 2019 09:48:56 -0400
|
|
Javier Martinez Canillas |
af88e8 |
Subject: [PATCH 1/6] Wire up support for ak auth password in tpm2_quote tool
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
Add regression test
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
Signed-off-by: jetwhiz <Charles.Munson@ll.mit.edu>
|
|
Javier Martinez Canillas |
af88e8 |
---
|
|
Javier Martinez Canillas |
af88e8 |
test/system/test_tpm2_quote.sh | 9 ++++++++-
|
|
Javier Martinez Canillas |
af88e8 |
tools/tpm2_quote.c | 11 ++++++++---
|
|
Javier Martinez Canillas |
af88e8 |
2 files changed, 16 insertions(+), 4 deletions(-)
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
diff --git a/test/system/test_tpm2_quote.sh b/test/system/test_tpm2_quote.sh
|
|
Javier Martinez Canillas |
af88e8 |
index d845ea1bdb1..231bed326ec 100755
|
|
Javier Martinez Canillas |
af88e8 |
--- a/test/system/test_tpm2_quote.sh
|
|
Javier Martinez Canillas |
af88e8 |
+++ b/test/system/test_tpm2_quote.sh
|
|
Javier Martinez Canillas |
af88e8 |
@@ -50,6 +50,7 @@ file_quote_key_ctx=ctx_load_out_"$alg_primary_obj"_"$alg_primary_key"-"$alg_crea
|
|
Javier Martinez Canillas |
af88e8 |
Handle_ak_quote=0x81010016
|
|
Javier Martinez Canillas |
af88e8 |
Handle_ek_quote=0x81010017
|
|
Javier Martinez Canillas |
af88e8 |
Handle_ak_quote2=0x81010018
|
|
Javier Martinez Canillas |
af88e8 |
+Handle_ak_quote3=0x81010019
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
maxdigest=$(tpm2_getcap -c properties-fixed | grep TPM_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
|
|
Javier Martinez Canillas |
af88e8 |
if ! [[ "$maxdigest" =~ ^(0x)*[0-9]+$ ]] ; then
|
|
Javier Martinez Canillas |
af88e8 |
@@ -73,6 +74,7 @@ cleanup() {
|
|
Javier Martinez Canillas |
af88e8 |
tpm2_evictcontrol -Q -Ao -H $Handle_ek_quote 2>/dev/null || true
|
|
Javier Martinez Canillas |
af88e8 |
tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote 2>/dev/null || true
|
|
Javier Martinez Canillas |
af88e8 |
tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote2 2>/dev/null || true
|
|
Javier Martinez Canillas |
af88e8 |
+ tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote3 2>/dev/null || true
|
|
Javier Martinez Canillas |
af88e8 |
}
|
|
Javier Martinez Canillas |
af88e8 |
trap cleanup EXIT
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
@@ -104,4 +106,9 @@ tpm2_getpubak -Q -E $Handle_ek_quote -k $Handle_ak_quote2 -f ak.pub2 -n ak.nam
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
tpm2_quote -Q -k $Handle_ak_quote -g $alg_quote -l 16,17,18 -q $nonce
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
-exit 0
|
|
Javier Martinez Canillas |
af88e8 |
+#####AK with password
|
|
Javier Martinez Canillas |
af88e8 |
+tpm2_getpubak -Q -E $Handle_ek_quote -k $Handle_ak_quote3 -f ak.pub2 -n ak.name_2 -P abc123
|
|
Javier Martinez Canillas |
af88e8 |
+
|
|
Javier Martinez Canillas |
af88e8 |
+tpm2_quote -Q -k $Handle_ak_quote3 -g $alg_quote -l 16,17,18 -q $nonce -P abc123
|
|
Javier Martinez Canillas |
af88e8 |
+
|
|
Javier Martinez Canillas |
af88e8 |
+exit 0
|
|
Javier Martinez Canillas |
af88e8 |
\ No newline at end of file
|
|
Javier Martinez Canillas |
af88e8 |
diff --git a/tools/tpm2_quote.c b/tools/tpm2_quote.c
|
|
Javier Martinez Canillas |
af88e8 |
index 3538947db31..05b6d641656 100644
|
|
Javier Martinez Canillas |
af88e8 |
--- a/tools/tpm2_quote.c
|
|
Javier Martinez Canillas |
af88e8 |
+++ b/tools/tpm2_quote.c
|
|
Javier Martinez Canillas |
af88e8 |
@@ -50,7 +50,7 @@ typedef struct {
|
|
Javier Martinez Canillas |
af88e8 |
UINT32 id[24];
|
|
Javier Martinez Canillas |
af88e8 |
} PCR_LIST;
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
-static TPMS_AUTH_COMMAND sessionData;
|
|
Javier Martinez Canillas |
af88e8 |
+static TPMS_AUTH_COMMAND sessionData = TPMS_AUTH_COMMAND_INIT(TPM2_RS_PW);
|
|
Javier Martinez Canillas |
af88e8 |
static char *outFilePath;
|
|
Javier Martinez Canillas |
af88e8 |
static char *signature_path;
|
|
Javier Martinez Canillas |
af88e8 |
static char *message_path;
|
|
Javier Martinez Canillas |
af88e8 |
@@ -60,7 +60,7 @@ static TPM2B_DATA qualifyingData = TPM2B_EMPTY_INIT;
|
|
Javier Martinez Canillas |
af88e8 |
static TPML_PCR_SELECTION pcrSelections;
|
|
Javier Martinez Canillas |
af88e8 |
static bool is_auth_session;
|
|
Javier Martinez Canillas |
af88e8 |
static TPMI_SH_AUTH_SESSION auth_session_handle;
|
|
Javier Martinez Canillas |
af88e8 |
-static int k_flag, c_flag, l_flag, g_flag, L_flag, o_flag, G_flag;
|
|
Javier Martinez Canillas |
af88e8 |
+static int k_flag, c_flag, l_flag, g_flag, L_flag, o_flag, G_flag, P_flag;
|
|
Javier Martinez Canillas |
af88e8 |
static char *contextFilePath;
|
|
Javier Martinez Canillas |
af88e8 |
static TPM2_HANDLE akHandle;
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
@@ -94,7 +94,7 @@ static int quote(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE akHandle, TPML_PCR_
|
|
Javier Martinez Canillas |
af88e8 |
{
|
|
Javier Martinez Canillas |
af88e8 |
UINT32 rval;
|
|
Javier Martinez Canillas |
af88e8 |
TPMT_SIG_SCHEME inScheme;
|
|
Javier Martinez Canillas |
af88e8 |
- TSS2L_SYS_AUTH_COMMAND sessionsData = { 1, {{.sessionHandle=TPM2_RS_PW}}};
|
|
Javier Martinez Canillas |
af88e8 |
+ TSS2L_SYS_AUTH_COMMAND sessionsData = { 1, { sessionData }};
|
|
Javier Martinez Canillas |
af88e8 |
TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
|
|
Javier Martinez Canillas |
af88e8 |
TPM2B_ATTEST quoted = TPM2B_TYPE_INIT(TPM2B_ATTEST, attestationData);
|
|
Javier Martinez Canillas |
af88e8 |
TPMT_SIGNATURE signature;
|
|
Javier Martinez Canillas |
af88e8 |
@@ -152,6 +152,7 @@ static bool on_option(char key, char *value) {
|
|
Javier Martinez Canillas |
af88e8 |
LOG_ERR("Invalid AK password, got\"%s\"", value);
|
|
Javier Martinez Canillas |
af88e8 |
return false;
|
|
Javier Martinez Canillas |
af88e8 |
}
|
|
Javier Martinez Canillas |
af88e8 |
+ P_flag = 1;
|
|
Javier Martinez Canillas |
af88e8 |
} break;
|
|
Javier Martinez Canillas |
af88e8 |
case 'l':
|
|
Javier Martinez Canillas |
af88e8 |
if(!pcr_parse_list(value, strlen(value), &pcrSelections.pcrSelections[0]))
|
|
Javier Martinez Canillas |
af88e8 |
@@ -265,5 +266,9 @@ int tpm2_tool_onrun(TSS2_SYS_CONTEXT *sapi_context, tpm2_option_flags flags) {
|
|
Javier Martinez Canillas |
af88e8 |
}
|
|
Javier Martinez Canillas |
af88e8 |
}
|
|
Javier Martinez Canillas |
af88e8 |
|
|
Javier Martinez Canillas |
af88e8 |
+ if (P_flag == 0) {
|
|
Javier Martinez Canillas |
af88e8 |
+ sessionData.hmac.size = 0;
|
|
Javier Martinez Canillas |
af88e8 |
+ }
|
|
Javier Martinez Canillas |
af88e8 |
+
|
|
Javier Martinez Canillas |
af88e8 |
return quote(sapi_context, akHandle, &pcrSelections);
|
|
Javier Martinez Canillas |
af88e8 |
}
|
|
Javier Martinez Canillas |
af88e8 |
--
|
|
Javier Martinez Canillas |
af88e8 |
2.21.0
|
|
Javier Martinez Canillas |
af88e8 |
|