mirror of https://github.com/wolfSSL/wolfTPM.git
EK Cert Verification with TPM only (no wolfCrypt). Example assumes ST33KTPM2X. `./configure --disable-wolfcrypt && make && ./examples/endorsement/verify_ek_cert`
David Garske
parent
bcf2647ebc
commit
c42fff4f7f
|
|
@ -84,6 +84,7 @@ examples/boot/secret_unseal
|
||||||
examples/firmware/ifx_fw_extract
|
examples/firmware/ifx_fw_extract
|
||||||
examples/firmware/ifx_fw_update
|
examples/firmware/ifx_fw_update
|
||||||
examples/endorsement/get_ek_certs
|
examples/endorsement/get_ek_certs
|
||||||
|
examples/endorsement/verify_ek_cert
|
||||||
|
|
||||||
# Generated Cert Files
|
# Generated Cert Files
|
||||||
certs/ca-*.pem
|
certs/ca-*.pem
|
||||||
|
|
|
||||||
|
|
@ -44,3 +44,239 @@ Example:
|
||||||
- STSAFE-TPM RSA intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmrsaint10.crt)
|
- STSAFE-TPM RSA intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmrsaint10.crt)
|
||||||
- STSAFE ECC root CA 02 (http://sw-center.st.com/STSAFE/STSAFEEccRootCA02.crt)
|
- STSAFE ECC root CA 02 (http://sw-center.st.com/STSAFE/STSAFEEccRootCA02.crt)
|
||||||
- STSAFE-TPM ECC intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmeccint10.crt)
|
- STSAFE-TPM ECC intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmeccint10.crt)
|
||||||
|
|
||||||
|
Sample Output:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./examples/endorsement/verify_ek_cert
|
||||||
|
Endorsement Certificate Verify
|
||||||
|
TPM2: Caps 0x30000415, Did 0x0004, Vid 0x104a, Rid 0x 1
|
||||||
|
TPM2_Startup pass
|
||||||
|
TPM2_NV_ReadPublic: Sz 14, Idx 0x1c00002, nameAlg 11, Attr 0x62076801, authPol 0, dataSz 1300, name 34
|
||||||
|
TPM2_NV_ReadPublic: Sz 14, Idx 0x1c00002, nameAlg 11, Attr 0x62076801, authPol 0, dataSz 1300, name 34
|
||||||
|
TPM2_NV_Read: Auth 0x1c00002, Idx 0x1c00002, Offset 0, Size 768
|
||||||
|
TPM2_NV_Read: Auth 0x1c00002, Idx 0x1c00002, Offset 768, Size 532
|
||||||
|
EK Data: 1300
|
||||||
|
30 82 05 10 30 82 02 f8 a0 03 02 01 02 02 14 58 | 0...0..........X
|
||||||
|
63 86 17 74 73 22 ca 34 60 4a f6 cf d9 b4 44 9e | c..ts".4`J....D.
|
||||||
|
4b ba 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c | K..0...*.H......
|
||||||
|
05 00 30 59 31 0b 30 09 06 03 55 04 06 13 02 43 | ..0Y1.0...U....C
|
||||||
|
48 31 1e 30 1c 06 03 55 04 0a 13 15 53 54 4d 69 | H1.0...U....STMi
|
||||||
|
63 72 6f 65 6c 65 63 74 72 6f 6e 69 63 73 20 4e | croelectronics N
|
||||||
|
56 31 2a 30 28 06 03 55 04 03 13 21 53 54 53 41 | V1*0(..U...!STSA
|
||||||
|
46 45 20 54 50 4d 20 52 53 41 20 49 6e 74 65 72 | FE TPM RSA Inter
|
||||||
|
6d 65 64 69 61 74 65 20 43 41 20 32 30 30 20 17 | mediate CA 200 .
|
||||||
|
0d 32 33 30 36 30 31 30 39 34 39 33 35 5a 18 0f | .230601094935Z..
|
||||||
|
39 39 39 39 31 32 33 31 32 33 35 39 35 39 5a 30 | 99991231235959Z0
|
||||||
|
00 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 | .0.."0...*.H....
|
||||||
|
01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 | .........0......
|
||||||
|
01 00 b3 20 db 1a 10 d2 16 8c 5d 92 c0 47 87 b1 | ... ......]..G..
|
||||||
|
dc ae af 5b f2 44 15 dd 84 9a 17 3f c6 76 61 29 | ...[.D.....?.va)
|
||||||
|
c6 c3 4c e5 50 27 a2 26 8b fd e0 9d 34 09 93 0f | ..L.P'.&....4...
|
||||||
|
64 6a b0 46 f5 5b 19 1c 14 45 b7 24 d3 a9 a5 7d | dj.F.[...E.$...}
|
||||||
|
4c a7 0a ba cc d4 72 a2 18 2e 1a 20 a5 33 6f 5f | L.....r.... .3o_
|
||||||
|
f5 21 10 bf db af 74 7f 97 93 46 64 40 16 c2 e9 | .!....t...Fd@...
|
||||||
|
8f cc e0 f2 4a 94 29 4e 73 87 6f a4 bb c8 f3 e1 | ....J.)Ns.o.....
|
||||||
|
02 35 12 c9 c7 e8 4c f2 59 94 5f d2 5a ca 35 48 | .5....L.Y._.Z.5H
|
||||||
|
e3 0d 59 90 41 33 10 cd 4b f5 ff a7 0c 4e 94 ce | ..Y.A3..K....N..
|
||||||
|
86 45 fb 89 aa b4 76 10 8e ed 90 1e bf b9 6b 88 | .E....v.......k.
|
||||||
|
df 5a 1a b7 b5 cb a8 80 ff cf 4d a8 c1 05 b6 15 | .Z........M.....
|
||||||
|
49 8d 22 74 29 56 95 56 e5 1d 4f 31 44 da 77 3c | I."t)V.V..O1D.w<
|
||||||
|
a7 46 a3 e2 d5 ee 18 51 0c 9c 51 52 49 ff d1 ba | .F.....Q..QRI...
|
||||||
|
4f cd 33 42 0d 8e e9 c8 da a0 ff 10 02 0d dd e4 | O.3B............
|
||||||
|
fa 49 21 98 e9 28 c7 c5 25 ac 7b 90 91 99 fb 99 | .I!..(..%.{.....
|
||||||
|
36 63 dc 50 98 fa fd 32 37 c2 08 9c 43 fc 59 d6 | 6c.P...27...C.Y.
|
||||||
|
27 5f 02 03 01 00 01 a3 82 01 25 30 82 01 21 30 | '_........%0..!0
|
||||||
|
1f 06 03 55 1d 23 04 18 30 16 80 14 8f e0 78 f8 | ...U.#..0.....x.
|
||||||
|
ca 88 59 fe fe 3f 7a 98 37 2c fc 02 c6 08 44 49 | ..Y..?z.7,....DI
|
||||||
|
30 58 06 03 55 1d 11 01 01 ff 04 4e 30 4c a4 4a | 0X..U......N0L.J
|
||||||
|
30 48 31 16 30 14 06 05 67 81 05 02 01 0c 0b 69 | 0H1.0...g......i
|
||||||
|
64 3a 35 33 35 34 34 44 32 30 31 16 30 14 06 05 | d:53544D201.0...
|
||||||
|
67 81 05 02 02 0c 0b 53 54 33 33 4b 54 50 4d 32 | g......ST33KTPM2
|
||||||
|
41 49 31 16 30 14 06 05 67 81 05 02 03 0c 0b 69 | AI1.0...g......i
|
||||||
|
64 3a 30 30 30 41 30 31 30 31 30 22 06 03 55 1d | d:000A01010"..U.
|
||||||
|
09 04 1b 30 19 30 17 06 05 67 81 05 02 10 31 0e | ...0.0...g....1.
|
||||||
|
30 0c 0c 03 32 2e 30 02 01 00 02 02 00 9f 30 0c | 0...2.0.......0.
|
||||||
|
06 03 55 1d 13 01 01 ff 04 02 30 00 30 10 06 03 | ..U.......0.0...
|
||||||
|
55 1d 25 04 09 30 07 06 05 67 81 05 08 01 30 0e | U.%..0...g....0.
|
||||||
|
06 03 55 1d 0f 01 01 ff 04 04 03 02 05 20 30 50 | ..U.......... 0P
|
||||||
|
06 08 2b 06 01 05 05 07 01 01 04 44 30 42 30 40 | ..+........D0B0@
|
||||||
|
06 08 2b 06 01 05 05 07 30 02 86 34 68 74 74 70 | ..+.....0..4http
|
||||||
|
3a 2f 2f 73 77 2d 63 65 6e 74 65 72 2e 73 74 2e | ://sw-center.st.
|
||||||
|
63 6f 6d 2f 53 54 53 41 46 45 2f 73 74 73 61 66 | com/STSAFE/stsaf
|
||||||
|
65 74 70 6d 72 73 61 69 6e 74 32 30 2e 63 72 74 | etpmrsaint20.crt
|
||||||
|
30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 03 | 0...*.H.........
|
||||||
|
82 02 01 00 b5 7a 68 4d aa d5 3a bf a2 6a 6f 1d | .....zhM..:..jo.
|
||||||
|
1a 5e 35 74 47 f4 b7 ee a0 63 8e 08 42 8c a3 80 | .^5tG....c..B...
|
||||||
|
3a 91 8e 92 1a 22 73 c8 a6 07 61 42 63 5f 4e c7 | :...."s...aBc_N.
|
||||||
|
17 dc 5e c2 51 73 13 51 0f 57 17 01 63 9e da b5 | ..^.Qs.Q.W..c...
|
||||||
|
4a fd 92 6d 0a 33 8b e4 dc 5f 63 96 7b 89 d3 3a | J..m.3..._c.{..:
|
||||||
|
99 29 ac f0 7c 0a 99 ea 9c 40 33 86 4b 55 30 03 | .)..|....@3.KU0.
|
||||||
|
24 41 05 f6 48 43 5f b9 39 b4 74 17 2c 71 bf 26 | $A..HC_.9.t.,q.&
|
||||||
|
f4 a3 7a 9f ae 80 0c 8b 92 c8 22 35 0f f8 64 da | ..z......."5..d.
|
||||||
|
50 b1 2f 5f e2 a4 19 32 a6 7e 74 bb 31 74 93 10 | P./_...2.~t.1t..
|
||||||
|
85 a2 5f 10 9f 1d 0c 57 90 d2 56 e4 70 7f 54 99 | .._....W..V.p.T.
|
||||||
|
87 c0 bd d7 8f c4 31 eb 9d bc cd ca 35 b2 64 d0 | ......1.....5.d.
|
||||||
|
ee 6b c8 e1 1b 34 bc 09 3f cd d1 f1 53 c2 18 dd | .k...4..?...S...
|
||||||
|
82 85 2e 6c 44 9b 21 df eb 7b 5b 8f 07 f5 61 34 | ...lD.!..{[...a4
|
||||||
|
25 e5 97 ee bd 01 2e 1c 35 53 00 b0 be 92 96 80 | %.......5S......
|
||||||
|
50 9b 6e e0 f3 e3 1d 0c 0a 99 96 cd 42 64 e4 43 | P.n.........Bd.C
|
||||||
|
6a 4a de c2 03 19 a2 a7 b6 fa 7d 25 37 04 53 30 | jJ........}%7.S0
|
||||||
|
3a 69 b2 38 6c c9 e9 e3 59 a4 8b 1e ae 62 5d eb | :i.8l...Y....b].
|
||||||
|
3c 85 e3 2f f1 cb 7b 3c 0d 2d bf 6e f0 9c 7c c9 | <../..{<.-.n..|.
|
||||||
|
c8 84 35 26 21 82 2a 83 f7 54 80 51 73 34 c2 7b | ..5&!.*..T.Qs4.{
|
||||||
|
2b 5d 32 b7 26 a6 8c b2 46 d6 c2 63 5c 38 0c 0b | +]2.&...F..c\8..
|
||||||
|
5e ba 81 ee 0b 55 c6 e7 ab 48 8d 6a e4 c7 ec 45 | ^....U...H.j...E
|
||||||
|
0d 46 b9 2e 8e a9 be e1 26 b4 79 b5 56 4c 2a dd | .F......&.y.VL*.
|
||||||
|
93 22 01 d5 2c ca bd c0 6a 30 ff 53 8c 08 98 22 | ."..,...j0.S..."
|
||||||
|
33 3c 78 a1 59 25 43 cc db e1 26 cc 55 7f bb 4b | 3<x.Y%C...&.U..K
|
||||||
|
fe 9f 3f d9 92 44 6d 72 a4 74 75 e4 f6 40 bf 3d | ..?..Dmr.tu..@.=
|
||||||
|
a4 b5 fb 78 39 2a 9d 5e 91 ba e4 67 50 5a 99 6e | ...x9*.^...gPZ.n
|
||||||
|
5a 53 56 4e ca aa a3 b3 55 28 f1 68 b5 c1 dc 3b | ZSVN....U(.h...;
|
||||||
|
78 20 5b 86 8e 54 84 8b 6e 3c fd 5a fb a4 4a 46 | x [..T..n<.Z..JF
|
||||||
|
ba 2e d0 47 c7 43 b9 65 8f b5 01 c6 c3 17 ce 34 | ...G.C.e.......4
|
||||||
|
3b 51 d5 ea c4 0a c2 cf 02 94 d6 1f 93 4c 43 79 | ;Q...........LCy
|
||||||
|
a9 44 fa f7 62 82 50 d5 2b 73 56 06 c1 16 b5 41 | .D..b.P.+sV....A
|
||||||
|
36 17 8b e4 8c 4a 25 fb e4 c9 dc 2e d3 f5 bc c9 | 6....J%.........
|
||||||
|
c2 6d c6 7d | .m.}
|
||||||
|
Creating Endorsement Key
|
||||||
|
TPM2_CreatePrimary: 0x80000000 (314 bytes)
|
||||||
|
Endorsement key loaded at handle 0x80000000
|
||||||
|
EK RSA, Hash: SHA256, objAttr: 0x300B2
|
||||||
|
KeyBits: 2048, exponent: 0x0, unique size 256
|
||||||
|
b3:20:db:1a:10:d2:16:8c:5d:92:c0:47:87:b1:dc:ae:
|
||||||
|
af:5b:f2:44:15:dd:84:9a:17:3f:c6:76:61:29:c6:c3:
|
||||||
|
4c:e5:50:27:a2:26:8b:fd:e0:9d:34:09:93:0f:64:6a:
|
||||||
|
b0:46:f5:5b:19:1c:14:45:b7:24:d3:a9:a5:7d:4c:a7:
|
||||||
|
0a:ba:cc:d4:72:a2:18:2e:1a:20:a5:33:6f:5f:f5:21:
|
||||||
|
10:bf:db:af:74:7f:97:93:46:64:40:16:c2:e9:8f:cc:
|
||||||
|
e0:f2:4a:94:29:4e:73:87:6f:a4:bb:c8:f3:e1:02:35:
|
||||||
|
12:c9:c7:e8:4c:f2:59:94:5f:d2:5a:ca:35:48:e3:0d:
|
||||||
|
59:90:41:33:10:cd:4b:f5:ff:a7:0c:4e:94:ce:86:45:
|
||||||
|
fb:89:aa:b4:76:10:8e:ed:90:1e:bf:b9:6b:88:df:5a:
|
||||||
|
1a:b7:b5:cb:a8:80:ff:cf:4d:a8:c1:05:b6:15:49:8d:
|
||||||
|
22:74:29:56:95:56:e5:1d:4f:31:44:da:77:3c:a7:46:
|
||||||
|
a3:e2:d5:ee:18:51:0c:9c:51:52:49:ff:d1:ba:4f:cd:
|
||||||
|
33:42:0d:8e:e9:c8:da:a0:ff:10:02:0d:dd:e4:fa:49:
|
||||||
|
21:98:e9:28:c7:c5:25:ac:7b:90:91:99:fb:99:36:63:
|
||||||
|
dc:50:98:fa:fd:32:37:c2:08:9c:43:fc:59:d6:27:5f
|
||||||
|
wolfTPM2_HashStart: Handle 0x80000002
|
||||||
|
wolfTPM2_HashUpdate: Handle 0x80000002, DataSz 764
|
||||||
|
wolfTPM2_HashFinish: Handle 0x80000002, DigestSz 48
|
||||||
|
Cert Hash: 48
|
||||||
|
54:70:93:7f:05:79:3b:b8:fb:2f:2f:e0:eb:96:ec:95:
|
||||||
|
6e:bd:25:49:45:69:38:6b:67:48:09:cd:47:17:cc:c6:
|
||||||
|
8d:c9:6a:5a:01:16:ba:9f:75:96:0c:be:dc:40:0c:ee
|
||||||
|
Issuer Public Exponent 0x10001, Modulus 512
|
||||||
|
c5:5e:b9:a1:35:8b:76:d6:df:ed:93:a5:66:9d:11:93:
|
||||||
|
fd:46:42:fd:48:f7:33:6a:96:e3:64:6c:2a:74:ba:52:
|
||||||
|
9e:71:48:c6:ca:42:e1:06:a0:c7:bc:c4:0d:6e:48:ed:
|
||||||
|
1c:5f:dc:aa:44:c1:f4:5c:b3:ac:22:85:ad:5f:b0:b0:
|
||||||
|
d9:f4:8e:51:3e:05:70:41:ac:cf:5c:f8:0f:29:aa:94:
|
||||||
|
5b:24:a3:bf:39:33:e9:1a:bb:51:de:22:b2:52:a6:8b:
|
||||||
|
27:c1:aa:92:e1:38:80:40:ae:f9:04:d0:cc:d5:3b:72:
|
||||||
|
7f:d5:69:bc:9b:80:55:ff:c2:4a:87:3e:b5:74:55:c7:
|
||||||
|
83:04:9e:d9:ec:ee:fb:c7:21:d6:51:b4:c8:a4:6f:03:
|
||||||
|
57:3d:8c:ae:fc:df:d9:6c:a4:80:4e:83:2d:96:40:6f:
|
||||||
|
e2:bf:45:a5:0a:32:c1:d6:de:69:35:53:24:37:e4:7a:
|
||||||
|
8c:2f:96:b6:8a:8c:74:14:eb:5a:05:4a:fe:23:03:d9:
|
||||||
|
ce:af:9e:c4:2e:23:b4:e2:ff:e4:76:1b:ce:4d:6b:54:
|
||||||
|
af:bf:fc:c2:4e:24:6f:24:e6:bc:34:61:cb:15:0a:ce:
|
||||||
|
8b:5b:22:0a:fd:3f:26:93:63:b4:a5:b3:43:6a:1a:20:
|
||||||
|
14:47:d2:d9:fd:65:59:ae:13:0d:61:3c:38:bb:2e:59:
|
||||||
|
0b:f0:49:92:12:db:9d:73:09:42:54:15:0c:97:d7:14:
|
||||||
|
a4:bb:3a:5e:e8:7f:d9:dc:76:3d:ca:36:77:52:12:58:
|
||||||
|
e9:d1:ff:06:e6:da:05:6a:9c:7f:a6:05:4b:2e:48:62:
|
||||||
|
26:b0:2d:5c:a6:7d:c9:49:18:cb:76:24:4d:7a:62:04:
|
||||||
|
b4:b4:ee:48:24:c0:11:ba:78:f0:ca:f0:f2:97:84:15:
|
||||||
|
0a:99:de:0a:56:13:30:a6:f5:76:c6:c8:95:4a:44:94:
|
||||||
|
b1:fe:78:1e:55:7e:fc:4c:2e:4f:3c:7a:f3:4d:69:ae:
|
||||||
|
95:60:51:a0:4e:0c:eb:e3:62:4a:0c:a7:67:10:a7:ab:
|
||||||
|
e7:44:e6:d4:96:32:a0:c8:09:45:20:2f:cc:04:10:c1:
|
||||||
|
53:31:5f:e7:fb:e0:36:c8:1d:08:b4:d1:a2:01:a1:7f:
|
||||||
|
6c:94:a7:81:e9:c1:c7:19:0d:30:bc:4f:a5:ad:d5:ec:
|
||||||
|
dd:9c:68:58:6c:49:b9:fa:e6:92:9b:30:6a:90:84:a3:
|
||||||
|
eb:90:6c:fe:8e:d6:21:df:45:23:78:1e:be:0c:c1:b9:
|
||||||
|
05:bd:a3:0e:ef:b6:96:95:75:92:d0:a5:05:b7:88:9e:
|
||||||
|
46:fd:54:a2:f1:98:9c:b5:01:ac:5c:51:b8:b7:05:25:
|
||||||
|
52:f6:12:a1:e1:f4:bf:b2:4e:3e:27:b7:71:9f:d4:e1
|
||||||
|
TPM2_LoadExternal: 0x80000002
|
||||||
|
EK Certificate Signature: 512
|
||||||
|
b5:7a:68:4d:aa:d5:3a:bf:a2:6a:6f:1d:1a:5e:35:74:
|
||||||
|
47:f4:b7:ee:a0:63:8e:08:42:8c:a3:80:3a:91:8e:92:
|
||||||
|
1a:22:73:c8:a6:07:61:42:63:5f:4e:c7:17:dc:5e:c2:
|
||||||
|
51:73:13:51:0f:57:17:01:63:9e:da:b5:4a:fd:92:6d:
|
||||||
|
0a:33:8b:e4:dc:5f:63:96:7b:89:d3:3a:99:29:ac:f0:
|
||||||
|
7c:0a:99:ea:9c:40:33:86:4b:55:30:03:24:41:05:f6:
|
||||||
|
48:43:5f:b9:39:b4:74:17:2c:71:bf:26:f4:a3:7a:9f:
|
||||||
|
ae:80:0c:8b:92:c8:22:35:0f:f8:64:da:50:b1:2f:5f:
|
||||||
|
e2:a4:19:32:a6:7e:74:bb:31:74:93:10:85:a2:5f:10:
|
||||||
|
9f:1d:0c:57:90:d2:56:e4:70:7f:54:99:87:c0:bd:d7:
|
||||||
|
8f:c4:31:eb:9d:bc:cd:ca:35:b2:64:d0:ee:6b:c8:e1:
|
||||||
|
1b:34:bc:09:3f:cd:d1:f1:53:c2:18:dd:82:85:2e:6c:
|
||||||
|
44:9b:21:df:eb:7b:5b:8f:07:f5:61:34:25:e5:97:ee:
|
||||||
|
bd:01:2e:1c:35:53:00:b0:be:92:96:80:50:9b:6e:e0:
|
||||||
|
f3:e3:1d:0c:0a:99:96:cd:42:64:e4:43:6a:4a:de:c2:
|
||||||
|
03:19:a2:a7:b6:fa:7d:25:37:04:53:30:3a:69:b2:38:
|
||||||
|
6c:c9:e9:e3:59:a4:8b:1e:ae:62:5d:eb:3c:85:e3:2f:
|
||||||
|
f1:cb:7b:3c:0d:2d:bf:6e:f0:9c:7c:c9:c8:84:35:26:
|
||||||
|
21:82:2a:83:f7:54:80:51:73:34:c2:7b:2b:5d:32:b7:
|
||||||
|
26:a6:8c:b2:46:d6:c2:63:5c:38:0c:0b:5e:ba:81:ee:
|
||||||
|
0b:55:c6:e7:ab:48:8d:6a:e4:c7:ec:45:0d:46:b9:2e:
|
||||||
|
8e:a9:be:e1:26:b4:79:b5:56:4c:2a:dd:93:22:01:d5:
|
||||||
|
2c:ca:bd:c0:6a:30:ff:53:8c:08:98:22:33:3c:78:a1:
|
||||||
|
59:25:43:cc:db:e1:26:cc:55:7f:bb:4b:fe:9f:3f:d9:
|
||||||
|
92:44:6d:72:a4:74:75:e4:f6:40:bf:3d:a4:b5:fb:78:
|
||||||
|
39:2a:9d:5e:91:ba:e4:67:50:5a:99:6e:5a:53:56:4e:
|
||||||
|
ca:aa:a3:b3:55:28:f1:68:b5:c1:dc:3b:78:20:5b:86:
|
||||||
|
8e:54:84:8b:6e:3c:fd:5a:fb:a4:4a:46:ba:2e:d0:47:
|
||||||
|
c7:43:b9:65:8f:b5:01:c6:c3:17:ce:34:3b:51:d5:ea:
|
||||||
|
c4:0a:c2:cf:02:94:d6:1f:93:4c:43:79:a9:44:fa:f7:
|
||||||
|
62:82:50:d5:2b:73:56:06:c1:16:b5:41:36:17:8b:e4:
|
||||||
|
8c:4a:25:fb:e4:c9:dc:2e:d3:f5:bc:c9:c2:6d:c6:7d
|
||||||
|
TPM2_RSA_Encrypt: 512
|
||||||
|
Decrypted Sig: 512
|
||||||
|
00:01:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
|
||||||
|
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:30:41:30:
|
||||||
|
0d:06:09:60:86:48:01:65:03:04:02:02:05:00:04:30:
|
||||||
|
54:70:93:7f:05:79:3b:b8:fb:2f:2f:e0:eb:96:ec:95:
|
||||||
|
6e:bd:25:49:45:69:38:6b:67:48:09:cd:47:17:cc:c6:
|
||||||
|
8d:c9:6a:5a:01:16:ba:9f:75:96:0c:be:dc:40:0c:ee
|
||||||
|
Expected Hash: 48
|
||||||
|
54:70:93:7f:05:79:3b:b8:fb:2f:2f:e0:eb:96:ec:95:
|
||||||
|
6e:bd:25:49:45:69:38:6b:67:48:09:cd:47:17:cc:c6:
|
||||||
|
8d:c9:6a:5a:01:16:ba:9f:75:96:0c:be:dc:40:0c:ee
|
||||||
|
Sig Hash: 48
|
||||||
|
54:70:93:7f:05:79:3b:b8:fb:2f:2f:e0:eb:96:ec:95:
|
||||||
|
6e:bd:25:49:45:69:38:6b:67:48:09:cd:47:17:cc:c6:
|
||||||
|
8d:c9:6a:5a:01:16:ba:9f:75:96:0c:be:dc:40:0c:ee
|
||||||
|
Certificate signature is valid
|
||||||
|
TPM2_FlushContext: Closed handle 0x80000002
|
||||||
|
TPM2_FlushContext: Closed handle 0x80000000
|
||||||
|
```
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[]);
|
int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[]);
|
||||||
|
int TPM2_EndorsementCertVerify_Example(void* userCtx, int argc, char *argv[]);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
} /* extern "C" */
|
} /* extern "C" */
|
||||||
|
|
|
||||||
|
|
@ -19,8 +19,8 @@
|
||||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* This example shows how to decrypt a credential for Remote Attestation
|
/* This example will list each of the Endorsement Key certificates and attempt
|
||||||
* and extract the secret for challenge response to an attestation server
|
* to validate based on trusted peers in trusted_certs.h.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef HAVE_CONFIG_H
|
#ifdef HAVE_CONFIG_H
|
||||||
|
|
@ -385,6 +385,9 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
|
||||||
printf("Endorsement Cert PEM\n");
|
printf("Endorsement Cert PEM\n");
|
||||||
puts(pem);
|
puts(pem);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
pem = NULL;
|
||||||
#endif /* WOLFSSL_DER_TO_PEM */
|
#endif /* WOLFSSL_DER_TO_PEM */
|
||||||
}
|
}
|
||||||
#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_ASN */
|
#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_ASN */
|
||||||
|
|
@ -395,6 +398,11 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
||||||
|
if (rc != 0) {
|
||||||
|
printf("Error getting EK certificates! %s (%d)\n",
|
||||||
|
TPM2_GetRCString(rc), rc);
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
|
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
|
||||||
#ifdef WOLFSSL_DER_TO_PEM
|
#ifdef WOLFSSL_DER_TO_PEM
|
||||||
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
|
||||||
|
|
@ -4,17 +4,26 @@
|
||||||
if BUILD_EXAMPLES
|
if BUILD_EXAMPLES
|
||||||
noinst_HEADERS += \
|
noinst_HEADERS += \
|
||||||
examples/endorsement/endorsement.h \
|
examples/endorsement/endorsement.h \
|
||||||
examples/endorsement/trusted_certs.h
|
examples/endorsement/trusted_certs.h \
|
||||||
|
examples/endorsement/trusted_certs_der.h
|
||||||
|
|
||||||
noinst_PROGRAMS += examples/endorsement/get_ek_certs
|
noinst_PROGRAMS += examples/endorsement/get_ek_certs
|
||||||
examples_endorsement_get_ek_certs_SOURCES = examples/endorsement/get_ek_certs.c
|
examples_endorsement_get_ek_certs_SOURCES = examples/endorsement/get_ek_certs.c
|
||||||
examples_endorsement_get_ek_certs_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
examples_endorsement_get_ek_certs_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||||
examples_endorsement_get_ek_certs_DEPENDENCIES = src/libwolftpm.la
|
examples_endorsement_get_ek_certs_DEPENDENCIES = src/libwolftpm.la
|
||||||
|
|
||||||
|
noinst_PROGRAMS += examples/endorsement/verify_ek_cert
|
||||||
|
examples_endorsement_verify_ek_cert_SOURCES = examples/endorsement/verify_ek_cert.c
|
||||||
|
examples_endorsement_verify_ek_cert_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||||
|
examples_endorsement_verify_ek_cert_DEPENDENCIES = src/libwolftpm.la
|
||||||
endif
|
endif
|
||||||
|
|
||||||
EXTRA_DIST+=examples/endorsement/README.md
|
EXTRA_DIST+=examples/endorsement/README.md
|
||||||
example_endorsementdir = $(exampledir)/endorsement
|
example_endorsementdir = $(exampledir)/endorsement
|
||||||
dist_example_endorsement_DATA = \
|
dist_example_endorsement_DATA = \
|
||||||
examples/endorsement/get_ek_certs.c
|
examples/endorsement/get_ek_certs.c \
|
||||||
|
examples/endorsement/verify_ek_cert.c
|
||||||
|
|
||||||
DISTCLEANFILES+= examples/endorsement/.libs/get_ek_certs
|
DISTCLEANFILES+= \
|
||||||
|
examples/endorsement/.libs/get_ek_certs \
|
||||||
|
examples/endorsement/.libs/verify_ek_cert
|
||||||
|
|
|
||||||
|
|
@ -520,6 +520,48 @@ static const char* trusted_certs[] = {
|
||||||
"uKErQfPEhjYLdzF8/OYW7w==\n"
|
"uKErQfPEhjYLdzF8/OYW7w==\n"
|
||||||
"-----END CERTIFICATE-----\n",
|
"-----END CERTIFICATE-----\n",
|
||||||
|
|
||||||
|
/* Subject: CN=STSAFE TPM RSA Intermediate CA 20
|
||||||
|
* Issuer: CN=STSAFE RSA Root CA 02
|
||||||
|
* RSA 4096-bit, SHA2-384
|
||||||
|
* Validity: Jan 1 00:00:00 2043 GMT */
|
||||||
|
"-----BEGIN CERTIFICATE-----\n"
|
||||||
|
"MIIGbDCCBFSgAwIBAgIEQAAAIDANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQGEwJD\n"
|
||||||
|
"SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR4wHAYDVQQDExVTVFNB\n"
|
||||||
|
"RkUgUlNBIFJvb3QgQ0EgMDIwHhcNMjIwMTIwMDAwMDAwWhcNNDMwMTAxMDAwMDAw\n"
|
||||||
|
"WjBZMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5W\n"
|
||||||
|
"MSowKAYDVQQDEyFTVFNBRkUgVFBNIFJTQSBJbnRlcm1lZGlhdGUgQ0EgMjAwggIi\n"
|
||||||
|
"MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDFXrmhNYt21t/tk6VmnRGT/UZC\n"
|
||||||
|
"/Uj3M2qW42RsKnS6Up5xSMbKQuEGoMe8xA1uSO0cX9yqRMH0XLOsIoWtX7Cw2fSO\n"
|
||||||
|
"UT4FcEGsz1z4DymqlFsko785M+kau1HeIrJSposnwaqS4TiAQK75BNDM1Ttyf9Vp\n"
|
||||||
|
"vJuAVf/CSoc+tXRVx4MEntns7vvHIdZRtMikbwNXPYyu/N/ZbKSAToMtlkBv4r9F\n"
|
||||||
|
"pQoywdbeaTVTJDfkeowvlraKjHQU61oFSv4jA9nOr57ELiO04v/kdhvOTWtUr7/8\n"
|
||||||
|
"wk4kbyTmvDRhyxUKzotbIgr9PyaTY7Sls0NqGiAUR9LZ/WVZrhMNYTw4uy5ZC/BJ\n"
|
||||||
|
"khLbnXMJQlQVDJfXFKS7Ol7of9ncdj3KNndSEljp0f8G5toFapx/pgVLLkhiJrAt\n"
|
||||||
|
"XKZ9yUkYy3YkTXpiBLS07kgkwBG6ePDK8PKXhBUKmd4KVhMwpvV2xsiVSkSUsf54\n"
|
||||||
|
"HlV+/EwuTzx6801prpVgUaBODOvjYkoMp2cQp6vnRObUljKgyAlFIC/MBBDBUzFf\n"
|
||||||
|
"5/vgNsgdCLTRogGhf2yUp4HpwccZDTC8T6Wt1ezdnGhYbEm5+uaSmzBqkISj65Bs\n"
|
||||||
|
"/o7WId9FI3gevgzBuQW9ow7vtpaVdZLQpQW3iJ5G/VSi8ZictQGsXFG4twUlUvYS\n"
|
||||||
|
"oeH0v7JOPie3cZ/U4QIDAQABo4IBRjCCAUIwHQYDVR0OBBYEFI/gePjKiFn+/j96\n"
|
||||||
|
"mDcs/ALGCERJMB8GA1UdIwQYMBaAFHzCjb5uWdhKVANGmxMIANL48G0nMEMGA1Ud\n"
|
||||||
|
"IAEB/wQ5MDcwNQYEVR0gADAtMCsGCCsGAQUFBwIBFh9odHRwOi8vc3ctY2VudGVy\n"
|
||||||
|
"LnN0LmNvbS9TVFNBRkUvMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/\n"
|
||||||
|
"AgEAMFAGCCsGAQUFBwEBBEQwQjBABggrBgEFBQcwAoY0aHR0cDovL3N3LWNlbnRl\n"
|
||||||
|
"ci5zdC5jb20vU1RTQUZFL1NUU0FGRVJzYVJvb3RDQTAyLmNydDBFBgNVHR8EPjA8\n"
|
||||||
|
"MDqgOKA2hjRodHRwOi8vc3ctY2VudGVyLnN0LmNvbS9TVFNBRkUvU1RTQUZFUnNh\n"
|
||||||
|
"Um9vdENBMDIuY3JsMA0GCSqGSIb3DQEBDAUAA4ICAQAdjgY6q/7v+/kedUQfP61Y\n"
|
||||||
|
"W5+Ixl4etRxs2WLDZVyNh7ievMJf4iTvsjKuycYoGkcq5yrX0vp9PjLpd+KEH0e/\n"
|
||||||
|
"T3j5GyQAsow63GzCS+KKTcoVlP6hbBg2A2nx+4WNzWo0xhv90oYfagqJuGivF7Ly\n"
|
||||||
|
"TCk9E91XRXpBQrfNwIdkN3zSdtsjX20RDYx80O+jIDBb4ycWJIQS1g/sbh8rQk5k\n"
|
||||||
|
"xX/2CbmKPKc+y3IdqxOM3FbZ5KkLbgxTo2uJxE2IpUkSh3FXFbnjtbYuCEFcZTNU\n"
|
||||||
|
"acJRKw5HSIwL2YeH6M9ok9bWT3rg7OdHiBAb1aZbxxlKSQ2HtIu4R7Z3Bji1KKVH\n"
|
||||||
|
"pOFMtXREWqcwRNUlNDXdISMl1siScGG8RqChCGyq5YnjyJQ5TVOm5yJk2qZnil5p\n"
|
||||||
|
"p2y/Gu1wxUDlyNtPY2RafHE8jmK7g7CWhJTTaNR4gUnD1icSx/X9gCRON1s9KP5X\n"
|
||||||
|
"1585SsH9gZFdwxpST7iFPt3P1XxPEDZtxafI+1Zb9cEXgWvrHHvM71PAwAfVtEjy\n"
|
||||||
|
"97M7UtBGOiYTO7LQMwMDEJZWftFj37joXuLDv/rxIR+nlCBjZGOsCRmox+N5cxhS\n"
|
||||||
|
"5iEHZK4dhlx/DEJ/vTLCiv8i749LJk+KpJDU3EuW5FOrCn52+Jz1q9FKPFTvUKrq\n"
|
||||||
|
"Oc+M31vSmqTgg6QftWF1iQ==\n"
|
||||||
|
"-----END CERTIFICATE-----\n",
|
||||||
|
|
||||||
/* Subject: CN=STM TPM EK Root CA
|
/* Subject: CN=STM TPM EK Root CA
|
||||||
* Algorithms: RSA 2048-bit, SHA2-256
|
* Algorithms: RSA 2048-bit, SHA2-256
|
||||||
* Validity: Dec 31 23:59:59 2039 GMT */
|
* Validity: Dec 31 23:59:59 2039 GMT */
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,137 @@
|
||||||
|
#ifndef WOLFTPM_TRUSTED_CERTS_DER_H
|
||||||
|
#define WOLFTPM_TRUSTED_CERTS_DER_H
|
||||||
|
|
||||||
|
/* ST33KTPM2X: C=CH, O=STMicroelectronics NV, CN=STSAFE TPM RSA Intermediate CA 20 */
|
||||||
|
/* http://sw-center.st.com/STSAFE/stsafetpmrsaint20.crt */
|
||||||
|
static const uint8_t kSTSAFEIntCa20[] = {
|
||||||
|
0x30, 0x82, 0x06, 0x6C, 0x30, 0x82, 0x04, 0x54, 0xA0, 0x03, 0x02, 0x01, 0x02,
|
||||||
|
0x02, 0x04, 0x40, 0x00, 0x00, 0x20, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
|
||||||
|
0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x4D, 0x31, 0x0B, 0x30,
|
||||||
|
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x31, 0x1E, 0x30,
|
||||||
|
0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x53, 0x54, 0x4D, 0x69, 0x63,
|
||||||
|
0x72, 0x6F, 0x65, 0x6C, 0x65, 0x63, 0x74, 0x72, 0x6F, 0x6E, 0x69, 0x63, 0x73,
|
||||||
|
0x20, 0x4E, 0x56, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
|
||||||
|
0x15, 0x53, 0x54, 0x53, 0x41, 0x46, 0x45, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52,
|
||||||
|
0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41, 0x20, 0x30, 0x32, 0x30, 0x1E, 0x17, 0x0D,
|
||||||
|
0x32, 0x32, 0x30, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
|
||||||
|
0x17, 0x0D, 0x34, 0x33, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
|
||||||
|
0x30, 0x5A, 0x30, 0x59, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
||||||
|
0x13, 0x02, 0x43, 0x48, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A,
|
||||||
|
0x13, 0x15, 0x53, 0x54, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x65, 0x6C, 0x65, 0x63,
|
||||||
|
0x74, 0x72, 0x6F, 0x6E, 0x69, 0x63, 0x73, 0x20, 0x4E, 0x56, 0x31, 0x2A, 0x30,
|
||||||
|
0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x53, 0x54, 0x53, 0x41, 0x46,
|
||||||
|
0x45, 0x20, 0x54, 0x50, 0x4D, 0x20, 0x52, 0x53, 0x41, 0x20, 0x49, 0x6E, 0x74,
|
||||||
|
0x65, 0x72, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20,
|
||||||
|
0x32, 0x30, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
|
||||||
|
0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00,
|
||||||
|
0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xC5, 0x5E, 0xB9, 0xA1,
|
||||||
|
0x35, 0x8B, 0x76, 0xD6, 0xDF, 0xED, 0x93, 0xA5, 0x66, 0x9D, 0x11, 0x93, 0xFD,
|
||||||
|
0x46, 0x42, 0xFD, 0x48, 0xF7, 0x33, 0x6A, 0x96, 0xE3, 0x64, 0x6C, 0x2A, 0x74,
|
||||||
|
0xBA, 0x52, 0x9E, 0x71, 0x48, 0xC6, 0xCA, 0x42, 0xE1, 0x06, 0xA0, 0xC7, 0xBC,
|
||||||
|
0xC4, 0x0D, 0x6E, 0x48, 0xED, 0x1C, 0x5F, 0xDC, 0xAA, 0x44, 0xC1, 0xF4, 0x5C,
|
||||||
|
0xB3, 0xAC, 0x22, 0x85, 0xAD, 0x5F, 0xB0, 0xB0, 0xD9, 0xF4, 0x8E, 0x51, 0x3E,
|
||||||
|
0x05, 0x70, 0x41, 0xAC, 0xCF, 0x5C, 0xF8, 0x0F, 0x29, 0xAA, 0x94, 0x5B, 0x24,
|
||||||
|
0xA3, 0xBF, 0x39, 0x33, 0xE9, 0x1A, 0xBB, 0x51, 0xDE, 0x22, 0xB2, 0x52, 0xA6,
|
||||||
|
0x8B, 0x27, 0xC1, 0xAA, 0x92, 0xE1, 0x38, 0x80, 0x40, 0xAE, 0xF9, 0x04, 0xD0,
|
||||||
|
0xCC, 0xD5, 0x3B, 0x72, 0x7F, 0xD5, 0x69, 0xBC, 0x9B, 0x80, 0x55, 0xFF, 0xC2,
|
||||||
|
0x4A, 0x87, 0x3E, 0xB5, 0x74, 0x55, 0xC7, 0x83, 0x04, 0x9E, 0xD9, 0xEC, 0xEE,
|
||||||
|
0xFB, 0xC7, 0x21, 0xD6, 0x51, 0xB4, 0xC8, 0xA4, 0x6F, 0x03, 0x57, 0x3D, 0x8C,
|
||||||
|
0xAE, 0xFC, 0xDF, 0xD9, 0x6C, 0xA4, 0x80, 0x4E, 0x83, 0x2D, 0x96, 0x40, 0x6F,
|
||||||
|
0xE2, 0xBF, 0x45, 0xA5, 0x0A, 0x32, 0xC1, 0xD6, 0xDE, 0x69, 0x35, 0x53, 0x24,
|
||||||
|
0x37, 0xE4, 0x7A, 0x8C, 0x2F, 0x96, 0xB6, 0x8A, 0x8C, 0x74, 0x14, 0xEB, 0x5A,
|
||||||
|
0x05, 0x4A, 0xFE, 0x23, 0x03, 0xD9, 0xCE, 0xAF, 0x9E, 0xC4, 0x2E, 0x23, 0xB4,
|
||||||
|
0xE2, 0xFF, 0xE4, 0x76, 0x1B, 0xCE, 0x4D, 0x6B, 0x54, 0xAF, 0xBF, 0xFC, 0xC2,
|
||||||
|
0x4E, 0x24, 0x6F, 0x24, 0xE6, 0xBC, 0x34, 0x61, 0xCB, 0x15, 0x0A, 0xCE, 0x8B,
|
||||||
|
0x5B, 0x22, 0x0A, 0xFD, 0x3F, 0x26, 0x93, 0x63, 0xB4, 0xA5, 0xB3, 0x43, 0x6A,
|
||||||
|
0x1A, 0x20, 0x14, 0x47, 0xD2, 0xD9, 0xFD, 0x65, 0x59, 0xAE, 0x13, 0x0D, 0x61,
|
||||||
|
0x3C, 0x38, 0xBB, 0x2E, 0x59, 0x0B, 0xF0, 0x49, 0x92, 0x12, 0xDB, 0x9D, 0x73,
|
||||||
|
0x09, 0x42, 0x54, 0x15, 0x0C, 0x97, 0xD7, 0x14, 0xA4, 0xBB, 0x3A, 0x5E, 0xE8,
|
||||||
|
0x7F, 0xD9, 0xDC, 0x76, 0x3D, 0xCA, 0x36, 0x77, 0x52, 0x12, 0x58, 0xE9, 0xD1,
|
||||||
|
0xFF, 0x06, 0xE6, 0xDA, 0x05, 0x6A, 0x9C, 0x7F, 0xA6, 0x05, 0x4B, 0x2E, 0x48,
|
||||||
|
0x62, 0x26, 0xB0, 0x2D, 0x5C, 0xA6, 0x7D, 0xC9, 0x49, 0x18, 0xCB, 0x76, 0x24,
|
||||||
|
0x4D, 0x7A, 0x62, 0x04, 0xB4, 0xB4, 0xEE, 0x48, 0x24, 0xC0, 0x11, 0xBA, 0x78,
|
||||||
|
0xF0, 0xCA, 0xF0, 0xF2, 0x97, 0x84, 0x15, 0x0A, 0x99, 0xDE, 0x0A, 0x56, 0x13,
|
||||||
|
0x30, 0xA6, 0xF5, 0x76, 0xC6, 0xC8, 0x95, 0x4A, 0x44, 0x94, 0xB1, 0xFE, 0x78,
|
||||||
|
0x1E, 0x55, 0x7E, 0xFC, 0x4C, 0x2E, 0x4F, 0x3C, 0x7A, 0xF3, 0x4D, 0x69, 0xAE,
|
||||||
|
0x95, 0x60, 0x51, 0xA0, 0x4E, 0x0C, 0xEB, 0xE3, 0x62, 0x4A, 0x0C, 0xA7, 0x67,
|
||||||
|
0x10, 0xA7, 0xAB, 0xE7, 0x44, 0xE6, 0xD4, 0x96, 0x32, 0xA0, 0xC8, 0x09, 0x45,
|
||||||
|
0x20, 0x2F, 0xCC, 0x04, 0x10, 0xC1, 0x53, 0x31, 0x5F, 0xE7, 0xFB, 0xE0, 0x36,
|
||||||
|
0xC8, 0x1D, 0x08, 0xB4, 0xD1, 0xA2, 0x01, 0xA1, 0x7F, 0x6C, 0x94, 0xA7, 0x81,
|
||||||
|
0xE9, 0xC1, 0xC7, 0x19, 0x0D, 0x30, 0xBC, 0x4F, 0xA5, 0xAD, 0xD5, 0xEC, 0xDD,
|
||||||
|
0x9C, 0x68, 0x58, 0x6C, 0x49, 0xB9, 0xFA, 0xE6, 0x92, 0x9B, 0x30, 0x6A, 0x90,
|
||||||
|
0x84, 0xA3, 0xEB, 0x90, 0x6C, 0xFE, 0x8E, 0xD6, 0x21, 0xDF, 0x45, 0x23, 0x78,
|
||||||
|
0x1E, 0xBE, 0x0C, 0xC1, 0xB9, 0x05, 0xBD, 0xA3, 0x0E, 0xEF, 0xB6, 0x96, 0x95,
|
||||||
|
0x75, 0x92, 0xD0, 0xA5, 0x05, 0xB7, 0x88, 0x9E, 0x46, 0xFD, 0x54, 0xA2, 0xF1,
|
||||||
|
0x98, 0x9C, 0xB5, 0x01, 0xAC, 0x5C, 0x51, 0xB8, 0xB7, 0x05, 0x25, 0x52, 0xF6,
|
||||||
|
0x12, 0xA1, 0xE1, 0xF4, 0xBF, 0xB2, 0x4E, 0x3E, 0x27, 0xB7, 0x71, 0x9F, 0xD4,
|
||||||
|
0xE1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x46, 0x30, 0x82, 0x01,
|
||||||
|
0x42, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x8F,
|
||||||
|
0xE0, 0x78, 0xF8, 0xCA, 0x88, 0x59, 0xFE, 0xFE, 0x3F, 0x7A, 0x98, 0x37, 0x2C,
|
||||||
|
0xFC, 0x02, 0xC6, 0x08, 0x44, 0x49, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23,
|
||||||
|
0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7C, 0xC2, 0x8D, 0xBE, 0x6E, 0x59, 0xD8,
|
||||||
|
0x4A, 0x54, 0x03, 0x46, 0x9B, 0x13, 0x08, 0x00, 0xD2, 0xF8, 0xF0, 0x6D, 0x27,
|
||||||
|
0x30, 0x43, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x01, 0x01, 0xFF, 0x04, 0x39, 0x30,
|
||||||
|
0x37, 0x30, 0x35, 0x06, 0x04, 0x55, 0x1D, 0x20, 0x00, 0x30, 0x2D, 0x30, 0x2B,
|
||||||
|
0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1F, 0x68,
|
||||||
|
0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x73, 0x77, 0x2D, 0x63, 0x65, 0x6E, 0x74,
|
||||||
|
0x65, 0x72, 0x2E, 0x73, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x53, 0x54, 0x53,
|
||||||
|
0x41, 0x46, 0x45, 0x2F, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
|
||||||
|
0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D,
|
||||||
|
0x13, 0x01, 0x01, 0xFF, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01,
|
||||||
|
0x00, 0x30, 0x50, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
|
||||||
|
0x04, 0x44, 0x30, 0x42, 0x30, 0x40, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
|
||||||
|
0x07, 0x30, 0x02, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x73,
|
||||||
|
0x77, 0x2D, 0x63, 0x65, 0x6E, 0x74, 0x65, 0x72, 0x2E, 0x73, 0x74, 0x2E, 0x63,
|
||||||
|
0x6F, 0x6D, 0x2F, 0x53, 0x54, 0x53, 0x41, 0x46, 0x45, 0x2F, 0x53, 0x54, 0x53,
|
||||||
|
0x41, 0x46, 0x45, 0x52, 0x73, 0x61, 0x52, 0x6F, 0x6F, 0x74, 0x43, 0x41, 0x30,
|
||||||
|
0x32, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x45, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04,
|
||||||
|
0x3E, 0x30, 0x3C, 0x30, 0x3A, 0xA0, 0x38, 0xA0, 0x36, 0x86, 0x34, 0x68, 0x74,
|
||||||
|
0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x73, 0x77, 0x2D, 0x63, 0x65, 0x6E, 0x74, 0x65,
|
||||||
|
0x72, 0x2E, 0x73, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x53, 0x54, 0x53, 0x41,
|
||||||
|
0x46, 0x45, 0x2F, 0x53, 0x54, 0x53, 0x41, 0x46, 0x45, 0x52, 0x73, 0x61, 0x52,
|
||||||
|
0x6F, 0x6F, 0x74, 0x43, 0x41, 0x30, 0x32, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x0D,
|
||||||
|
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00,
|
||||||
|
0x03, 0x82, 0x02, 0x01, 0x00, 0x1D, 0x8E, 0x06, 0x3A, 0xAB, 0xFE, 0xEF, 0xFB,
|
||||||
|
0xF9, 0x1E, 0x75, 0x44, 0x1F, 0x3F, 0xAD, 0x58, 0x5B, 0x9F, 0x88, 0xC6, 0x5E,
|
||||||
|
0x1E, 0xB5, 0x1C, 0x6C, 0xD9, 0x62, 0xC3, 0x65, 0x5C, 0x8D, 0x87, 0xB8, 0x9E,
|
||||||
|
0xBC, 0xC2, 0x5F, 0xE2, 0x24, 0xEF, 0xB2, 0x32, 0xAE, 0xC9, 0xC6, 0x28, 0x1A,
|
||||||
|
0x47, 0x2A, 0xE7, 0x2A, 0xD7, 0xD2, 0xFA, 0x7D, 0x3E, 0x32, 0xE9, 0x77, 0xE2,
|
||||||
|
0x84, 0x1F, 0x47, 0xBF, 0x4F, 0x78, 0xF9, 0x1B, 0x24, 0x00, 0xB2, 0x8C, 0x3A,
|
||||||
|
0xDC, 0x6C, 0xC2, 0x4B, 0xE2, 0x8A, 0x4D, 0xCA, 0x15, 0x94, 0xFE, 0xA1, 0x6C,
|
||||||
|
0x18, 0x36, 0x03, 0x69, 0xF1, 0xFB, 0x85, 0x8D, 0xCD, 0x6A, 0x34, 0xC6, 0x1B,
|
||||||
|
0xFD, 0xD2, 0x86, 0x1F, 0x6A, 0x0A, 0x89, 0xB8, 0x68, 0xAF, 0x17, 0xB2, 0xF2,
|
||||||
|
0x4C, 0x29, 0x3D, 0x13, 0xDD, 0x57, 0x45, 0x7A, 0x41, 0x42, 0xB7, 0xCD, 0xC0,
|
||||||
|
0x87, 0x64, 0x37, 0x7C, 0xD2, 0x76, 0xDB, 0x23, 0x5F, 0x6D, 0x11, 0x0D, 0x8C,
|
||||||
|
0x7C, 0xD0, 0xEF, 0xA3, 0x20, 0x30, 0x5B, 0xE3, 0x27, 0x16, 0x24, 0x84, 0x12,
|
||||||
|
0xD6, 0x0F, 0xEC, 0x6E, 0x1F, 0x2B, 0x42, 0x4E, 0x64, 0xC5, 0x7F, 0xF6, 0x09,
|
||||||
|
0xB9, 0x8A, 0x3C, 0xA7, 0x3E, 0xCB, 0x72, 0x1D, 0xAB, 0x13, 0x8C, 0xDC, 0x56,
|
||||||
|
0xD9, 0xE4, 0xA9, 0x0B, 0x6E, 0x0C, 0x53, 0xA3, 0x6B, 0x89, 0xC4, 0x4D, 0x88,
|
||||||
|
0xA5, 0x49, 0x12, 0x87, 0x71, 0x57, 0x15, 0xB9, 0xE3, 0xB5, 0xB6, 0x2E, 0x08,
|
||||||
|
0x41, 0x5C, 0x65, 0x33, 0x54, 0x69, 0xC2, 0x51, 0x2B, 0x0E, 0x47, 0x48, 0x8C,
|
||||||
|
0x0B, 0xD9, 0x87, 0x87, 0xE8, 0xCF, 0x68, 0x93, 0xD6, 0xD6, 0x4F, 0x7A, 0xE0,
|
||||||
|
0xEC, 0xE7, 0x47, 0x88, 0x10, 0x1B, 0xD5, 0xA6, 0x5B, 0xC7, 0x19, 0x4A, 0x49,
|
||||||
|
0x0D, 0x87, 0xB4, 0x8B, 0xB8, 0x47, 0xB6, 0x77, 0x06, 0x38, 0xB5, 0x28, 0xA5,
|
||||||
|
0x47, 0xA4, 0xE1, 0x4C, 0xB5, 0x74, 0x44, 0x5A, 0xA7, 0x30, 0x44, 0xD5, 0x25,
|
||||||
|
0x34, 0x35, 0xDD, 0x21, 0x23, 0x25, 0xD6, 0xC8, 0x92, 0x70, 0x61, 0xBC, 0x46,
|
||||||
|
0xA0, 0xA1, 0x08, 0x6C, 0xAA, 0xE5, 0x89, 0xE3, 0xC8, 0x94, 0x39, 0x4D, 0x53,
|
||||||
|
0xA6, 0xE7, 0x22, 0x64, 0xDA, 0xA6, 0x67, 0x8A, 0x5E, 0x69, 0xA7, 0x6C, 0xBF,
|
||||||
|
0x1A, 0xED, 0x70, 0xC5, 0x40, 0xE5, 0xC8, 0xDB, 0x4F, 0x63, 0x64, 0x5A, 0x7C,
|
||||||
|
0x71, 0x3C, 0x8E, 0x62, 0xBB, 0x83, 0xB0, 0x96, 0x84, 0x94, 0xD3, 0x68, 0xD4,
|
||||||
|
0x78, 0x81, 0x49, 0xC3, 0xD6, 0x27, 0x12, 0xC7, 0xF5, 0xFD, 0x80, 0x24, 0x4E,
|
||||||
|
0x37, 0x5B, 0x3D, 0x28, 0xFE, 0x57, 0xD7, 0x9F, 0x39, 0x4A, 0xC1, 0xFD, 0x81,
|
||||||
|
0x91, 0x5D, 0xC3, 0x1A, 0x52, 0x4F, 0xB8, 0x85, 0x3E, 0xDD, 0xCF, 0xD5, 0x7C,
|
||||||
|
0x4F, 0x10, 0x36, 0x6D, 0xC5, 0xA7, 0xC8, 0xFB, 0x56, 0x5B, 0xF5, 0xC1, 0x17,
|
||||||
|
0x81, 0x6B, 0xEB, 0x1C, 0x7B, 0xCC, 0xEF, 0x53, 0xC0, 0xC0, 0x07, 0xD5, 0xB4,
|
||||||
|
0x48, 0xF2, 0xF7, 0xB3, 0x3B, 0x52, 0xD0, 0x46, 0x3A, 0x26, 0x13, 0x3B, 0xB2,
|
||||||
|
0xD0, 0x33, 0x03, 0x03, 0x10, 0x96, 0x56, 0x7E, 0xD1, 0x63, 0xDF, 0xB8, 0xE8,
|
||||||
|
0x5E, 0xE2, 0xC3, 0xBF, 0xFA, 0xF1, 0x21, 0x1F, 0xA7, 0x94, 0x20, 0x63, 0x64,
|
||||||
|
0x63, 0xAC, 0x09, 0x19, 0xA8, 0xC7, 0xE3, 0x79, 0x73, 0x18, 0x52, 0xE6, 0x21,
|
||||||
|
0x07, 0x64, 0xAE, 0x1D, 0x86, 0x5C, 0x7F, 0x0C, 0x42, 0x7F, 0xBD, 0x32, 0xC2,
|
||||||
|
0x8A, 0xFF, 0x22, 0xEF, 0x8F, 0x4B, 0x26, 0x4F, 0x8A, 0xA4, 0x90, 0xD4, 0xDC,
|
||||||
|
0x4B, 0x96, 0xE4, 0x53, 0xAB, 0x0A, 0x7E, 0x76, 0xF8, 0x9C, 0xF5, 0xAB, 0xD1,
|
||||||
|
0x4A, 0x3C, 0x54, 0xEF, 0x50, 0xAA, 0xEA, 0x39, 0xCF, 0x8C, 0xDF, 0x5B, 0xD2,
|
||||||
|
0x9A, 0xA4, 0xE0, 0x83, 0xA4, 0x1F, 0xB5, 0x61, 0x75, 0x89
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* WOLFTPM_TRUSTED_CERTS_DER_H */
|
||||||
|
|
@ -0,0 +1,646 @@
|
||||||
|
/* verify_ek_cert.c
|
||||||
|
*
|
||||||
|
* Copyright (C) 2006-2025 wolfSSL Inc.
|
||||||
|
*
|
||||||
|
* This file is part of wolfTPM.
|
||||||
|
*
|
||||||
|
* wolfTPM is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* wolfTPM is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* This example shows how to generate and validate an EK based on a
|
||||||
|
* trusted public key. This example is supported in stand-alone (no wolfCrypt)
|
||||||
|
* This example assumes ST33KTPM2X with signer
|
||||||
|
* "STSAFE TPM RSA Intermediate CA 20" : RSA 4096-bit key with SHA2-384
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
#include <config.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <wolftpm/tpm2_wrap.h>
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
#ifndef WOLFTPM2_NO_WRAPPER
|
||||||
|
|
||||||
|
#include <examples/endorsement/endorsement.h>
|
||||||
|
#include <hal/tpm_io.h>
|
||||||
|
|
||||||
|
#include "trusted_certs_der.h"
|
||||||
|
|
||||||
|
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||||
|
#include <wolfssl/wolfcrypt/asn.h>
|
||||||
|
#include <wolfssl/wolfcrypt/rsa.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef MAX_CERT_SZ
|
||||||
|
#define MAX_CERT_SZ 2048
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef WOLFTPM2_NO_WOLFCRYPT
|
||||||
|
#define ASN_SEQUENCE 0x10
|
||||||
|
#define ASN_CONSTRUCTED 0x20
|
||||||
|
#define ASN_CONTEXT_SPECIFIC 0x80
|
||||||
|
|
||||||
|
#define ASN_LONG_LENGTH 0x80 /* indicates additional length fields */
|
||||||
|
|
||||||
|
#define ASN_INTEGER 0x02
|
||||||
|
#define ASN_BIT_STRING 0x03
|
||||||
|
#define ASN_OCTET_STRING 0x04
|
||||||
|
#define ASN_TAG_NULL 0x05
|
||||||
|
#define ASN_OBJECT_ID 0x06
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(NO_RSA)
|
||||||
|
#define RSA_BLOCK_TYPE_1 1
|
||||||
|
#define RSA_BLOCK_TYPE_2 2
|
||||||
|
#endif
|
||||||
|
|
||||||
|
typedef struct DecodedX509 {
|
||||||
|
word32 certBegin;
|
||||||
|
byte* cert; /* pointer to start of cert */
|
||||||
|
word32 certSz;
|
||||||
|
byte* publicKey; /* pointer to public key */
|
||||||
|
word32 pubKeySz;
|
||||||
|
byte* signature; /* pointer to signature */
|
||||||
|
word32 sigSz; /* length of signature */
|
||||||
|
} DecodedX509;
|
||||||
|
|
||||||
|
|
||||||
|
static void usage(void)
|
||||||
|
{
|
||||||
|
printf("Expected usage:\n");
|
||||||
|
printf("./examples/endorsement/verify_ek_cert\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
static void dump_hex_bytes(const byte* buf, word32 sz)
|
||||||
|
{
|
||||||
|
word32 i;
|
||||||
|
/* Print as : separated hex bytes - max 15 bytes per line */
|
||||||
|
printf("\t");
|
||||||
|
for (i=0; i<sz; i++) {
|
||||||
|
printf("%02x", buf[i]);
|
||||||
|
if (i+1 < sz) {
|
||||||
|
printf(":");
|
||||||
|
if (i>0 && ((i+1)%16)==0) printf("\n\t");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Display EK public information */
|
||||||
|
static void show_tpm_public(const char* desc, const TPM2B_PUBLIC* pub)
|
||||||
|
{
|
||||||
|
printf("%s %s, Hash: %s, objAttr: 0x%X\n",
|
||||||
|
desc,
|
||||||
|
TPM2_GetAlgName(pub->publicArea.type),
|
||||||
|
TPM2_GetAlgName(pub->publicArea.nameAlg),
|
||||||
|
(unsigned int)pub->publicArea.objectAttributes);
|
||||||
|
|
||||||
|
/* parameters and unique field depend on algType */
|
||||||
|
if (pub->publicArea.type == TPM_ALG_RSA) {
|
||||||
|
printf("\tKeyBits: %d, exponent: 0x%X, unique size %d\n",
|
||||||
|
pub->publicArea.parameters.rsaDetail.keyBits,
|
||||||
|
(unsigned int)pub->publicArea.parameters.rsaDetail.exponent,
|
||||||
|
pub->publicArea.unique.rsa.size);
|
||||||
|
dump_hex_bytes(pub->publicArea.unique.rsa.buffer,
|
||||||
|
pub->publicArea.unique.rsa.size);
|
||||||
|
}
|
||||||
|
else if (pub->publicArea.type == TPM_ALG_ECC) {
|
||||||
|
const char* curveName = "NULL";
|
||||||
|
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
|
||||||
|
curveName = wc_ecc_get_name(
|
||||||
|
TPM2_GetWolfCurve(pub->publicArea.parameters.eccDetail.curveID));
|
||||||
|
#endif
|
||||||
|
printf("\tCurveID %s (0x%x), size %d, unique X/Y size %d/%d\n",
|
||||||
|
curveName, pub->publicArea.parameters.eccDetail.curveID,
|
||||||
|
TPM2_GetCurveSize(pub->publicArea.parameters.eccDetail.curveID),
|
||||||
|
pub->publicArea.unique.ecc.x.size,
|
||||||
|
pub->publicArea.unique.ecc.y.size);
|
||||||
|
dump_hex_bytes(pub->publicArea.unique.ecc.x.buffer,
|
||||||
|
pub->publicArea.unique.ecc.x.size);
|
||||||
|
dump_hex_bytes(pub->publicArea.unique.ecc.y.buffer,
|
||||||
|
pub->publicArea.unique.ecc.y.size);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static int DecodeAsn1Tag(const uint8_t* input, int inputSz, int* inOutIdx,
|
||||||
|
int* tag_len, uint8_t tag)
|
||||||
|
{
|
||||||
|
int rc = -1; /* default to fail case */
|
||||||
|
int tag_len_bytes = 1;
|
||||||
|
|
||||||
|
*tag_len = 0; /* reset tag length */
|
||||||
|
if (input[*inOutIdx] == tag) { /* check tag is expected */
|
||||||
|
(*inOutIdx)++; /* skip asn.1 tag */
|
||||||
|
if (input[*inOutIdx] & ASN_LONG_LENGTH) {
|
||||||
|
tag_len_bytes = (int)(input[*inOutIdx] & 0x7F);
|
||||||
|
if (tag_len_bytes > 4) {
|
||||||
|
return -1; /* too long */
|
||||||
|
}
|
||||||
|
(*inOutIdx)++; /* skip long length field */
|
||||||
|
}
|
||||||
|
while (tag_len_bytes--) {
|
||||||
|
*tag_len = (*tag_len << 8) | input[*inOutIdx];
|
||||||
|
(*inOutIdx)++; /* skip length */
|
||||||
|
}
|
||||||
|
if (*tag_len + *inOutIdx <= inputSz) { /* check length */
|
||||||
|
rc = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int RsaDecodeSignature(uint8_t** pInput, int inputSz)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
uint8_t* input = *pInput;
|
||||||
|
int idx = 0;
|
||||||
|
int tot_len, algo_len, digest_len = 0;
|
||||||
|
|
||||||
|
/* sequence - total size */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &tot_len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
if (rc == 0) {
|
||||||
|
/* sequence - algoid */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &algo_len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += algo_len; /* skip algoid */
|
||||||
|
|
||||||
|
/* digest */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &digest_len, ASN_OCTET_STRING);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* return digest buffer pointer */
|
||||||
|
*pInput = &input[idx];
|
||||||
|
|
||||||
|
rc = digest_len;
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int DecodeX509Cert(uint8_t* input, int inputSz, DecodedX509* x509)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
int idx = 0;
|
||||||
|
int tot_len, cert_len = 0, len, pubkey_len = 0, sig_len = 0;
|
||||||
|
|
||||||
|
/* sequence - total size */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &tot_len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
if (rc == 0) {
|
||||||
|
x509->certBegin = idx;
|
||||||
|
x509->cert = &input[idx];
|
||||||
|
|
||||||
|
/* sequence - cert */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &cert_len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
x509->certSz = cert_len + (idx - x509->certBegin);
|
||||||
|
/* cert - version */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* check version == 1 */
|
||||||
|
if (input[idx] != ASN_INTEGER && input[idx] != 1) {
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip version */
|
||||||
|
|
||||||
|
/* cert - serial */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len, ASN_INTEGER);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip serial */
|
||||||
|
|
||||||
|
/* cert - signature oid */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip signature oid */
|
||||||
|
|
||||||
|
/* cert - issuer */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip issuer */
|
||||||
|
|
||||||
|
/* cert - validity */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip validity */
|
||||||
|
|
||||||
|
/* cert - subject */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip subject */
|
||||||
|
|
||||||
|
/* cert - subject public key info */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* cert - subject public key alg oid */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip alg oid */
|
||||||
|
|
||||||
|
/* cert - subject public key alg params */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &pubkey_len,
|
||||||
|
ASN_BIT_STRING);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* skip leading zero for bit string */
|
||||||
|
if (input[idx] == 0x00) {
|
||||||
|
idx++;
|
||||||
|
pubkey_len--;
|
||||||
|
}
|
||||||
|
/* return pointer to public key */
|
||||||
|
x509->publicKey = &input[idx];
|
||||||
|
x509->pubKeySz = pubkey_len;
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* skip to start of signature */
|
||||||
|
idx = x509->certBegin + x509->certSz;
|
||||||
|
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* signature oid */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len, ASN_OBJECT_ID);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip oid */
|
||||||
|
/* sig algo params */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &len, ASN_TAG_NULL);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += len; /* skip tag */
|
||||||
|
|
||||||
|
/* signature bit string */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &sig_len,
|
||||||
|
ASN_BIT_STRING);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* skip leading zero for bit string */
|
||||||
|
if (input[idx] == 0x00) {
|
||||||
|
idx++;
|
||||||
|
sig_len--;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* signature */
|
||||||
|
x509->sigSz = sig_len;
|
||||||
|
x509->signature = &input[idx];
|
||||||
|
}
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int DecodeRsaPubKey(uint8_t* input, int inputSz, TPM2B_PUBLIC* pub)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
int idx = 0;
|
||||||
|
int tot_len, mod_len = 0, exp_len = 0;
|
||||||
|
|
||||||
|
/* sequence - total size */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &tot_len,
|
||||||
|
(ASN_SEQUENCE | ASN_CONSTRUCTED));
|
||||||
|
if (rc == 0) {
|
||||||
|
/* modulus */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &mod_len, ASN_INTEGER);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* skip leading zero if exists */
|
||||||
|
if (input[idx] == 0x00) {
|
||||||
|
idx++;
|
||||||
|
mod_len--;
|
||||||
|
}
|
||||||
|
if (mod_len > (int)sizeof(pub->publicArea.unique.rsa.buffer)) {
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Populate Modulus */
|
||||||
|
pub->publicArea.parameters.rsaDetail.keyBits = mod_len * 8;
|
||||||
|
pub->publicArea.unique.rsa.size = mod_len;
|
||||||
|
XMEMCPY(pub->publicArea.unique.rsa.buffer, &input[idx], mod_len);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
idx += mod_len; /* skip modulus */
|
||||||
|
|
||||||
|
/* exponent */
|
||||||
|
rc = DecodeAsn1Tag(input, inputSz, &idx, &exp_len, ASN_INTEGER);
|
||||||
|
/* skip leading zero if exists */
|
||||||
|
if (input[idx] == 0x00) {
|
||||||
|
idx++;
|
||||||
|
exp_len--;
|
||||||
|
}
|
||||||
|
if (exp_len >
|
||||||
|
(int)sizeof(pub->publicArea.parameters.rsaDetail.exponent)) {
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
XMEMCPY(&pub->publicArea.parameters.rsaDetail.exponent, &input[idx],
|
||||||
|
exp_len);
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz)
|
||||||
|
{
|
||||||
|
int rc = -1; /* default to error */
|
||||||
|
uint8_t* sig = *pSig;
|
||||||
|
int idx = 0;
|
||||||
|
|
||||||
|
/* RSA PKCSv1.5 unpad */
|
||||||
|
if (sig[idx++] == 0x00 && sig[idx++] == RSA_BLOCK_TYPE_1) {
|
||||||
|
|
||||||
|
/* skip padding 0xFF's */
|
||||||
|
while (idx < *sigSz) {
|
||||||
|
if (sig[idx] != 0xFF)
|
||||||
|
break;
|
||||||
|
idx++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* verify 0x00 after pad */
|
||||||
|
if (sig[idx++] == 0x00) {
|
||||||
|
/* success unpadding */
|
||||||
|
rc = 0;
|
||||||
|
*pSig = &sig[idx];
|
||||||
|
*sigSz -= idx;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
int TPM2_EndorsementCertVerify_Example(void* userCtx, int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int rc = -1;
|
||||||
|
WOLFTPM2_DEV dev;
|
||||||
|
WOLFTPM2_KEY endorse;
|
||||||
|
TPMS_NV_PUBLIC nvPublic;
|
||||||
|
WOLFTPM2_KEY issuer;
|
||||||
|
WOLFTPM2_NV nv;
|
||||||
|
WOLFTPM2_HASH hash;
|
||||||
|
TPMT_PUBLIC publicTemplate;
|
||||||
|
TPM2B_PUBLIC ekPub;
|
||||||
|
DecodedX509 issuerX509, ekX509;
|
||||||
|
|
||||||
|
uint32_t nvIndex = TPM2_NV_RSA_EK_CERT; /* RSA 2048-bit EK Cert Index */
|
||||||
|
uint8_t cert[MAX_CERT_SZ]; /* buffer to hold device cert from NV */
|
||||||
|
uint32_t certSz;
|
||||||
|
TPM_ALG_ID hashAlg = TPM_ALG_SHA384; /* Signer uses SHA2-384 */
|
||||||
|
uint8_t hashBuf[TPM_MAX_DIGEST_SIZE]; /* hash of device cert, for verify */
|
||||||
|
uint32_t hashSz = 0;
|
||||||
|
uint8_t sig[512]; /* 4096-bit max, hold decrypted signature */
|
||||||
|
int sigSz = (int)sizeof(sig);
|
||||||
|
uint8_t* sigDigest; /* offset to digest in signature */
|
||||||
|
int sigDigestSz = 0;
|
||||||
|
|
||||||
|
XMEMSET(&endorse, 0, sizeof(endorse));
|
||||||
|
XMEMSET(&nvPublic, 0, sizeof(nvPublic));
|
||||||
|
XMEMSET(&issuer, 0, sizeof(issuer));
|
||||||
|
XMEMSET(&nv, 0, sizeof(nv));
|
||||||
|
XMEMSET(&hash, 0, sizeof(hash));
|
||||||
|
XMEMSET(&issuerX509, 0, sizeof(issuerX509));
|
||||||
|
XMEMSET(&ekX509, 0, sizeof(ekX509));
|
||||||
|
XMEMSET(&ekPub, 0, sizeof(ekPub));
|
||||||
|
|
||||||
|
if (argc >= 2) {
|
||||||
|
if (XSTRCMP(argv[1], "-?") == 0 ||
|
||||||
|
XSTRCMP(argv[1], "-h") == 0 ||
|
||||||
|
XSTRCMP(argv[1], "--help") == 0) {
|
||||||
|
usage();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("Endorsement Certificate Verify\n");
|
||||||
|
|
||||||
|
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||||
|
if (rc != TPM_RC_SUCCESS) {
|
||||||
|
printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get Endorsement Public Key template using NV index */
|
||||||
|
rc = wolfTPM2_GetKeyTemplate_EKIndex(nvIndex, &publicTemplate);
|
||||||
|
if (rc != 0) {
|
||||||
|
printf("EK Index 0x%08x not valid\n", nvIndex);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Read Public portion of NV to get actual size */
|
||||||
|
if (rc == 0)
|
||||||
|
rc = wolfTPM2_NVReadPublic(&dev, nvIndex, &nvPublic);
|
||||||
|
if (rc != 0) {
|
||||||
|
printf("Failed to read public for NV Index 0x%08x\n", nvIndex);
|
||||||
|
}
|
||||||
|
if (rc == 0) { /* Read data */
|
||||||
|
certSz = (uint32_t)sizeof(cert);
|
||||||
|
if (certSz > nvPublic.dataSize) {
|
||||||
|
certSz = nvPublic.dataSize;
|
||||||
|
}
|
||||||
|
rc = wolfTPM2_NVReadAuth(&dev, &nv, nvIndex, cert, &certSz, 0);
|
||||||
|
if (rc == 0) {
|
||||||
|
#ifdef DEBUG_WOLFTPM
|
||||||
|
printf("EK Data: %d\n", certSz);
|
||||||
|
TPM2_PrintBin(cert, certSz);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Create Endorsement Key */
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Create Endorsement Key using EK auth policy */
|
||||||
|
printf("Creating Endorsement Key\n");
|
||||||
|
rc = wolfTPM2_CreatePrimaryKey(&dev, &endorse, TPM_RH_ENDORSEMENT,
|
||||||
|
&publicTemplate, NULL, 0);
|
||||||
|
if (rc != 0) goto exit;
|
||||||
|
printf("Endorsement key loaded at handle 0x%08x\n",
|
||||||
|
endorse.handle.hndl);
|
||||||
|
|
||||||
|
/* Display EK public information */
|
||||||
|
show_tpm_public("EK", &endorse.pub);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Parse device certificate and extract public key */
|
||||||
|
rc = DecodeX509Cert(cert, certSz, &ekX509);
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Parse RSA Public Key Raw Modulus */
|
||||||
|
rc = DecodeRsaPubKey((uint8_t*)ekX509.publicKey, ekX509.pubKeySz,
|
||||||
|
&ekPub);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Compare certificate public key with generated EK public key */
|
||||||
|
if (ekPub.publicArea.unique.rsa.size !=
|
||||||
|
endorse.pub.publicArea.unique.rsa.size ||
|
||||||
|
XMEMCMP(ekPub.publicArea.unique.rsa.buffer,
|
||||||
|
endorse.pub.publicArea.unique.rsa.buffer,
|
||||||
|
endorse.pub.publicArea.unique.rsa.size) != 0)
|
||||||
|
{
|
||||||
|
printf("Error: Generated EK public key does not match NV cert "
|
||||||
|
"public key!\n");
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Hash certificate (excluding signature) */
|
||||||
|
rc = wolfTPM2_HashStart(&dev, &hash, hashAlg, NULL, 0);
|
||||||
|
if (rc == 0) {
|
||||||
|
rc = wolfTPM2_HashUpdate(&dev, &hash, ekX509.cert, ekX509.certSz);
|
||||||
|
if (rc == 0) {
|
||||||
|
hashSz = sizeof(hashBuf);
|
||||||
|
rc = wolfTPM2_HashFinish(&dev, &hash, hashBuf, &hashSz);
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("Cert Hash: %d\n", hashSz);
|
||||||
|
dump_hex_bytes(hashBuf, hashSz);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Parse and extract the issuer's public key modulus from certificate */
|
||||||
|
rc = DecodeX509Cert((uint8_t*)kSTSAFEIntCa20,
|
||||||
|
(int)sizeof(kSTSAFEIntCa20), &issuerX509);
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Parse RSA Public Key Raw Modulus */
|
||||||
|
rc = DecodeRsaPubKey((uint8_t*)issuerX509.publicKey,
|
||||||
|
issuerX509.pubKeySz, &issuer.pub);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
printf("Issuer Public Exponent 0x%x, Modulus %d\n",
|
||||||
|
issuer.pub.publicArea.parameters.rsaDetail.exponent,
|
||||||
|
issuer.pub.publicArea.unique.rsa.size);
|
||||||
|
dump_hex_bytes(issuer.pub.publicArea.unique.rsa.buffer,
|
||||||
|
issuer.pub.publicArea.unique.rsa.size);
|
||||||
|
|
||||||
|
/* Import issuer certificate public key */
|
||||||
|
issuer.pub.publicArea.type = TPM_ALG_RSA;
|
||||||
|
issuer.pub.publicArea.nameAlg = hashAlg;
|
||||||
|
issuer.pub.publicArea.objectAttributes = (TPMA_OBJECT_decrypt);
|
||||||
|
issuer.pub.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
|
||||||
|
issuer.pub.publicArea.parameters.rsaDetail.scheme.details.anySig.hashAlg = hashAlg;
|
||||||
|
issuer.pub.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
|
||||||
|
rc = wolfTPM2_LoadPublicKey(&dev, &issuer, &issuer.pub);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
/* Display Cert public information */
|
||||||
|
show_tpm_public("Issuer", &issuer.pub);
|
||||||
|
|
||||||
|
printf("EK Certificate Signature: %d\n", ekX509.sigSz);
|
||||||
|
dump_hex_bytes(ekX509.signature, ekX509.sigSz);
|
||||||
|
|
||||||
|
/* RSA Public Decrypt EK certificate signature */
|
||||||
|
rc = wolfTPM2_RsaEncrypt(&dev, &issuer,
|
||||||
|
TPM_ALG_NULL, /* no padding */
|
||||||
|
ekX509.signature, ekX509.sigSz,
|
||||||
|
sig, &sigSz);
|
||||||
|
if (rc != 0) {
|
||||||
|
printf("RSA Public Failed!\n");
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
printf("Decrypted Sig: %d\n", sigSz);
|
||||||
|
dump_hex_bytes(sig, sigSz);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc == 0) {
|
||||||
|
sigDigest = sig;
|
||||||
|
rc = RsaUnpadPkcsv15(&sigDigest, &sigSz);
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
rc = RsaDecodeSignature(&sigDigest, sigSz);
|
||||||
|
if (rc > 0) {
|
||||||
|
sigDigestSz = rc;
|
||||||
|
rc = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
printf("Expected Hash: %d\n", hashSz);
|
||||||
|
dump_hex_bytes(hashBuf, hashSz);
|
||||||
|
|
||||||
|
printf("Sig Hash: %d\n", sigDigestSz);
|
||||||
|
dump_hex_bytes(sigDigest, sigDigestSz);
|
||||||
|
|
||||||
|
/* Compare certificate hash with signature hash */
|
||||||
|
if (sigDigestSz == (int)hashSz &&
|
||||||
|
memcmp(sigDigest, hashBuf, hashSz) == 0) {
|
||||||
|
printf("Certificate signature is valid\n");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
printf("Error: Certificate signature is invalid!\n");
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
|
||||||
|
if (rc != 0) {
|
||||||
|
printf("Error verifying EK certificate! %s (%d)\n",
|
||||||
|
TPM2_GetRCString(rc), rc);
|
||||||
|
}
|
||||||
|
|
||||||
|
wolfTPM2_UnloadHandle(&dev, &issuer.handle);
|
||||||
|
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
|
||||||
|
wolfTPM2_Cleanup(&dev);
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
/* --- END TPM2.0 Endorsement certificate tool -- */
|
||||||
|
/******************************************************************************/
|
||||||
|
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||||
|
|
||||||
|
#ifndef NO_MAIN_DRIVER
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int rc = -1;
|
||||||
|
|
||||||
|
#ifndef WOLFTPM2_NO_WRAPPER
|
||||||
|
rc = TPM2_EndorsementCertVerify_Example(NULL, argc, argv);
|
||||||
|
#else
|
||||||
|
printf("Wrapper code not compiled in\n");
|
||||||
|
(void)argc;
|
||||||
|
(void)argv;
|
||||||
|
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
Loading…
Reference in New Issue