Ana Sayfa Keşfet Yardım
Giriş Yap
SoftwareDesign
/
csu3_am335x
8
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
tests
/
abrmd_extended-sessions.sh

abrmd_extended-sessions.sh 4.1 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. # SPDX-License-Identifier: BSD-3-Clause
    2. 

  2. 

  3. source helpers.sh
    4. 

  4. 

  5. alg_primary_obj=sha256
    6. 

  6. alg_primary_key=ecc
    7. 

  7. alg_create_obj=sha256
    8. 

  8. alg_pcr_policy=sha1
    9. 

  9. 

  10. pcr_ids=0,1,2,3
    11. 

  11. 

  12. file_pcr_value=pcr.bin
    13. 

  13. file_input_data=secret.data
    14. 

  14. file_policy=policy.data
    15. 

  15. file_primary_key_ctx=context.p_"$alg_primary_obj"_"$alg_primary_key"
    16. 

  16. file_unseal_key_pub=opu_"$alg_create_obj"
    17. 

  17. file_unseal_key_priv=opr_"$alg_create_obj"
    18. 

  18. file_unseal_key_ctx=ctx_load_out_"$alg_primary_obj"_"$alg_primary_key"-\
    19. 

  19. "$alg_create_obj"
    20. 

  20. file_unseal_key_name=name.load_"$alg_primary_obj"_"$alg_primary_key"-\
    21. 

  21. "$alg_create_obj"
    22. 

  22. file_unseal_output_data=usl_"$file_unseal_key_ctx"
    23. 

  23. file_session_file=session.dat
    24. 

  24. 

  25. secret=12345678
    26. 

  26. 

  27. cleanup() {
    28. 

  28.     rm -f $file_input_data $file_primary_key_ctx $file_unseal_key_pub \
    29. 

  29.         $file_unseal_key_priv $file_unseal_key_ctx $file_unseal_key_name \
    30. 

  30.         $file_unseal_output_data $file_pcr_value \
    31. 

  31.         $file_policy $file_session_file
    32. 

  32. 

  33.     tpm2 flushcontext $file_session_file 2>/dev/null || true
    34. 

  34. 

  35.     if [ "${1}" != "no-shutdown" ]; then
    36. 

  36.         shut_down
    37. 

  37.     fi
    38. 

  38. }
    39. 

  39. trap cleanup EXIT
    40. 

  40. 

  41. start_up
    42. 

  42. 

  43. cleanup "no-shutdown"
    44. 

  44. 

  45. echo $secret > $file_input_data
    46. 

  46. 

  47. tpm2 clear
    48. 

  48. 

  49. #
    50. 

  50. # Test an extended policy session beyond client connections. This is ONLY
    51. 

  51. # supported by abrmd since version: https://github.com/tpm2-software/tpm2-abrmd/
    52. 

  52. # releases/tag/1.2.0 However, bug: https://github.com/tpm2-software/tpm2-abrmd/
    53. 

  53. # issues/285 applies.
    54. 

  54. #
    55. 

  55. # The test works by:
    56. 

  56. # Step 1: Creating a trial session and updating it with a policyPCR event to
    57. 

  57. # generate a policy hash.
    58. 

  58. #
    59. 

  59. # Step 2: Creating an object and using that policy hash as the policy to satisfy
    60. 

  60. # for usage.
    61. 

  61. #
    62. 

  62. # Step 3: Creating an actual policy session and using pcrpolicy event to update
    63. 

  63. # the policy.
    64. 

  64. #
    65. 

  65. # Step 4: Using that actual policy session from step 3 in tpm2 unseal to unseal
    66. 

  66. # the object.
    67. 

  67. #
    68. 

  68. 

  69. tpm2 createprimary -Q -C e -g $alg_primary_obj -G $alg_primary_key \
    70. 

  70. -c $file_primary_key_ctx
    71. 

  71. 

  72. tpm2 pcrread -Q -o $file_pcr_value ${alg_pcr_policy}:${pcr_ids}
    73. 

  73. 

  74. tpm2 startauthsession -Q -S $file_session_file
    75. 

  75. 

  76. tpm2 policypcr -Q -S $file_session_file -l ${alg_pcr_policy}:${pcr_ids} \
    77. 

  77. -f $file_pcr_value -L $file_policy
    78. 

  78. 

  79. tpm2 flushcontext $file_session_file
    80. 

  80. 

  81. tpm2 create -Q -g $alg_create_obj -u $file_unseal_key_pub \
    82. 

  82. -r $file_unseal_key_priv -i- -C $file_primary_key_ctx -L $file_policy \
    83. 

  83. -a 'fixedtpm|fixedparent' <<< $secret
    84. 

  84. 

  85. tpm2 load -Q -C $file_primary_key_ctx -u $file_unseal_key_pub \
    86. 

  86. -r $file_unseal_key_priv -n $file_unseal_key_name -c $file_unseal_key_ctx
    87. 

  87. 

  88. rm $file_session_file
    89. 

  89. 

  90. # Start a REAL encrypted and bound policy session (-a option) and perform a pcr
    91. 

  91. # policy event
    92. 

  92. tpm2 startauthsession --policy-session -c $file_primary_key_ctx \
    93. 

  93. -S $file_session_file
    94. 

  94. 

  95. tpm2 policypcr -Q -S $file_session_file -l ${alg_pcr_policy}:${pcr_ids} \
    96. 

  96. -f $file_pcr_value -L $file_policy
    97. 

  97. 

  98. unsealed=`tpm2 unseal -p"session:$file_session_file" -c $file_unseal_key_ctx`
    99. 

  99. 

  100. test "$unsealed" == "$secret"
    101. 

  101. 

  102. # Test resetting the policy session causes unseal to fail.
    103. 

  103. tpm2 policyrestart -S $file_session_file
    104. 

  104. 

  105. # negative test, clear the error handler
    106. 

  106. if tpm2 unseal -p"session:$file_session_file" \
    107. 

  107. -c $file_unseal_key_ctx 2>/dev/null; then
    108. 

  108.     echo "Expected tpm2 unseal to fail after policy reset"
    109. 

  109.     exit 1
    110. 

  110. else
    111. 

  111.     true
    112. 

  112. fi
    113. 

  113. 

  114. # Test bounded sessions work with bind entities with auth
    115. 

  115. tpm2 createprimary -Q -C o -c prim.ctx -p primepass
    116. 

  116. ## Test with bounded and salted session
    117. 

  117. tpm2 startauthsession -S session.ctx --hmac-session --tpmkey-context prim.ctx \
    118. 

  118. --bind-context prim.ctx --bind-auth primepass
    119. 

  119. tpm2 sessionconfig session.ctx --enable-encrypt --enable-decrypt
    120. 

  120. tpm2 getrandom 8 -S session.ctx
    121. 

  121. tpm2 flushcontext session.ctx
    122. 

  122. ## Test with bounded only session
    123. 

  123. tpm2 startauthsession -S session.ctx --hmac-session \
    124. 

  124. --bind-context prim.ctx  --bind-auth primepass
    125. 

  125. tpm2 sessionconfig session.ctx --enable-encrypt --enable-decrypt
    126. 

  126. tpm2 getrandom 8 -S session.ctx
    127. 

  127. tpm2 flushcontext session.ctx
    128. 

  128. ## Test with salted only session
    129. 

  129. tpm2 startauthsession -S session.ctx --hmac-session \
    130. 

  130. --tpmkey-context prim.ctx
    131. 

  131. tpm2 sessionconfig session.ctx --enable-encrypt --enable-decrypt
    132. 

  132. tpm2 getrandom 8 -S session.ctx
    133. 

  133. tpm2 flushcontext session.ctx
    134. 

  134. 

  135. exit 0
    136.