Google Git
Sign in
qemu / skiboot / a9bc782c843250a17255236acc210fbbe16ddf78 / . / libstb / tss2 / ibmtpm20tss / utils / regtests / testecc.sh
blob: 9ece33e29be7ddb03c4519d2ef568647a1d38797 [file] [log] [blame]
#!/bin/bash
#
#################################################################################
# #
# TPM2 regression test #
# Written by Ken Goldman #
# IBM Thomas J. Watson Research Center #
# $Id: testecc.sh 1277 2018-07-23 20:30:23Z kgoldman $ #
# #
# (c) Copyright IBM Corporation 2015 - 2018 #
# #
# All rights reserved. #
# #
# Redistribution and use in source and binary forms, with or without #
# modification, are permitted provided that the following conditions are #
# met: #
# #
# Redistributions of source code must retain the above copyright notice, #
# this list of conditions and the following disclaimer. #
# #
# Redistributions in binary form must reproduce the above copyright #
# notice, this list of conditions and the following disclaimer in the #
# documentation and/or other materials provided with the distribution. #
# #
# Neither the names of the IBM Corporation nor the names of its #
# contributors may be used to endorse or promote products derived from #
# this software without specific prior written permission. #
# #
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #
# #
#################################################################################
echo ""
echo "ECC Ephemeral"
echo ""
echo ""
echo "ECC Parameters and Ephemeral"
echo ""
for CURVE in "bnp256" "nistp256" "nistp384"
do
echo "ECC Parameters for curve ${CURVE}"
${PREFIX}eccparameters -cv ${CURVE} > run.out
checkSuccess $?
for ATTR in "-si" "-sir"
do
echo "Create ${ATTR} for curve ${CURVE}"
${PREFIX}create -hp 80000000 -pwdp sto ${ATTR} -ecc ${CURVE} > run.out
checkSuccess $?
done
echo "EC Ephemeral for curve ${CURVE}"
${PREFIX}ecephemeral -ecc ${CURVE} > run.out
checkSuccess $?
done
echo ""
echo "ECC Commit"
echo ""
echo "Start an HMAC auth session"
${PREFIX}startauthsession -se h > run.out
checkSuccess $?
for KEYTYPE in "-dau" "-dar"
do
for SESS in "" "-se0 02000000 1"
do
echo "Create a $KEYTYPE ECDAA signing key under the primary key"
${PREFIX}create -hp 80000000 -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out
checkSuccess $?
echo "Load the signing key 80000001 under the primary key 80000000"
${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out
checkSuccess $?
#${PREFIX}getcapability -cap 1 -pr 80000001
# The trick with commit is first use - empty ECC point and no s2 and y2 parameters
# which means no P1, no s2 and no y2.
# and output the result and get the efile.bin
# feed back the point in efile.bin as the new p1 because it is on the curve.
# There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
# example of normal command
# ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out
# checkSuccess $?
echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}"
${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out
checkSuccess $?
# copy efile as new p1 - for hash operation
cp efile.bin p1.bin
# We have a point on the curve - in efile.bin. Use E as P1 and feed it back in
# All this does is simulate the commit that the FIDO alliance wants to
# use in its TPM Join operation.
echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}"
${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out
checkSuccess $?
cat efile.bin p1.bin tmprpub.bin > hashinput.bin
echo "Hash the E, P1, and Q to create the ticket to use in signing"
${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
checkSuccess $?
echo "Sign the hash of the points made from commit"
${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out
checkSuccess $?
echo "Flush the signing key"
${PREFIX}flushcontext -ha 80000001 > run.out
checkSuccess $?
done
done
# save old counterfile for off nominal error check
cp counterfile.bin counterfileold.bin
for KEYTYPE in "-dau" "-dar"
do
for SESS in "" "-se0 02000000 1"
do
echo "Create a $KEYTYPE ECDAA signing primary key"
${PREFIX}createprimary -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out
checkSuccess $?
#${PREFIX}getcapability -cap 1 -pr 80000001
# The trick with commit is first use - empty ECC point and no s2 and y2 parameters
# which means no P1, no s2 and no y2.
# and output the result and get the efile.bin
# feed back the point in efile.bin as the new p1 because it is on the curve.
# There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
# example of normal command
# ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out
# checkSuccess $?
echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}"
${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out
checkSuccess $?
# copy efile as new p1 - for hash operation
cp efile.bin p1.bin
# We have a point on the curve - in efile.bin. Use E as P1 and feed it back in
# All this does is simulate the commit that the FIDO alliance wants to
# use in its TPM Join operation.
echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}"
${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out
checkSuccess $?
cat efile.bin p1.bin tmprpub.bin > hashinput.bin
echo "Hash the E, P1, and Q to create the ticket to use in signing"
${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
checkSuccess $?
echo "Check error case bad counter"
${PREFIX}sign -hk 80000001 -pwdk siga -ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out
checkFailure $?
echo "Sign the hash of the points made from commit"
${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out
checkSuccess $?
echo "Flush the signing key"
${PREFIX}flushcontext -ha 80000001 > run.out
checkSuccess $?
done
done
echo "Flush the session"
${PREFIX}flushcontext -ha 02000000 > run.out
checkSuccess $?
echo ""
echo "ECC zgen2phase"
echo ""
echo "ECC Parameters for curve nistp256"
${PREFIX}eccparameters -cv nistp256 > run.out
checkSuccess $?
# This is just a script for a B "remote" side to create a static key
# pair and ephemeral for use in demonstrating (on the local side) a
# two-phase operation involving ecephemeral and zgen2phase
echo "Create decryption key for curve nistp256"
${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out
checkSuccess $?
echo "EC Ephemeral for curve nistp256"
${PREFIX}ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out
checkSuccess $?
# local side
# scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the
# A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command
# on B side. QeBpt is already in TPM2B_ECC_POINT form since it was
# created by ecephemeral on B side QsBpub.bin is presumed in a form
# produced by a create commamnd using another TPM
echo "Create decryption key for curve nistp256"
${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out
checkSuccess $?
echo "Load the decryption key under the primary key, 80000001"
${PREFIX}load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out
checkSuccess $?
echo "EC Ephemeral for curve nistp256"
${PREFIX}ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin > run.out
checkSuccess $?
echo "Convert public raw to TPM2B_ECC_POINT"
${PREFIX}tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out
checkSuccess $?
echo "Execute zgen2phase for curve ${CURVE}"
${PREFIX}zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out
checkSuccess $?
echo "Flush the key"
${PREFIX}flushcontext -ha 80000001 > run.out
checkSuccess $?
rm -rf efile.bin
rm -rf tmprpub.bin
rm -rf tmprpriv.bin
rm -rf counterfile.bin
rm -rf counterfileold.bin
rm -rf p1.bin
rm -rf hashinput.bin
rm -rf outhash.bin
rm -rf sig.bin
rm -rf tfile.bin
rm -rf QsBpub.bin
rm -rf QeBpt.bin
rm -rf QsApriv.bin
rm -rf QsApub.bin
rm -rf QeApt.bin
rm -rf counter.bin
rm -rf QsBpt.bin
# ${PREFIX}getcapability -cap 1 -pr 80000000
# ${PREFIX}getcapability -cap 1 -pr 02000000