TPM 1.2 getpubek comparison with existing file in system

abhinav_student · 01-17-2020, 11:08 PM

I am using TPM 1.2 module.

I want to write C code to get public key of that TPM as a file and match it with an existing file in my system.

In linux if we write tpm_getpubek command in CLI, it shows the public key of TPM on terminal.

Help me!

berndbausch · 01-18-2020, 05:45 PM

You could launch the tpm_getpubek command from your C program, redirecting the output to a file. The easiest method should be the system library function, e.g.

Code:

system("tpm_getpubek > somefile");

A cleaner solution is using the trousers software package. The function that corresponds to tpm_getpubek is probably
Tspi_TPM_GetPubEndorsementKey.

Disclaimer: I know close to nothing about TPMs and trousers.

abhinav_student · 01-22-2020, 06:15 AM

Thanks Bernbaush.

I have another question here. In the below code how I can make szTpmPasswd as default instead of user input.
Suppose my password is "abcd1234", how I can make it deafult so that this file can execute automatically. I tried to explicity pass an string to the szTpmPasswd but unable to get my result.

Code :-

#include "tpm_tspi.h"
#include "tpm_utils.h"

static BOOL isWellKnown = FALSE;
TSS_HCONTEXT hContext = 0;

static int parse(const int aOpt, const char *aArg)
{

switch (aOpt) {
case 'z':
logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
isWellKnown = TRUE;
break;
default:
return -1;
}
return 0;
}
static void help(const char* aCmd)
{
logCmdHelp(aCmd);
logUnicodeCmdOption();
logCmdOption("-z, --well-known",
_("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
}

int main(int argc, char **argv)
{

char *szTpmPasswd = NULL;
int pswd_len;
TSS_RESULT tResult;
TSS_HTPM hTpm;
TSS_HKEY hEk;
TSS_HPOLICY hTpmPolicy;
int iRc = -1;
struct option hOpts[] = {
{"well-known", no_argument, NULL, 'z'},
};
BYTE well_known[] = TSS_WELL_KNOWN_SECRET;

initIntlSys();

if (genericOptHandler
(argc, argv, "z", hOpts,
sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
goto out;

if (contextCreate(&hContext) != TSS_SUCCESS)
goto out;

if (contextConnect(hContext) != TSS_SUCCESS)
goto out_close;

if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
goto out_close;

tResult = tpmGetPubEk(hTpm, FALSE, NULL, &hEk);
if (tResult == TCPA_E_DISABLED_CMD) {
logInfo
(_("Public PubEk access blocked, owner password required\n"));
if (isWellKnown) {
szTpmPasswd = (char *)well_known;
pswd_len = sizeof(well_known);
} else {

// Prompt for owner password
szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
if (!szTpmPasswd) {
logMsg(_("Failed to get password\n"));
goto out_close;
}
}

if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
goto out_close;

if (policySetSecret
(hTpmPolicy, pswd_len,
(BYTE *)szTpmPasswd) != TSS_SUCCESS)
goto out_close;

tResult = tpmGetPubEk(hTpm, TRUE, NULL, &hEk);
}
if (tResult != TSS_SUCCESS)
goto out_close;

logMsg(_("Public Endorsement Key:\n"));
if (displayKey(hEk) != TSS_SUCCESS)
goto out_close;

iRc = 0;
logSuccess(argv[0]);

out_close:
contextClose(hContext);

out:
if (szTpmPasswd && !isWellKnown)
shredPasswd(szTpmPasswd);

return iRc;
}

berndbausch · 01-22-2020, 06:21 AM

With the caveat that I know close to nothing about trousers and TPMs, I can try to help if you format your code as code.

abhinav_student · 01-22-2020, 06:36 AM

I am trying to post code with proper indentation but it is not taking.
I will post a text file for this.

berndbausch · 01-22-2020, 07:48 AM

Sorry, but after looking at your question, I don't understand what you want.

Right now, the default value of szTpmPasswd is TSS_WELL_KNOWN_SECRET. You say you want to set a default password so that the program executes automatically. What do you mean by "automatically"? Normally, a program must be launched by a human or another program to execute.

You also say that you are unable to get your result. What is your result, and what do you get instead of the result?

abhinav_student · 01-25-2020, 03:59 AM

How to provide well-known(20 bytes 0) value to owner password?

By default it is not taking. For SRK password we can do tpm_takeownership -z command.

I am using tpm-tools and trousers package to configure my TPM.

abhinav_student · 01-25-2020, 05:08 AM

If possible without using well-known can I pass my own password inside my code? I don want to enter password while execution of the program.

berndbausch · 01-25-2020, 06:08 AM

I suppose you need to change this section:

Code:

		} else {
			// Prompt for owner password
			szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
			if (!szTpmPasswd) {
				logMsg(_("Failed to get password\n"));
				goto out_close;
			}
		}

Instead of GETPASSWD, just use a fixed value or an argv value.

abhinav_student · 01-29-2020, 01:13 AM

Thanks berndbausch.

You provided me a great guidance. Assigning fixed value or an agrv value haven't worked but by making some changes in the header files they worked.

I have one more question, can we compare a system command(for e.g. content of "ifconfig") with an existing file in our system in C program?

If possible could you please help me with the logic?

berndbausch · 01-29-2020, 03:45 AM

What do you mean by "compare"? Do you want to understand if they are equal? If so, one solution would be to use the system call to run the command, redirecting output to a file. Then compare that file to the existing file.

abhinav_student · 01-29-2020, 06:21 AM

Thank You

abhinav_student · 01-31-2020, 03:30 AM

Hi,

I have a C program to compare two files(for e.g. "compare.c").

I want to develop a kernel module where I can call this C program("compare.c"). Could you please tell me how to do this. I am new to kernel module.

berndbausch · 01-31-2020, 04:07 AM

I have never written a kernel module, but an internet search comes up with plenty of instructions.

abhinav_student · 01-31-2020, 06:05 AM

I did the same but unable to filter useful content.