rpms / tpm2-tools

Clone
Source Code
GIT

Files

  1.   af88e806f0b7f311a326c18a4bf8b2d06c38e583
  2.   Wire-up-support-for-ak-auth-password-in-tpm2_quote-t.patch
Blob Blame History Raw 
From 993da58a612238bf2dd53a015dfdb2a6c0eb00b9 Mon Sep 17 00:00:00 2001
From: jetwhiz <Charles.Munson@ll.mit.edu>
Date: Mon, 22 Apr 2019 09:48:56 -0400
Subject: [PATCH 1/6] Wire up support for ak auth password in tpm2_quote tool

Add regression test

Signed-off-by: jetwhiz <Charles.Munson@ll.mit.edu>
---
 test/system/test_tpm2_quote.sh |  9 ++++++++-
 tools/tpm2_quote.c             | 11 ++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/test/system/test_tpm2_quote.sh b/test/system/test_tpm2_quote.sh
index d845ea1bdb1..231bed326ec 100755
--- a/test/system/test_tpm2_quote.sh
+++ b/test/system/test_tpm2_quote.sh
@@ -50,6 +50,7 @@ file_quote_key_ctx=ctx_load_out_"$alg_primary_obj"_"$alg_primary_key"-"$alg_crea
 Handle_ak_quote=0x81010016
 Handle_ek_quote=0x81010017
 Handle_ak_quote2=0x81010018
+Handle_ak_quote3=0x81010019
 
 maxdigest=$(tpm2_getcap -c properties-fixed | grep TPM_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
 if ! [[ "$maxdigest" =~ ^(0x)*[0-9]+$ ]] ; then
@@ -73,6 +74,7 @@ cleanup() {
     tpm2_evictcontrol -Q -Ao -H $Handle_ek_quote 2>/dev/null || true
     tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote 2>/dev/null || true
     tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote2 2>/dev/null || true
+    tpm2_evictcontrol -Q -Ao -H $Handle_ak_quote3 2>/dev/null || true
 }
 trap cleanup EXIT
 
@@ -104,4 +106,9 @@ tpm2_getpubak -Q -E  $Handle_ek_quote -k  $Handle_ak_quote2 -f ak.pub2 -n ak.nam
 
 tpm2_quote -Q -k $Handle_ak_quote -g $alg_quote -l 16,17,18 -q $nonce
 
-exit 0
+#####AK with password
+tpm2_getpubak -Q -E  $Handle_ek_quote -k  $Handle_ak_quote3 -f ak.pub2 -n ak.name_2 -P abc123
+
+tpm2_quote -Q -k $Handle_ak_quote3 -g $alg_quote -l 16,17,18 -q $nonce -P abc123
+
+exit 0
\ No newline at end of file
diff --git a/tools/tpm2_quote.c b/tools/tpm2_quote.c
index 3538947db31..05b6d641656 100644
--- a/tools/tpm2_quote.c
+++ b/tools/tpm2_quote.c
@@ -50,7 +50,7 @@ typedef struct {
     UINT32 id[24];
 } PCR_LIST;
 
-static TPMS_AUTH_COMMAND sessionData;
+static TPMS_AUTH_COMMAND sessionData = TPMS_AUTH_COMMAND_INIT(TPM2_RS_PW);
 static char *outFilePath;
 static char *signature_path;
 static char *message_path;
@@ -60,7 +60,7 @@ static TPM2B_DATA qualifyingData = TPM2B_EMPTY_INIT;
 static TPML_PCR_SELECTION  pcrSelections;
 static bool is_auth_session;
 static TPMI_SH_AUTH_SESSION auth_session_handle;
-static int k_flag, c_flag, l_flag, g_flag, L_flag, o_flag, G_flag;
+static int k_flag, c_flag, l_flag, g_flag, L_flag, o_flag, G_flag, P_flag;
 static char *contextFilePath;
 static TPM2_HANDLE akHandle;
 
@@ -94,7 +94,7 @@ static int quote(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE akHandle, TPML_PCR_
 {
     UINT32 rval;
     TPMT_SIG_SCHEME inScheme;
-    TSS2L_SYS_AUTH_COMMAND sessionsData = { 1, {{.sessionHandle=TPM2_RS_PW}}};
+    TSS2L_SYS_AUTH_COMMAND sessionsData = { 1, { sessionData }};
     TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
     TPM2B_ATTEST quoted = TPM2B_TYPE_INIT(TPM2B_ATTEST, attestationData);
     TPMT_SIGNATURE signature;
@@ -152,6 +152,7 @@ static bool on_option(char key, char *value) {
             LOG_ERR("Invalid AK password, got\"%s\"", value);
             return false;
         }
+        P_flag = 1;
     } break;
     case 'l':
         if(!pcr_parse_list(value, strlen(value), &pcrSelections.pcrSelections[0]))
@@ -265,5 +266,9 @@ int tpm2_tool_onrun(TSS2_SYS_CONTEXT *sapi_context, tpm2_option_flags flags) {
         }
     }
 
+    if (P_flag == 0) {
+        sessionData.hmac.size = 0;
+    }
+
     return quote(sapi_context, akHandle, &pcrSelections);
 }
-- 
2.21.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.