REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # # REM # (c) Copyright IBM Corporation 2015 - 2019. # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "ECC Ephemeral" echo "" echo "" echo "ECC Parameters and Ephemeral" echo "" for %%C in (bnp256 nistp256 nistp384) do ( echo "ECC Parameters for curve %%C" %TPM_EXE_PATH%eccparameters -cv %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%A in (-si -sir) do ( echo "Create %%A for curve %%C" %TPM_EXE_PATH%create -hp 80000000 -pwdp sto %%A -ecc %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "EC Ephemeral for curve %%C" %TPM_EXE_PATH%ecephemeral -ecc %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "ECC Commit" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%K in ("-dau" "-dar") do ( for %%S in ("" "-se0 02000000 1") do ( echo "Create a %%~K ECDAA signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key 80000001 under the primary key 80000000" %TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters REM which means no P1, no s2 and no y2. REM and output the result and get the efile.bin REM feed back the point in efile.bin as the new p1 because it is on the curve. REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. REM example of normal command REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM copy efile as new p1 - for hash operation cp efile.bin p1.bin REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in REM All this does is simulate the commit that the FIDO alliance wants to REM use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) cat efile.bin p1.bin tmprpub.bin > hashinput.bin echo "Hash the E, P1, and Q to create the ticket to use in signing" %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign the hash of the points made from commit" %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) REM save old counterfile for off nominal error check cp counterfile.bin counterfileold.bin for %%K in ("-dau" "-dar") do ( for %%S in ("" "-se0 02000000 1") do ( echo "Create a %%~K ECDAA signing primary key" %TPM_EXE_PATH%createprimary -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters REM which means no P1, no s2 and no y2. REM and output the result and get the efile.bin REM feed back the point in efile.bin as the new p1 because it is on the curve. REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. REM example of normal command REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM copy efile as new p1 - for hash operation cp efile.bin p1.bin REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in REM All this does is simulate the commit that the FIDO alliance wants to REM use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) cat efile.bin p1.bin tmprpub.bin > hashinput.bin echo "Hash the E, P1, and Q to create the ticket to use in signing" %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Check error case bad counter" %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign the hash of the points made from commit" %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "ECC zgen2phase" echo "" echo "ECC Parameters for curve nistp256" %TPM_EXE_PATH%eccparameters -cv nistp256 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM This is just a script for a B "remote" side to create a static key REM pair and ephemeral for use in demonstrating (on the local side) a REM two-phase operation involving ecephemeral and zgen2phase echo "Create decryption key for curve nistp256" %TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "EC Ephemeral for curve nistp256" %TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM local side REM REM scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the REM A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command REM on B side. QeBpt is already in TPM2B_ECC_POINT form since it was REM created by ecephemeral on B side QsBpub.bin is presumed in a form REM produced by a create commamnd using another TPM echo "Create decryption key for curve nistp256" %TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the decryption key under the primary key, 80000001" %TPM_EXE_PATH%load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "EC Ephemeral for curve nistp256" %TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Convert public raw to TPM2B_ECC_POINT" %TPM_EXE_PATH%tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Execute zgen2phase for curve nistp256" %TPM_EXE_PATH%zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -rf efile.bin rm -rf tmprpub.bin rm -rf tmprpriv.bin rm -rf counterfile.bin rm -rf counterfileold.bin rm -rf p1.bin rm -rf hashinput.bin rm -rf outhash.bin rm -rf sig.bin rm -rf tfile.bin rm -rf QsBpub.bin rm -rf QeBpt.bin rm -rf QsApriv.bin rm -rf QsApub.bin rm -rf QeApt.bin rm -rf counter.bin rm -rf QsBpt.bin REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 exit /B 0