aboutsummaryrefslogtreecommitdiffstats
path: root/tpm-tools/initandverify
diff options
context:
space:
mode:
authorPramod <pramod.raghavendra.jayathirth@intel.com>2018-03-29 10:22:33 -0700
committerPramod <pramod.raghavendra.jayathirth@intel.com>2018-03-30 05:13:09 -0700
commit76f424e841653b899504d8064f1055f8c114985d (patch)
treeff41308d64f33605891f31cdfca0e04df130529d /tpm-tools/initandverify
parent8a5b33a9ba846d785d244e29bc29a46f7be34928 (diff)
tpm tools for the below functionalities
1.INIT(Script) - Establish connection with the Actual TPM Hardware and loads the primary key into the TPM hardware 2. Sign and verify(Script) - Loads the key and does the sign and verify operation Issue-ID: AAF-207 Change-Id: I015eb5fbc6f0e6f09ca454ed1bb55c5f5aadebae Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Diffstat (limited to 'tpm-tools/initandverify')
-rwxr-xr-xtpm-tools/initandverify/Duplicate.sh6
-rwxr-xr-xtpm-tools/initandverify/ImportTpmKey.sh6
-rwxr-xr-xtpm-tools/initandverify/Init_and_create_tpm_primary.sh58
-rwxr-xr-xtpm-tools/initandverify/Sign_Verify_test.sh35
-rw-r--r--tpm-tools/initandverify/private.pem27
-rw-r--r--tpm-tools/initandverify/public.pem9
6 files changed, 141 insertions, 0 deletions
diff --git a/tpm-tools/initandverify/Duplicate.sh b/tpm-tools/initandverify/Duplicate.sh
new file mode 100755
index 0000000..fd95c09
--- /dev/null
+++ b/tpm-tools/initandverify/Duplicate.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "../duplicate/ossl_tpm_duplicate -pemfile ./private.pem -parentPub out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey"
+rm -f dupPub dupPriv dupSymseed dupEncKey
+../duplicate/ossl_tpm_duplicate -pemfile ./private.pem -parentPub out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+
diff --git a/tpm-tools/initandverify/ImportTpmKey.sh b/tpm-tools/initandverify/ImportTpmKey.sh
new file mode 100755
index 0000000..0ff4848
--- /dev/null
+++ b/tpm-tools/initandverify/ImportTpmKey.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "../import/ossl_tpm_import -H 0x81000011 -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv"
+rm -f outPub outPriv
+../import/ossl_tpm_import -H 0x81000011 -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv
+
diff --git a/tpm-tools/initandverify/Init_and_create_tpm_primary.sh b/tpm-tools/initandverify/Init_and_create_tpm_primary.sh
new file mode 100755
index 0000000..6863102
--- /dev/null
+++ b/tpm-tools/initandverify/Init_and_create_tpm_primary.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+case "$1" in
+
+--out-public)
+ out_primary_public=$2
+ ;;
+
+--help)
+ echo "$0 [--out-public primaty_public_bin_file (optional)]"
+ exit 0
+ ;;
+
+*)
+ out_primary_public="out_parent_public"
+ ;;
+
+esac
+
+#echo "out-public file: $out_primary_public"
+
+# TPM initialize
+echo "tpm2_startup -clear -T tabrmd -V"
+tpm2_startup -clear -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi
+echo ""
+
+# Take ownership
+echo "tpm2_takeownership -o new -e new -l new -T tabrmd -V"
+tpm2_takeownership -o new -e new -l new -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi
+echo ""
+
+# Create Primary Key in RH_OWNER hierarchy
+rm -f PrimaryKeyBlob
+echo "tpm2_createprimary -P new -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob"
+tpm2_createprimary -P new -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi
+echo ""
+
+# Store Primary Key in TPMs NV RAM
+echo "tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S 0x81000011 -T tabrmd -V -P new"
+tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S 0x81000011 -T tabrmd -V -P new
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi
+echo ""
+rm -f PrimaryKeyBlob
+
+# To test, Read public portion of TPM primary key with stored handle
+rm -f $out_primary_public
+echo "tpm2_readpublic -H 0x81000011 --opu $out_primary_public -T tabrmd -V"
+tpm2_readpublic -H 0x81000011 --opu $out_primary_public -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit."; exit 1; fi
+echo ""
+
+
+# Some TPM commands to test
+#tpm2_load -c PrimaryKeyBlob -u outPub -r outPriv -n ChildKeyName -C ContextChild
+
diff --git a/tpm-tools/initandverify/Sign_Verify_test.sh b/tpm-tools/initandverify/Sign_Verify_test.sh
new file mode 100755
index 0000000..660dff9
--- /dev/null
+++ b/tpm-tools/initandverify/Sign_Verify_test.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+echo "hello world.." > hello_tpm.txt
+
+# Load the Child context in TPM
+rm -f ChildKeyName ContextChild
+tpm2_load -H 0x81000011 -u outPub -r outPriv -n ChildKeyName -C ContextChild
+
+echo "tpm2_hash -H o -g 0x00B -I hello_tpm.txt -o hello_tpm_hash.bin -t outTicket"
+rm -f hello_tpm_hash.bin outTicket
+tpm2_hash -H o -g 0x00B -I hello_tpm.txt -o hello_tpm_hash.bin -t outTicket
+echo ""
+
+echo "tpm2_sign -c ContextChild -g 0x000B -m hello_tpm.txt -s hello_tpm.sig"
+rm -f hello_tpm.sig
+tpm2_sign -c ContextChild -g 0x000B -m hello_tpm.txt -s hello_tpm.sig
+echo ""
+
+echo "tpm2_verifysignature -c ContextChild -g 0x000b -m hello_tpm.txt -s hello_tpm.sig -t tk.sig"
+rm -f tk.sig
+tpm2_verifysignature -c ContextChild -g 0x000b -m hello_tpm.txt -s hello_tpm.sig -t tk.sig
+echo ""
+
+echo "Extracting signature from TPM format"
+echo "dd if=hello_tpm.sig of=hello_tpm.sig.raw bs=1 skip=6 count=256"
+rm -f hello_tpm.sig.raw
+dd if=hello_tpm.sig of=hello_tpm.sig.raw bs=1 skip=6 count=256
+echo ""
+
+echo "openssl dgst -verify public.pem -keyform pem -sha256 -signature hello_tpm.sig.raw hello_tpm.txt"
+openssl dgst -verify public.pem -keyform pem -sha256 -signature hello_tpm.sig.raw hello_tpm.txt
+echo ""
+
+rm -f hello_tpm_hash.bin outTicket tk.sig
+
diff --git a/tpm-tools/initandverify/private.pem b/tpm-tools/initandverify/private.pem
new file mode 100644
index 0000000..4ac26a2
--- /dev/null
+++ b/tpm-tools/initandverify/private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxTuMhW1v3lPZWp7yoxngkVvqctJsuSA4F3LsGVB/Sz8shqQA
+YGcoiVPP0jZM91V//FvyJIbMmV0+/05wedOm4gQk0PvJ/uIyiSb7eGFuqph0mmtt
+FZRB1J7h7Wl84QIKqz7xLZdkjwPlr7t3cl2w/0CJ8ighTpDj0Vkqf15EYp67WLmL
+kaF8Z+HB/pkZbLXFqSfAlblhqHQYsx4+Qv9r1uiziD90g2/Vx2TSRI1YSGkmDJOQ
+pPK9IjUWIsUQDa4cmKen32bGjMgLcz2qpNf3o9uD4zp51zVIpYcEGzXNLn3yl/vy
+57rhXHd83bSSLD67B1HCNF3Pt/jwWwUVOS5WfwIDAQABAoIBAB4EQBCWZS4a6Ltn
+8VltOMYmjPnImI9cHe1Dqjb4D0duZ+Jd10jUqlCsFrbRWMlTk9TeUW3Jrh2xGUNV
+trxzv7QqGUhM6aMG3dYNvrvFaEhCR4ywyLs+Av7O52dwZHcCDomdXKspnT4+w5gJ
+Gdan96YBNn1KKjeAyYs03MjhmdrANS245NYSHzWWDt1nQDr6mpgaRO2+Ev3/08Mr
+OQHBx6UFP0uQwFXNLUVJ8j8xqnI6HoBaFBHnra86auWZbq3giA0G1XfNwoC/s72P
+Sd5MHtBBRkvLFbxZH6cad/mQ0CBgtjiYUzizqnz7mEUNQeriNiQqMA3tXS3iG540
+BoKIBmECgYEA5YokyUoARMzncKE0UWoKytKMKgF5l+5sV1o7jltHVVr1X2bFLaMk
+a+BX1Rra5H5t4XVtjgf5IA8ta0AUaUE5OI8VlCTQGeDRLHZfCFIRF1oGuj834vk7
+KNQb9njd9AqQNT25P2Olr+pDLroO1WE7wdhHos3tRJ9+3jGAs5gZiNkCgYEA2/gB
+Xb5+VDSjPqRVZAHGGEkcTlpEmDAgqHnrQVvq+YL11fvMNSbkACTGDtf5+BP9Z73j
+7ubMjaapke/f0eKaAbgvMjRfEo48rAhXigB9Vo0TZn0DN6h3LC7+9/h14tz23JTE
+RYiGqTDAhCAeFu5TYvjs9anAsqRGsu48ceM8gxcCgYEA4PKq7mEJNmOghK5WuVq0
+zOPd3OSpJw3POyQArZgipjGHukDbB8iTzuyC5yN0VOzZ/lO4U7LYoGR/XFXmKuhy
+jU0cFpylHFdIZsxygZL7kOj3ItsFh/g7091asgbtbVZU0Ph2bPrYyzdHM6m/E7pA
+d83fFlu9JL0x9cqJmHd8vrECgYAsJ00G5yzudB5sfYoSZ/S+fTZsV9w6/DYh+08I
+sI2rBemYyVFFPgg4KymCY0Hu1PxhrZEqLDPVHyYcgBzaQXUOcU0v86k9zUVKduYz
+ckO2ctz5DpDtxCgfu1M8rSfkoNwAjPAU0QHOxlVucA/6JF6imDrgWPGwKh9y3TVO
+2wETgwKBgQDYHZJLwvi8H4+qGTb96iV/GswAccQm4dEKTLmX7NsQQl1A2l8TevAi
+ti/uWIFUf6S8IAVEccVvwoTOSadO06Q/OOnA8tDd6/iV2PMPJC1zm1gJ8iVxX1gr
+bSXwvznIEnHO6dx4MjofdEVdR5btCEdJ+gcbAIUpl/6+Q7eaUwAHyA==
+-----END RSA PRIVATE KEY-----
diff --git a/tpm-tools/initandverify/public.pem b/tpm-tools/initandverify/public.pem
new file mode 100644
index 0000000..fcbaa99
--- /dev/null
+++ b/tpm-tools/initandverify/public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTuMhW1v3lPZWp7yoxng
+kVvqctJsuSA4F3LsGVB/Sz8shqQAYGcoiVPP0jZM91V//FvyJIbMmV0+/05wedOm
+4gQk0PvJ/uIyiSb7eGFuqph0mmttFZRB1J7h7Wl84QIKqz7xLZdkjwPlr7t3cl2w
+/0CJ8ighTpDj0Vkqf15EYp67WLmLkaF8Z+HB/pkZbLXFqSfAlblhqHQYsx4+Qv9r
+1uiziD90g2/Vx2TSRI1YSGkmDJOQpPK9IjUWIsUQDa4cmKen32bGjMgLcz2qpNf3
+o9uD4zp51zVIpYcEGzXNLn3yl/vy57rhXHd83bSSLD67B1HCNF3Pt/jwWwUVOS5W
+fwIDAQAB
+-----END PUBLIC KEY-----