diff options
author | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2018-03-29 10:22:33 -0700 |
---|---|---|
committer | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2018-03-30 05:13:09 -0700 |
commit | 76f424e841653b899504d8064f1055f8c114985d (patch) | |
tree | ff41308d64f33605891f31cdfca0e04df130529d /tpm-tools/initandverify | |
parent | 8a5b33a9ba846d785d244e29bc29a46f7be34928 (diff) |
tpm tools for the below functionalities
1.INIT(Script) - Establish connection with the
Actual TPM Hardware and loads the primary key
into the TPM hardware
2. Sign and verify(Script) - Loads the key and
does the sign and verify operation
Issue-ID: AAF-207
Change-Id: I015eb5fbc6f0e6f09ca454ed1bb55c5f5aadebae
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Diffstat (limited to 'tpm-tools/initandverify')
-rwxr-xr-x | tpm-tools/initandverify/Duplicate.sh | 6 | ||||
-rwxr-xr-x | tpm-tools/initandverify/ImportTpmKey.sh | 6 | ||||
-rwxr-xr-x | tpm-tools/initandverify/Init_and_create_tpm_primary.sh | 58 | ||||
-rwxr-xr-x | tpm-tools/initandverify/Sign_Verify_test.sh | 35 | ||||
-rw-r--r-- | tpm-tools/initandverify/private.pem | 27 | ||||
-rw-r--r-- | tpm-tools/initandverify/public.pem | 9 |
6 files changed, 141 insertions, 0 deletions
diff --git a/tpm-tools/initandverify/Duplicate.sh b/tpm-tools/initandverify/Duplicate.sh new file mode 100755 index 0000000..fd95c09 --- /dev/null +++ b/tpm-tools/initandverify/Duplicate.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +echo "../duplicate/ossl_tpm_duplicate -pemfile ./private.pem -parentPub out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey" +rm -f dupPub dupPriv dupSymseed dupEncKey +../duplicate/ossl_tpm_duplicate -pemfile ./private.pem -parentPub out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey + diff --git a/tpm-tools/initandverify/ImportTpmKey.sh b/tpm-tools/initandverify/ImportTpmKey.sh new file mode 100755 index 0000000..0ff4848 --- /dev/null +++ b/tpm-tools/initandverify/ImportTpmKey.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +echo "../import/ossl_tpm_import -H 0x81000011 -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv" +rm -f outPub outPriv +../import/ossl_tpm_import -H 0x81000011 -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv + diff --git a/tpm-tools/initandverify/Init_and_create_tpm_primary.sh b/tpm-tools/initandverify/Init_and_create_tpm_primary.sh new file mode 100755 index 0000000..6863102 --- /dev/null +++ b/tpm-tools/initandverify/Init_and_create_tpm_primary.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +case "$1" in + +--out-public) + out_primary_public=$2 + ;; + +--help) + echo "$0 [--out-public primaty_public_bin_file (optional)]" + exit 0 + ;; + +*) + out_primary_public="out_parent_public" + ;; + +esac + +#echo "out-public file: $out_primary_public" + +# TPM initialize +echo "tpm2_startup -clear -T tabrmd -V" +tpm2_startup -clear -T tabrmd -V +if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi +echo "" + +# Take ownership +echo "tpm2_takeownership -o new -e new -l new -T tabrmd -V" +tpm2_takeownership -o new -e new -l new -T tabrmd -V +if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi +echo "" + +# Create Primary Key in RH_OWNER hierarchy +rm -f PrimaryKeyBlob +echo "tpm2_createprimary -P new -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob" +tpm2_createprimary -P new -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob +if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi +echo "" + +# Store Primary Key in TPMs NV RAM +echo "tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S 0x81000011 -T tabrmd -V -P new" +tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S 0x81000011 -T tabrmd -V -P new +if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi +echo "" +rm -f PrimaryKeyBlob + +# To test, Read public portion of TPM primary key with stored handle +rm -f $out_primary_public +echo "tpm2_readpublic -H 0x81000011 --opu $out_primary_public -T tabrmd -V" +tpm2_readpublic -H 0x81000011 --opu $out_primary_public -T tabrmd -V +if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi +echo "" + + +# Some TPM commands to test +#tpm2_load -c PrimaryKeyBlob -u outPub -r outPriv -n ChildKeyName -C ContextChild + diff --git a/tpm-tools/initandverify/Sign_Verify_test.sh b/tpm-tools/initandverify/Sign_Verify_test.sh new file mode 100755 index 0000000..660dff9 --- /dev/null +++ b/tpm-tools/initandverify/Sign_Verify_test.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +echo "hello world.." > hello_tpm.txt + +# Load the Child context in TPM +rm -f ChildKeyName ContextChild +tpm2_load -H 0x81000011 -u outPub -r outPriv -n ChildKeyName -C ContextChild + +echo "tpm2_hash -H o -g 0x00B -I hello_tpm.txt -o hello_tpm_hash.bin -t outTicket" +rm -f hello_tpm_hash.bin outTicket +tpm2_hash -H o -g 0x00B -I hello_tpm.txt -o hello_tpm_hash.bin -t outTicket +echo "" + +echo "tpm2_sign -c ContextChild -g 0x000B -m hello_tpm.txt -s hello_tpm.sig" +rm -f hello_tpm.sig +tpm2_sign -c ContextChild -g 0x000B -m hello_tpm.txt -s hello_tpm.sig +echo "" + +echo "tpm2_verifysignature -c ContextChild -g 0x000b -m hello_tpm.txt -s hello_tpm.sig -t tk.sig" +rm -f tk.sig +tpm2_verifysignature -c ContextChild -g 0x000b -m hello_tpm.txt -s hello_tpm.sig -t tk.sig +echo "" + +echo "Extracting signature from TPM format" +echo "dd if=hello_tpm.sig of=hello_tpm.sig.raw bs=1 skip=6 count=256" +rm -f hello_tpm.sig.raw +dd if=hello_tpm.sig of=hello_tpm.sig.raw bs=1 skip=6 count=256 +echo "" + +echo "openssl dgst -verify public.pem -keyform pem -sha256 -signature hello_tpm.sig.raw hello_tpm.txt" +openssl dgst -verify public.pem -keyform pem -sha256 -signature hello_tpm.sig.raw hello_tpm.txt +echo "" + +rm -f hello_tpm_hash.bin outTicket tk.sig + diff --git a/tpm-tools/initandverify/private.pem b/tpm-tools/initandverify/private.pem new file mode 100644 index 0000000..4ac26a2 --- /dev/null +++ b/tpm-tools/initandverify/private.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxTuMhW1v3lPZWp7yoxngkVvqctJsuSA4F3LsGVB/Sz8shqQA +YGcoiVPP0jZM91V//FvyJIbMmV0+/05wedOm4gQk0PvJ/uIyiSb7eGFuqph0mmtt +FZRB1J7h7Wl84QIKqz7xLZdkjwPlr7t3cl2w/0CJ8ighTpDj0Vkqf15EYp67WLmL +kaF8Z+HB/pkZbLXFqSfAlblhqHQYsx4+Qv9r1uiziD90g2/Vx2TSRI1YSGkmDJOQ +pPK9IjUWIsUQDa4cmKen32bGjMgLcz2qpNf3o9uD4zp51zVIpYcEGzXNLn3yl/vy +57rhXHd83bSSLD67B1HCNF3Pt/jwWwUVOS5WfwIDAQABAoIBAB4EQBCWZS4a6Ltn +8VltOMYmjPnImI9cHe1Dqjb4D0duZ+Jd10jUqlCsFrbRWMlTk9TeUW3Jrh2xGUNV +trxzv7QqGUhM6aMG3dYNvrvFaEhCR4ywyLs+Av7O52dwZHcCDomdXKspnT4+w5gJ +Gdan96YBNn1KKjeAyYs03MjhmdrANS245NYSHzWWDt1nQDr6mpgaRO2+Ev3/08Mr +OQHBx6UFP0uQwFXNLUVJ8j8xqnI6HoBaFBHnra86auWZbq3giA0G1XfNwoC/s72P +Sd5MHtBBRkvLFbxZH6cad/mQ0CBgtjiYUzizqnz7mEUNQeriNiQqMA3tXS3iG540 +BoKIBmECgYEA5YokyUoARMzncKE0UWoKytKMKgF5l+5sV1o7jltHVVr1X2bFLaMk +a+BX1Rra5H5t4XVtjgf5IA8ta0AUaUE5OI8VlCTQGeDRLHZfCFIRF1oGuj834vk7 +KNQb9njd9AqQNT25P2Olr+pDLroO1WE7wdhHos3tRJ9+3jGAs5gZiNkCgYEA2/gB +Xb5+VDSjPqRVZAHGGEkcTlpEmDAgqHnrQVvq+YL11fvMNSbkACTGDtf5+BP9Z73j +7ubMjaapke/f0eKaAbgvMjRfEo48rAhXigB9Vo0TZn0DN6h3LC7+9/h14tz23JTE +RYiGqTDAhCAeFu5TYvjs9anAsqRGsu48ceM8gxcCgYEA4PKq7mEJNmOghK5WuVq0 +zOPd3OSpJw3POyQArZgipjGHukDbB8iTzuyC5yN0VOzZ/lO4U7LYoGR/XFXmKuhy +jU0cFpylHFdIZsxygZL7kOj3ItsFh/g7091asgbtbVZU0Ph2bPrYyzdHM6m/E7pA +d83fFlu9JL0x9cqJmHd8vrECgYAsJ00G5yzudB5sfYoSZ/S+fTZsV9w6/DYh+08I +sI2rBemYyVFFPgg4KymCY0Hu1PxhrZEqLDPVHyYcgBzaQXUOcU0v86k9zUVKduYz +ckO2ctz5DpDtxCgfu1M8rSfkoNwAjPAU0QHOxlVucA/6JF6imDrgWPGwKh9y3TVO +2wETgwKBgQDYHZJLwvi8H4+qGTb96iV/GswAccQm4dEKTLmX7NsQQl1A2l8TevAi +ti/uWIFUf6S8IAVEccVvwoTOSadO06Q/OOnA8tDd6/iV2PMPJC1zm1gJ8iVxX1gr +bSXwvznIEnHO6dx4MjofdEVdR5btCEdJ+gcbAIUpl/6+Q7eaUwAHyA== +-----END RSA PRIVATE KEY----- diff --git a/tpm-tools/initandverify/public.pem b/tpm-tools/initandverify/public.pem new file mode 100644 index 0000000..fcbaa99 --- /dev/null +++ b/tpm-tools/initandverify/public.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTuMhW1v3lPZWp7yoxng +kVvqctJsuSA4F3LsGVB/Sz8shqQAYGcoiVPP0jZM91V//FvyJIbMmV0+/05wedOm +4gQk0PvJ/uIyiSb7eGFuqph0mmttFZRB1J7h7Wl84QIKqz7xLZdkjwPlr7t3cl2w +/0CJ8ighTpDj0Vkqf15EYp67WLmLkaF8Z+HB/pkZbLXFqSfAlblhqHQYsx4+Qv9r +1uiziD90g2/Vx2TSRI1YSGkmDJOQpPK9IjUWIsUQDa4cmKen32bGjMgLcz2qpNf3 +o9uD4zp51zVIpYcEGzXNLn3yl/vy57rhXHd83bSSLD67B1HCNF3Pt/jwWwUVOS5W +fwIDAQAB +-----END PUBLIC KEY----- |