WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Minor change for attestation examples, EK is not needed 

* EK is not needed for Quote or GetTime
* Only Endorsement Hierarchy is needed for GetTime

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
pull/152/head
Dimitar Tomov 2021-03-12 23:41:51 +02:00 committed by Dimitar Tomov
parent fd79729cc8
commit 4f6e35f7fd
2 changed files with 5 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
examples/pcr/quote.c
View File

@ -44,7 +44,7 @@ static void usage(void)
printf("./examples/pcr/quote [pcr] [filename] [-ecc] [-aes/xor]\n");
printf("* pcr: PCR index between 0-23 (default %d)\n", TPM2_TEST_PCR);
printf("* filename: for saving the TPMS_ATTEST structure to a file\n");
printf("* -ecc: Use RSA or ECC for EK/AIK\n");
printf("* -ecc: Use RSA or ECC for SRK/AIK\n");
printf("* -aes/xor: Use Parameter Encryption\n");
printf("Demo usage without parameters, generates quote over PCR%d and\n"
"saves the output TPMS_ATTEST structure to \"quote.blob\" file.\n",
@ -60,7 +60,6 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
WOLFTPM2_DEV dev;
TPMS_ATTEST attestedData;
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
WOLFTPM2_KEY endorse; /* EK */
WOLFTPM2_KEY storage; /* SRK */
WOLFTPM2_KEY aik; /* AIK */
union {
@ -77,7 +76,6 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
XFILE f;
#endif
XMEMSET(&endorse, 0, sizeof(endorse));
XMEMSET(&storage, 0, sizeof(storage));
XMEMSET(&aik, 0, sizeof(aik));
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
@ -128,16 +126,6 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
}
printf("wolfTPM2_Init: success\n");
/* Create Endorsement Key, also called EK */
rc = wolfTPM2_CreateEK(&dev, &endorse, alg);
if (rc != TPM_RC_SUCCESS) {
printf("wolfTPM2_CreateEK: Endorsement failed 0x%x: %s\n",
rc, TPM2_GetRCString(rc));
goto exit;
}
printf("wolfTPM2_CreateEK: Endorsement 0x%x (%d bytes)\n",
(word32)endorse.handle.hndl, endorse.pub.size);
/* get SRK */
rc = getPrimaryStoragekey(&dev, &storage, alg);
if (rc != 0) goto exit;
@ -234,7 +222,6 @@ exit:
/* Close key handles */
wolfTPM2_UnloadHandle(&dev, &aik.handle);
wolfTPM2_UnloadHandle(&dev, &storage.handle);
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
wolfTPM2_Cleanup(&dev);

26
examples/timestamp/signed_timestamp.c
View File

@ -43,7 +43,7 @@ static void usage(void)
{
printf("Expected usage:\n");
printf("./examples/timestamp/signed_timestamp [-ecc] [-aes/xor]\n");
printf("* -ecc: Use RSA or ECC for EK/AIK\n");
printf("* -ecc: Use RSA or ECC for SRK/AIK\n");
printf("* -aes/xor: Use Parameter Encryption\n");
}
@ -66,7 +66,6 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
PolicySecret_Out policySecret;
byte maxOutput[MAX_RESPONSE_SIZE];
} cmdOut;
WOLFTPM2_KEY endorse; /* EK */
WOLFTPM2_KEY storage; /* SRK */
WOLFTPM2_KEY aik; /* AIK */
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
@ -74,7 +73,6 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
WOLFTPM2_SESSION tpmSession;
TPMA_SESSION sessionAttributes;
XMEMSET(&endorse, 0, sizeof(endorse));
XMEMSET(&storage, 0, sizeof(storage));
XMEMSET(&aik, 0, sizeof(aik));
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
@ -123,17 +121,6 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
printf("TPM2_ReadClock: success\n");
/* Create Endorsement Key, also called EK */
rc = wolfTPM2_CreateEK(&dev, &endorse, alg);
if (rc != TPM_RC_SUCCESS) {
printf("wolfTPM2_CreateEK: Endorsement failed 0x%x: %s\n",
rc, TPM2_GetRCString(rc));
goto exit;
}
printf("wolfTPM2_CreateEK: Endorsement 0x%x (%d bytes)\n",
(word32)endorse.handle.hndl, endorse.pub.size);
/* Create Storage Key, also called SRK */
rc = getPrimaryStoragekey(&dev, &storage, alg);
if (rc != TPM_RC_SUCCESS) {
@ -151,10 +138,6 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
(word32)tpmSession.handle.hndl);
/* Set the endorsement password (blank) */
rc = wolfTPM2_SetAuthPassword(&dev, 0, NULL);
if (rc != 0) goto exit;
/* Set PolicySecret for our session to enable use of the Endorsement Hierarchy */
XMEMSET(&cmdIn.policySecret, 0, sizeof(cmdIn.policySecret));
cmdIn.policySecret.authHandle = TPM_RH_ENDORSEMENT;
@ -166,7 +149,7 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
}
printf("TPM2_policySecret success\n"); /* No use of the output */
/* At this stage, the EK is created and NULL password has already been set
/* At this stage, the SRK is created and NULL password has already been set
* The EH is enabled through policySecret over the active TPM session and
* the creation of Attestation Identity Key (AIK) under the EH can take place.
*/
@ -183,7 +166,7 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
(word32)aik.handle.hndl, aik.pub.size);
/* set NULL password auth for using EK */
/* set (the default) NULL password auth for using EH */
wolfTPM2_SetAuthPassword(&dev, 0, NULL);
/* set auth for using the AIK */
@ -202,7 +185,7 @@ int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
(void)sessionAttributes;
#endif
/* At this stage: The EK is created, AIK is created and loaded,
/* At this stage: The SRK is created, AIK is created and loaded,
* Endorsement Hierarchy is enabled through policySecret,
* the use of the loaded AIK is enabled through its usageAuth.
* Invoking attestation of the TPM time structure can take place.
@ -255,7 +238,6 @@ exit:
}
wolfTPM2_UnloadHandle(&dev, &aik.handle);
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
wolfTPM2_Cleanup(&dev);