security/tpm-quote-tools: Add new port

The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism. The manual page for tpm_quote_tools provides a usage overview. The manangement tools are only used to take ownership of a TPM. The additional patches[1] in files/ come from AUR and were authored by Michael Niewöhner. The patches were incomplete according to grawity[2]. I've incorporated grawity's feedback into our patches so that the -y flag is recognized by a call to getopt(). [1]: https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools [2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239 Sponsored by: Klara, Inc.
author: Mateusz Piotrowski <0mp@FreeBSD.org> 2022-11-03 13:26:29 +0000
committer: Mateusz Piotrowski <0mp@FreeBSD.org> 2022-11-04 11:05:08 +0000
commit: 01e03aed2f7d021e57c72563c9113249b6ed6456 (patch)
tree: 4d0c271a6b9efd4e52bf3cdd073b57f9bce060e5
parent: ea0c1f1917634393934074e738d0bf82e2246bdd (diff)
download: ports-01e03aed2f7d021e57c72563c9113249b6ed6456.tar.gz
ports-01e03aed2f7d021e57c72563c9113249b6ed6456.zip
7 files changed, 122 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 581657e300b3..0ffcd131c72d 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1253,6 +1253,7 @@
     SUBDIR += tor
     SUBDIR += tor-devel
     SUBDIR += totp-cli
+    SUBDIR += tpm-quote-tools
     SUBDIR += tpm-tools
     SUBDIR += tpm2-abrmd
     SUBDIR += tpm2-tools
diff --git a/security/tpm-quote-tools/Makefile b/security/tpm-quote-tools/Makefile
new file mode 100644
index 000000000000..3abb52ca7958
--- /dev/null
+++ b/security/tpm-quote-tools/Makefile
@@ -0,0 +1,19 @@
+PORTNAME=	tpm-quote-tools
+DISTVERSION=	1.0.4
+CATEGORIES=	security
+MASTER_SITES=	SF/tpmquotetools/${PORTVERSION}
+
+MAINTAINER=	0mp@FreeBSD.org
+COMMENT=	Tools for TPM-based remote attestation using the TPM quote operation
+WWW=		https://sourceforge.net/projects/tpmquotetools/
+
+LICENSE=	BSD3CLAUSE
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libtspi.so:security/trousers
+
+USES=		iconv localbase:ldflags ssl
+
+GNU_CONFIGURE=	YES
+
+.include <bsd.port.mk>
diff --git a/security/tpm-quote-tools/distinfo b/security/tpm-quote-tools/distinfo
new file mode 100644
index 000000000000..d9ff6303af99
--- /dev/null
+++ b/security/tpm-quote-tools/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1667481591
+SHA256 (tpm-quote-tools-1.0.4.tar.gz) = 10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2
+SIZE (tpm-quote-tools-1.0.4.tar.gz) = 188806
+SHA256 (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 32f814b8d22c409d3543c34e4199f21152a30f3410162ef6c91f6a713641f19d
+SIZE (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 2803
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.8 b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
new file mode 100644
index 000000000000..15f0683bd61d
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
@@ -0,0 +1,24 @@
+--- tpm_mkaik.8.orig	2017-01-18 17:10:09 UTC
++++ tpm_mkaik.8
+@@ -3,7 +3,7 @@ tpm_mkaik \- make a TPM Attestation Identity Key
+ tpm_mkaik \- make a TPM Attestation Identity Key
+ .SH SYNOPSIS
+ .B tpm_mkaik
+-.RB [ \-zuhv ]
++.RB [ \-yzuhv ]
+ .RI BLOB-FILE
+ .RI PUBKEY-FILE
+ .br
+@@ -16,8 +16,11 @@ The public key is DER encoded.
+ .RI PUBKEY-FILE.
+ The public key is DER encoded.
+ .TP
+-.RB \-z
++.RB \-y
+ Use the well known secret used as the owner secret.
++.TP
++.RB \-z
++Use the well known secret used as the SRK secret.
+ .TP
+ .RB \-u
+ Use TSS UNICODE encoding for passwords.
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.c b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
new file mode 100644
index 000000000000..2da26581ec93
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
@@ -0,0 +1,51 @@
+--- tpm_mkaik.c.orig	2017-05-26 13:25:17 UTC
++++ tpm_mkaik.c
+@@ -102,7 +102,8 @@ static int usage(const char *prog)
+   const char text[] =
+     "Usage: %s [options] blob pubkey\n"
+     "Options:\n"
+-    "\t-z   Use well known secret used as owner secret\n"
++    "\t-y   Use well known secret used as owner secret\n"
++    "\t-z   Use well known secret used as SRK secret\n"
+     "\t-u   Use TSS UNICODE encoding for passwords\n"
+     "\t-h   Display command usage info\n"
+     "\t-v   Display command version info\n"
+@@ -115,13 +116,17 @@ int main (int argc, char **argv)
+ 
+ int main (int argc, char **argv)
+ {
+-  int well_known = 0;
++  int well_known_srk = 0;
++  int well_known_owner = 0;
+   int utf16le = 0;
+   int opt;
+-  while ((opt = getopt(argc, argv, "zuhv")) != -1) {
++  while ((opt = getopt(argc, argv, "yzuhv")) != -1) {
+     switch (opt) {
++    case 'y':
++      well_known_owner = 1;
++      break;
+     case 'z':
+-      well_known = 1;
++      well_known_srk = 1;
+       break;
+     case 'u':
+       utf16le = 1;
+@@ -173,7 +178,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "getting SRK policy"));
+ 
+-  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le);
++  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known_srk, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting SRK secret"));
+ 
+@@ -193,7 +198,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "assigning TPM policy"));
+ 
+-  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le);
++  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known_owner, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting TPM policy secret"));
+ 
diff --git a/security/tpm-quote-tools/pkg-descr b/security/tpm-quote-tools/pkg-descr
new file mode 100644
index 000000000000..affeb9e0e71e
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-descr
@@ -0,0 +1,5 @@
+The TPM Quote Tools is a collection of programs that provide support
+for TPM based attestation using the TPM quote mechanism.  The manual
+page for tpm_quote_tools provides a usage overview.
+
+The management tools are only used to take ownership of a TPM.
diff --git a/security/tpm-quote-tools/pkg-plist b/security/tpm-quote-tools/pkg-plist
new file mode 100644
index 000000000000..4243caa18d84
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-plist
@@ -0,0 +1,17 @@
+bin/tpm_getpcrhash
+bin/tpm_getquote
+bin/tpm_loadkey
+bin/tpm_mkaik
+bin/tpm_mkuuid
+bin/tpm_unloadkey
+bin/tpm_updatepcrhash
+bin/tpm_verifyquote
+man/man8/tpm_getpcrhash.8.gz
+man/man8/tpm_getquote.8.gz
+man/man8/tpm_loadkey.8.gz
+man/man8/tpm_mkaik.8.gz
+man/man8/tpm_mkuuid.8.gz
+man/man8/tpm_quote_tools.8.gz
+man/man8/tpm_unloadkey.8.gz
+man/man8/tpm_updatepcrhash.8.gz
+man/man8/tpm_verifyquote.8.gz
author	Mateusz Piotrowski <0mp@FreeBSD.org>	2022-11-03 13:26:29 +0000
committer	Mateusz Piotrowski <0mp@FreeBSD.org>	2022-11-04 11:05:08 +0000
commit	01e03aed2f7d021e57c72563c9113249b6ed6456 (patch)
tree	4d0c271a6b9efd4e52bf3cdd073b57f9bce060e5
parent	ea0c1f1917634393934074e738d0bf82e2246bdd (diff)
download	ports-01e03aed2f7d021e57c72563c9113249b6ed6456.tar.gz ports-01e03aed2f7d021e57c72563c9113249b6ed6456.zip