aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMateusz Piotrowski <0mp@FreeBSD.org>2022-11-03 13:26:29 +0000
committerMateusz Piotrowski <0mp@FreeBSD.org>2022-11-04 11:05:08 +0000
commit01e03aed2f7d021e57c72563c9113249b6ed6456 (patch)
tree4d0c271a6b9efd4e52bf3cdd073b57f9bce060e5
parentea0c1f1917634393934074e738d0bf82e2246bdd (diff)
downloadports-01e03aed2f7d021e57c72563c9113249b6ed6456.tar.gz
ports-01e03aed2f7d021e57c72563c9113249b6ed6456.zip
security/tpm-quote-tools: Add new port
The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism. The manual page for tpm_quote_tools provides a usage overview. The manangement tools are only used to take ownership of a TPM. The additional patches[1] in files/ come from AUR and were authored by Michael Niewöhner. The patches were incomplete according to grawity[2]. I've incorporated grawity's feedback into our patches so that the -y flag is recognized by a call to getopt(). [1]: https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools [2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239 Sponsored by: Klara, Inc.
-rw-r--r--security/Makefile1
-rw-r--r--security/tpm-quote-tools/Makefile19
-rw-r--r--security/tpm-quote-tools/distinfo5
-rw-r--r--security/tpm-quote-tools/files/patch-tpm__mkaik.824
-rw-r--r--security/tpm-quote-tools/files/patch-tpm__mkaik.c51
-rw-r--r--security/tpm-quote-tools/pkg-descr5
-rw-r--r--security/tpm-quote-tools/pkg-plist17
7 files changed, 122 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 581657e300b3..0ffcd131c72d 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1253,6 +1253,7 @@
SUBDIR += tor
SUBDIR += tor-devel
SUBDIR += totp-cli
+ SUBDIR += tpm-quote-tools
SUBDIR += tpm-tools
SUBDIR += tpm2-abrmd
SUBDIR += tpm2-tools
diff --git a/security/tpm-quote-tools/Makefile b/security/tpm-quote-tools/Makefile
new file mode 100644
index 000000000000..3abb52ca7958
--- /dev/null
+++ b/security/tpm-quote-tools/Makefile
@@ -0,0 +1,19 @@
+PORTNAME= tpm-quote-tools
+DISTVERSION= 1.0.4
+CATEGORIES= security
+MASTER_SITES= SF/tpmquotetools/${PORTVERSION}
+
+MAINTAINER= 0mp@FreeBSD.org
+COMMENT= Tools for TPM-based remote attestation using the TPM quote operation
+WWW= https://sourceforge.net/projects/tpmquotetools/
+
+LICENSE= BSD3CLAUSE
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+LIB_DEPENDS= libtspi.so:security/trousers
+
+USES= iconv localbase:ldflags ssl
+
+GNU_CONFIGURE= YES
+
+.include <bsd.port.mk>
diff --git a/security/tpm-quote-tools/distinfo b/security/tpm-quote-tools/distinfo
new file mode 100644
index 000000000000..d9ff6303af99
--- /dev/null
+++ b/security/tpm-quote-tools/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1667481591
+SHA256 (tpm-quote-tools-1.0.4.tar.gz) = 10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2
+SIZE (tpm-quote-tools-1.0.4.tar.gz) = 188806
+SHA256 (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 32f814b8d22c409d3543c34e4199f21152a30f3410162ef6c91f6a713641f19d
+SIZE (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 2803
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.8 b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
new file mode 100644
index 000000000000..15f0683bd61d
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
@@ -0,0 +1,24 @@
+--- tpm_mkaik.8.orig 2017-01-18 17:10:09 UTC
++++ tpm_mkaik.8
+@@ -3,7 +3,7 @@ tpm_mkaik \- make a TPM Attestation Identity Key
+ tpm_mkaik \- make a TPM Attestation Identity Key
+ .SH SYNOPSIS
+ .B tpm_mkaik
+-.RB [ \-zuhv ]
++.RB [ \-yzuhv ]
+ .RI BLOB-FILE
+ .RI PUBKEY-FILE
+ .br
+@@ -16,8 +16,11 @@ The public key is DER encoded.
+ .RI PUBKEY-FILE.
+ The public key is DER encoded.
+ .TP
+-.RB \-z
++.RB \-y
+ Use the well known secret used as the owner secret.
++.TP
++.RB \-z
++Use the well known secret used as the SRK secret.
+ .TP
+ .RB \-u
+ Use TSS UNICODE encoding for passwords.
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.c b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
new file mode 100644
index 000000000000..2da26581ec93
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
@@ -0,0 +1,51 @@
+--- tpm_mkaik.c.orig 2017-05-26 13:25:17 UTC
++++ tpm_mkaik.c
+@@ -102,7 +102,8 @@ static int usage(const char *prog)
+ const char text[] =
+ "Usage: %s [options] blob pubkey\n"
+ "Options:\n"
+- "\t-z Use well known secret used as owner secret\n"
++ "\t-y Use well known secret used as owner secret\n"
++ "\t-z Use well known secret used as SRK secret\n"
+ "\t-u Use TSS UNICODE encoding for passwords\n"
+ "\t-h Display command usage info\n"
+ "\t-v Display command version info\n"
+@@ -115,13 +116,17 @@ int main (int argc, char **argv)
+
+ int main (int argc, char **argv)
+ {
+- int well_known = 0;
++ int well_known_srk = 0;
++ int well_known_owner = 0;
+ int utf16le = 0;
+ int opt;
+- while ((opt = getopt(argc, argv, "zuhv")) != -1) {
++ while ((opt = getopt(argc, argv, "yzuhv")) != -1) {
+ switch (opt) {
++ case 'y':
++ well_known_owner = 1;
++ break;
+ case 'z':
+- well_known = 1;
++ well_known_srk = 1;
+ break;
+ case 'u':
+ utf16le = 1;
+@@ -173,7 +178,7 @@ int main (int argc, char **argv)
+ if (rc != TSS_SUCCESS)
+ return tidy(hContext, tss_err(rc, "getting SRK policy"));
+
+- rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le);
++ rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known_srk, utf16le);
+ if (rc != TSS_SUCCESS)
+ return tidy(hContext, tss_err(rc, "setting SRK secret"));
+
+@@ -193,7 +198,7 @@ int main (int argc, char **argv)
+ if (rc != TSS_SUCCESS)
+ return tidy(hContext, tss_err(rc, "assigning TPM policy"));
+
+- rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le);
++ rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known_owner, utf16le);
+ if (rc != TSS_SUCCESS)
+ return tidy(hContext, tss_err(rc, "setting TPM policy secret"));
+
diff --git a/security/tpm-quote-tools/pkg-descr b/security/tpm-quote-tools/pkg-descr
new file mode 100644
index 000000000000..affeb9e0e71e
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-descr
@@ -0,0 +1,5 @@
+The TPM Quote Tools is a collection of programs that provide support
+for TPM based attestation using the TPM quote mechanism. The manual
+page for tpm_quote_tools provides a usage overview.
+
+The management tools are only used to take ownership of a TPM.
diff --git a/security/tpm-quote-tools/pkg-plist b/security/tpm-quote-tools/pkg-plist
new file mode 100644
index 000000000000..4243caa18d84
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-plist
@@ -0,0 +1,17 @@
+bin/tpm_getpcrhash
+bin/tpm_getquote
+bin/tpm_loadkey
+bin/tpm_mkaik
+bin/tpm_mkuuid
+bin/tpm_unloadkey
+bin/tpm_updatepcrhash
+bin/tpm_verifyquote
+man/man8/tpm_getpcrhash.8.gz
+man/man8/tpm_getquote.8.gz
+man/man8/tpm_loadkey.8.gz
+man/man8/tpm_mkaik.8.gz
+man/man8/tpm_mkuuid.8.gz
+man/man8/tpm_quote_tools.8.gz
+man/man8/tpm_unloadkey.8.gz
+man/man8/tpm_updatepcrhash.8.gz
+man/man8/tpm_verifyquote.8.gz