Strona główna Odkrywaj Pomoc
Zaloguj się
SoftwareDesign
/
csu3_am335x
8
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
tests
/
abrmd_policysecret.sh

abrmd_policysecret.sh 3.4 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. # SPDX-License-Identifier: BSD-3-Clause
    2. 

  2. 

  3. source helpers.sh
    4. 

  4. 

  5. TPM_RH_OWNER=0x40000001
    6. 

  6. SEALED_SECRET=SEALED-SECRET
    7. 

  7. session_ctx=session.ctx
    8. 

  8. o_policy_digest=policy.digest
    9. 

  9. primary_ctx=prim.ctx
    10. 

  10. seal_key_pub=sealing_key.pub
    11. 

  11. seal_key_priv=sealing_key.priv
    12. 

  12. seal_key_ctx=sealing_key.ctx
    13. 

  13. 

  14. cleanup() {
    15. 

  15.     rm -f $session_ctx $o_policy_digest $primary_ctx $seal_key_pub $seal_key_priv\
    16. 

  16.     $seal_key_ctx qual.dat
    17. 

  17. 

  18.     tpm2 flushcontext $session_ctx 2>/dev/null || true
    19. 

  19. 

  20.     tpm2 clear
    21. 

  21. 

  22.     if [ "${1}" != "no-shutdown" ]; then
    23. 

  23.         shut_down
    24. 

  24.     fi
    25. 

  25. }
    26. 

  26. trap cleanup EXIT
    27. 

  27. 

  28. start_up
    29. 

  29. 

  30. cleanup "no-shutdown"
    31. 

  31. 

  32. tpm2 clear
    33. 

  33. 

  34. tpm2 changeauth -c o ownerauth
    35. 

  35. 

  36. # Create Policy
    37. 

  37. tpm2 startauthsession -S $session_ctx
    38. 

  38. tpm2 policysecret -S $session_ctx -c $TPM_RH_OWNER -L $o_policy_digest ownerauth
    39. 

  39. tpm2 flushcontext $session_ctx
    40. 

  40. rm $session_ctx
    41. 

  41. 

  42. # Create and Load Object
    43. 

  43. tpm2 createprimary -Q -C o -c $primary_ctx -P ownerauth
    44. 

  44. tpm2 create -Q -g sha256 -u $seal_key_pub -r $seal_key_priv -C $primary_ctx \
    45. 

  45. -L $o_policy_digest -i- <<< $SEALED_SECRET
    46. 

  46. tpm2 load -C $primary_ctx -u $seal_key_pub -r $seal_key_priv -c $seal_key_ctx
    47. 

  47. 

  48. # Satisfy policy and unseal data
    49. 

  49. tpm2 startauthsession --policy-session -S $session_ctx
    50. 

  50. echo -n "ownerauth" | tpm2 policysecret -S $session_ctx -c $TPM_RH_OWNER \
    51. 

  51. -L $o_policy_digest file:-
    52. 

  52. unsealed=`tpm2 unseal -p"session:$session_ctx" -c $seal_key_ctx`
    53. 

  53. tpm2 flushcontext $session_ctx
    54. 

  54. rm $session_ctx
    55. 

  55. 

  56. test "$unsealed" == "$SEALED_SECRET"
    57. 

  57. 

  58. if [ $? != 0 ]; then
    59. 

  59.   echo "Failed policysecret integration test where ref object password was set."
    60. 

  60. fi
    61. 

  61. 

  62. #Test the policy with auth reference object password not set
    63. 

  63. unsealed=""
    64. 

  64. tpm2 changeauth -c o -p ownerauth
    65. 

  65. 

  66. tpm2 startauthsession --policy-session -S $session_ctx
    67. 

  67. tpm2 policysecret -S $session_ctx -c $TPM_RH_OWNER -L $o_policy_digest
    68. 

  68. unsealed=`tpm2 unseal -p"session:$session_ctx" -c $seal_key_ctx`
    69. 

  69. tpm2 flushcontext $session_ctx
    70. 

  70. rm $session_ctx
    71. 

  71. 

  72. test "$unsealed" == "$SEALED_SECRET"
    73. 

  73. 

  74. if [ $? != 0 ]; then
    75. 

  75.   echo "Failed policysecret integration test for passwordless reference object."
    76. 

  76. fi
    77. 

  77. 

  78. #
    79. 

  79. # Test with policyref or qualification data
    80. 

  80. #
    81. 

  81. unsealed=""
    82. 

  82. tpm2 clear
    83. 

  83. 

  84. dd if=/dev/urandom of=qual.dat bs=1 count=32
    85. 

  85. tpm2 startauthsession -S $session_ctx
    86. 

  86. tpm2 policysecret -S $session_ctx -c $TPM_RH_OWNER -L $o_policy_digest \
    87. 

  87. -q qual.dat
    88. 

  88. tpm2 flushcontext $session_ctx
    89. 

  89. 

  90. tpm2 createprimary -Q -C o -c $primary_ctx
    91. 

  91. tpm2 create -Q -g sha256 -u $seal_key_pub -r $seal_key_priv -C $primary_ctx \
    92. 

  92. -L $o_policy_digest -i- <<< $SEALED_SECRET
    93. 

  93. tpm2 load -C $primary_ctx -u $seal_key_pub -r $seal_key_priv -c $seal_key_ctx
    94. 

  94. 

  95. tpm2 startauthsession --policy-session -S $session_ctx
    96. 

  96. tpm2 policysecret -S $session_ctx -c $TPM_RH_OWNER -L $o_policy_digest \
    97. 

  97. -q qual.dat
    98. 

  98. unsealed=`tpm2 unseal -p"session:$session_ctx" -c $seal_key_ctx`
    99. 

  99. tpm2 flushcontext $session_ctx
    100. 

  100. 

  101. test "$unsealed" == "$SEALED_SECRET"
    102. 

  102. 

  103. if [ $? != 0 ]; then
    104. 

  104.   echo "Failed policysecret integration test for passwordless reference object."
    105. 

  105. fi
    106. 

  106. 

  107. #
    108. 

  108. # Test with policy auth reference instead of plain password
    109. 

  109. #
    110. 

  110. tpm2 startauthsession -S session.ctx
    111. 

  111. tpm2 policyauthvalue -S session.ctx -L policy.authval
    112. 

  112. tpm2 flushcontext session.ctx
    113. 

  113. tpm2 setprimarypolicy -C o -L policy.authval -g sha256
    114. 

  114. tpm2 startauthsession -S session.ctx --policy-session
    115. 

  115. tpm2 startauthsession -S policy_session.ctx --policy-session
    116. 

  116. tpm2 policyauthvalue -S session.ctx
    117. 

  117. tpm2 policysecret -S policy_session.ctx -c o session:session.ctx
    118. 

  118. tpm2 flushcontext session.ctx
    119. 

  119. tpm2 flushcontext policy_session.ctx
    120. 

  120. 

  121. exit 0
    122.