├── ASNTestTool.bat ├── CAchainECC.txt ├── CAchainNuvoton.txt ├── CAchainOptigaEccMfrCA022.txt ├── CAchainOptigaRsaMfrCA022.txt ├── CAchainRSA.txt ├── EK.crt ├── LICENSE ├── NuvotonTPMRootCA2110.pem ├── OptigaEccMfrCA003.pem ├── OptigaEccMfrCA022.pem ├── OptigaEccRootCA.pem ├── OptigaRsaMfrCA003.pem ├── OptigaRsaMfrCA022.pem ├── OptigaRsaRootCA.pem ├── PlatCertsNoTPM.bat ├── README.md ├── TPM2_Verifcation_Tools_Installation_Guide.pdf ├── TPM2_Verifcation_Tools_Installation_Guide.txt ├── TPM2_Verifcation_Tools_Usage.pdf ├── TPM2_Verifcation_Tools_Usage.txt ├── cert.cer ├── getAndVerifyEK.exe ├── getAndVerifyEK2.exe ├── lib ├── bcpkix-jdk15on-157.jar ├── bcpkix-jdk15on-157.txt ├── bcprov-jdk15on-157.jar └── bcprov-jdk15on-157.txt ├── platformCertFromXml.bat ├── platformCertFromXml.sh ├── sampleFiles ├── CAchainECC.txt ├── CAchainNuvoton.txt ├── CAchainOptigaEccMfrCA022.txt ├── CAchainOptigaRsaMfrCA022.txt ├── CAchainRSA.txt ├── NuvotonTPMRootCA2110.pem ├── OptigaEccMfrCA003.pem ├── OptigaEccMfrCA022.pem ├── OptigaEccRootCA.pem ├── OptigaRsaMfrCA003.pem ├── OptigaRsaMfrCA022.pem ├── OptigaRsaRootCA.pem ├── sample_ekcert.pem ├── sample_ekcert.xml ├── sample_ekcert_OptigaRsaMfrCA022.pem ├── sample_plat_cert.cer ├── sample_plat_cert.xml ├── sample_plat_cert_common.xml ├── sample_plat_cert_ek.xml └── sample_plat_cert_platform.xml ├── sample_ekcert.pem ├── sample_ekcert.xml ├── sample_ekcert_OptigaRsaMfrCA022.pem ├── sample_plat_cert.cer ├── sample_plat_cert.xml ├── sample_plat_cert_common.xml ├── sample_plat_cert_ek.xml ├── sample_plat_cert_platform.xml ├── src ├── c │ ├── getAndVerifyEK │ │ ├── Readme_getAndVerifyEK.txt │ │ └── src │ │ │ ├── Readme_getAndVerifyEK_updated_10-31-18.txt │ │ │ ├── commonerror.h │ │ │ ├── commontss.c │ │ │ ├── commontss.h │ │ │ ├── commonutils.c │ │ │ ├── commonutils.h │ │ │ ├── config.h │ │ │ ├── cryptoutils.c │ │ │ ├── cryptoutils.h │ │ │ ├── ekutils.c │ │ │ ├── ekutils.h │ │ │ ├── getAndVerifyEK.c │ │ │ ├── getAndVerifyEK.txt │ │ │ ├── makefile │ │ │ ├── objecttemplates.c │ │ │ └── objecttemplates.h │ └── getAndVerifyEK2 │ │ ├── Readme_getAndVerfiyEK2.txt │ │ └── src │ │ ├── Readme_getAndVerfiyEK2_updated_10-31-18.txt │ │ ├── commonerror.h │ │ ├── commontss.c │ │ ├── commontss.h │ │ ├── config.h │ │ ├── cryptoutils.c │ │ ├── cryptoutils.h │ │ ├── ekutils.c │ │ ├── ekutils.h │ │ ├── getAndVerifyEK2.c │ │ ├── getAndVerifyEK2.txt │ │ ├── makefile │ │ ├── objecttemplates.c │ │ └── objecttemplates.h └── java │ └── src │ ├── PCDFile_updated.xsd │ └── com │ └── trustiphi │ ├── asn1 │ ├── Asn1Translator.java │ ├── CommonCriteriaMeasures.java │ ├── ComponentAddress.java │ ├── ComponentIdentifier.java │ ├── EndorsementKeyCertificateHolder.java │ ├── FIPSLevel.java │ ├── ManufacturerId.java │ ├── PlatformConfiguration.java │ ├── Properties.java │ ├── TbbSecurityAssertions.java │ ├── TcgCredentialSpecification.java │ ├── TcgPlatformSpecification.java │ └── URIReference.java │ └── tpm2verification │ ├── CertificateChainValidation.java │ ├── EKCertToPlatformCertXml.java │ ├── ParsingUtils.java │ ├── PlatfomCertSignatureVerify.java │ ├── PlatformCertFromXml.java │ ├── PlatformCertToXml.java │ ├── PlatformCertificateHolder.java │ ├── PlatformCertificateManager.java │ ├── TP_FileUtils.java │ ├── TrustiPhiStyle.java │ ├── VerifyEKCert.java │ ├── VerifyPlatformCert.java │ ├── X509ToPem.java │ └── platformcertparse │ ├── ObjectFactory.java │ ├── PlatformCertificateData.java │ ├── XmlCRLDistributionPoints.java │ ├── XmlCertificatePolicies.java │ ├── XmlCommonCriteriaMeasures.java │ ├── XmlComponentAddress.java │ ├── XmlComponentIdentifier.java │ ├── XmlDistributionPointName.java │ ├── XmlGeneralName.java │ ├── XmlGeneralNameTag.java │ ├── XmlPolicyQualifier.java │ ├── XmlProperties.java │ ├── XmlURIReference.java │ └── package-info.java ├── title.txt ├── tss.dll ├── verifyEKandPlatCertsNoTPM.bat ├── verifyEKandPlatCertsNoTPM.sh ├── verifyEKandPlatCertsWithTPM.bat ├── verifyEKandPlatCertsWithTPM.sh ├── verifyEKinTPM.bat ├── verifyEKinTPM.sh └── verifyPlatCertsNoTPM.bat /ASNTestTool.bat: -------------------------------------------------------------------------------- 1 | PlatCertsNoTPM.bat -ekcca cert.cer -ekc EK.crt -pcca cert.cer -pc cert.cer -crlurl www.tsc.com -------------------------------------------------------------------------------- /CAchainECC.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaEccMfrCA003.pem 2 | ./sampleFiles/OptigaEccRootCA.pem 3 | -------------------------------------------------------------------------------- /CAchainNuvoton.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/NuvotonTPMRootCA2110.pem 2 | -------------------------------------------------------------------------------- /CAchainOptigaEccMfrCA022.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaEccMfrCA022.pem 2 | ./sampleFiles/OptigaEccRootCA.pem 3 | -------------------------------------------------------------------------------- /CAchainOptigaRsaMfrCA022.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaRsaMfrCA022.pem 2 | ./sampleFiles/OptigaRsaRootCA.pem 3 | -------------------------------------------------------------------------------- /CAchainRSA.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaRsaMfrCA003.pem 2 | ./sampleFiles/OptigaRsaRootCA.pem 3 | -------------------------------------------------------------------------------- /EK.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/EK.crt -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2018, PlatformCertTool 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /NuvotonTPMRootCA2110.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICBjCCAaygAwIBAgIIP5MvnZk8FrswCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY 3 | TnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s 4 | b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUxMDE5MDQzMjAwWhcNMzUx 5 | MDE1MDQzMjAwWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDIxMTAw 6 | JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU 7 | VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPv9uK2BNm8/nmIyNsc2/aKHV0WR 8 | ptzge3jKAIgUMosQIokl4LE3iopXWD3Hruxjf9vkLMDJrTeK3hWh2ySS4ySjZjBk 9 | MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSf 10 | u3mqD1JieL7RUJKacXHpajW+9zAfBgNVHSMEGDAWgBSfu3mqD1JieL7RUJKacXHp 11 | ajW+9zAKBggqhkjOPQQDAgNIADBFAiEA/jiywhOKpiMOUnTfDmXsXfDFokhKVNTX 12 | B6Xtqm7J8L4CICjT3/Y+rrSnf8zrBXqWeHDh8Wi41+w2ppq6Ev9orZFI 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /OptigaEccMfrCA003.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRjCCAs2gAwIBAgIER3V5aDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND 5 | IFJvb3QgQ0EwHhcNMTQxMTI0MTU0OTQ3WhcNMzQxMTI0MTU0OTQ3WjCBgzELMAkG 6 | A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG 7 | A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH 8 | QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMFkwEwYHKoZIzj0CAQYIKoZI 9 | zj0DAQcDQgAECjK/9FKtsbnyopQGwokCmiJARyiyr4/G9Lthttr86gWbZ3MQsQ5V 10 | w+Api4ZrS01BO1F54Qc3aI2Ji3yPEE2U0qOCATgwggE0MFcGCCsGAQUFBwEBBEsw 11 | STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj 12 | Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFFVd72wz+DBEi62s 13 | /+yx03ut8eeGMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG 14 | A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj 15 | Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB 16 | FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF 17 | Z4EFCAEwCgYIKoZIzj0EAwMDZwAwZAIwZ9HqVEOTXAk1RGCLWk0aLfppEwQk2/VP 18 | AuQumUi48hbpfK41ZjB3IYoS9lgfEC+QAjAvWrLXq1v7rIm8Pcf6iZ+rlI72d/39 19 | q4sIXNmXHqUWrIegp+usDAGjAYDpBffEbow= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /OptigaEccMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRzCCAs2gAwIBAgIEeBLchjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND 5 | IFJvb3QgQ0EwHhcNMTcwMzIxMTMzOTA3WhcNMzcwMzIxMTMzOTA3WjCBgzELMAkG 6 | A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG 7 | A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH 8 | QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMFkwEwYHKoZIzj0CAQYIKoZI 9 | zj0DAQcDQgAEt+5SPdxvaWHAUKuv0gtia7dbIQSaVslB3aqHkzhfS1930P+FZCmp 10 | TVbIxXkDTza+Wwtrofi6Iv+NCnQBslJu/qOCATgwggE0MFcGCCsGAQUFBwEBBEsw 11 | STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj 12 | Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFIzH4wB9wx8/J0OF 13 | yzCHkzmb1p0bMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG 14 | A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj 15 | Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB 16 | FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF 17 | Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIxAJPeOMJc0a3JD0BHPbLphFHMXlz8cd57 18 | 5aE1sFnU3DYSkasKcZLs/UCJNpPJ44jR/wIwJ0gbuL+rSQ6DsBkJZvByyIQ2bwI0 19 | 3InIj4rhlXOCqCcsgSQ93oE+Z4v7rTPjm9HI 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /OptigaEccRootCA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G 3 | A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo 4 | VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv 5 | b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG 6 | EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL 7 | DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU 8 | TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 9 | GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe 10 | Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud 11 | DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T 12 | AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk 13 | MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ 14 | +O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /OptigaRsaMfrCA003.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFszCCA5ugAwIBAgIEasM5FDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE 3 | RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP 4 | UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIFJvb3QgQ0EwHhcNMTQxMTI0MTUzNzE2WhcNMzQxMTI0MTUzNzE2WjCBgzEL 6 | MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa 7 | MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q 8 | VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMIIBIjANBgkqhkiG9w0B 9 | AQEFAAOCAQ8AMIIBCgKCAQEAuUD5SLLVYRmuxDjT3cWQbRTywTWUVFE3EupJQZjJ 10 | 9mvFc2KcjpQv6rpdaT4JC33P1M9iJgrHwYO0AZlGl2FcFpSNkc/3CWoMTT9rOdwS 11 | /MxlNSkxwTz6IAYUYh7+pd7T49NpRRGZ1dOMfyOxWgA4C0g3EP/ciIvA2cCZ95Hf 12 | ARD9NhuG2DAEYGNRSHY2d/Oxu+7ytzkGFFj0h1jnvGNJpWNCf3CG8aNc5gJAduMr 13 | WcaMHb+6fWEysg++F2FLav813+/61FqvSrUMsQg0lpE16KBA5QC2Wcr/kLZGVVGc 14 | uALtgJ/bnd8XgEv7W8WG+jyblUe+hkZWmxYluHS3yJeRbwIDAQABo4IBODCCATQw 15 | VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u 16 | LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E 17 | FgQUQLhoK40YRQorBoSdm1zZb0zd9L4wDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB 18 | /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv 19 | bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g 20 | BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS 21 | uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAeUzrsGq3oQOT 22 | mF7g71TtMMndwPxgZvaB4bAc7dNettn5Yc1usikERfvJu4/iBs/Tdl6z6TokO+6V 23 | JuBb6PDV7f5MFfffeThraPCTeDcyYBzQRGnoCxc8Kf81ZJT04ef8CQkkfuZHW1pO 24 | +HHM1ZfFfNdNTay1h83x1lg1U0KnlmJ5KCVFiB94owr9t5cUoiSbAsPcpqCrWczo 25 | Rsg1aTpokwI8Y45lqgt0SxEmQw2PIAEjHG2GQcLBDeI0c7cK5OMEjSMXStJHmNbp 26 | u4RHXzd+47nCD2kGV8Bx5QnK8qDVAFAe/UTDQi5mTtDFRL36Nns7jz8USemu+bw9 27 | l24PN73rKcB2wNF2/oFTLPHkdYfTKYGXG1g2ZkDcTAENSOq3fcTfAuyHQozBwYHG 28 | GGyyPHy6KvLkqMQuqeDv0QxGOtE+6cedFMP2D9bMaujR389mSm7DE6YyNQClRW7w 29 | J1+rNYuN2vErvB96ir1zljXq0yMxrm5nTeiAT4p5eoFqoeSYDbFljt/f+PebREiO 30 | nJIy4fdvKlHAf70gPdYpYipc4oTZxLeWjDQxRFFBDFrnLdlPSg6zSL2Q3ANAEI3y 31 | MtHaEaU0wbaBvezyzMUHI5nLnYFL+QRP4N2OFNI/ejBaEpmIXzf6+/eF40MNLHuR 32 | 9/B93Q+hpw8O6XZ7qx697I+5+smLlPQ= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /OptigaRsaMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFszCCA5ugAwIBAgIEddrr8zANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE 3 | RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP 4 | UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIFJvb3QgQ0EwHhcNMTcwMzIxMTMyODA2WhcNMzcwMzIxMTMyODA2WjCBgzEL 6 | MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa 7 | MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q 8 | VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMIIBIjANBgkqhkiG9w0B 9 | AQEFAAOCAQ8AMIIBCgKCAQEAnFpFSA+DGquMUBFXwRPfuqD7xt8iM0P5erFCkhqW 10 | zt9DRzHt8ZP6+oPa+rlKncXyvpPAZckchkMRI9c6VRLWMFtMKxgnp19Z1aZKHWNo 11 | dcLACmHQWVaw7KRraVrGLg/v7oZB7Hlqd/OByP83r1WoR4hWzhYS98bSIYAlZYOk 12 | bvGpyilwkKBBiuhyBylGg1PS06b5sbEUgxlb0YA8pWrWICDYIwQTRXcrXZqqXct5 13 | wnuhoTHnxGnhBmbrnGkhAoTomXcFdzBchk/NBdUsIWZ3J1RE+1rLftcODqZ79hpd 14 | Ixi3ltYfVBrBsAKTrP+7Qh4o/xncu1cZTYO4Kj4dQ++RCQIDAQABo4IBODCCATQw 15 | VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u 16 | LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E 17 | FgQUcCbQntk13NxE2E19p1zPCrwf3gowDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB 18 | /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv 19 | bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g 20 | BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS 21 | uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAiPpFXHrY2Br9 22 | z4Uw9+7YLlyEWgZfH6BRrDzXUHzuePRSa8odikOrDX/UcZYjzjJOOmDZhMDH9RGC 23 | xf5ZmJgDBirgk6GF27qgKyGi6TM2SMPp1EfPC/QigAEeBdSeHJPqfDSiaHaFRCuB 24 | MZSdy6oIXZhfaKd6iT//m2eYMHu7bVWBB/g9fwTvmSkim8EGjMOkiBrZWsejkbwu 25 | /Z9rTTw/fsZs1gCLLIiCB9oQbnsz07VIPqucup+rhv9XVJ/cWs4qo0GeWKuExGuk 26 | ZfjXSqIlmldb/SnGoX8U+GhweElMLWTYAResAtaEMDg2vPek87PXywnRWbMEt68t 27 | PSwxAM5bqeD7eSl4WR+kRgx8harnDrBi2mwch4C4IqMHn6bP/OysDODw72o62nXu 28 | 5jqR0UIz4zGvkkYlMuPcQ1izfYcd7m+MB5spZe9vxbVaXkPa+XF2b0uZNMyyOuME 29 | vMubFylnNiqmcAl8U+8RVRlLxG2Hh35KK9qIlQ2lZ7hTPRmQpFC9S4uRIzonXnL8 30 | 7L6BVkn8zjCtL3xu9S7Br77y5DQCR++WLACS+tKY6NXmW4pXEcDBqwWsKTwaXjvP 31 | ICAGfLGQZ+uFoKhRM5w3OySzsWV5l2U7hxBrrag2L6cNkUbVvSrEjXxaDq9xQTS6 32 | 8OY/sm8ZOVzgfXKihvQuMr9uE8wq3s4= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /OptigaRsaRootCA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB 5 | IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD 6 | VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD 7 | VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH 8 | QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC 9 | AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn 10 | 25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr 11 | R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS 12 | JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT 13 | ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl 14 | 8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 15 | 7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 16 | bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d 17 | cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS 18 | ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu 19 | 81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV 20 | HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud 21 | EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN 22 | UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M 23 | BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y 24 | rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ 25 | gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y 26 | np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 27 | DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr 28 | la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf 29 | Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR 30 | pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv 31 | JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM 32 | 6sJa8iBpdRjZrBp5sJBI 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /PlatCertsNoTPM.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: Workflow for validating and comparing the EK certificate to the platform certificate without TPM interaction 3 | 4 | SETLOCAL 5 | 6 | set BLUE= 7 | set NC= 8 | set GREEN= 9 | set RED= 10 | 11 | set zz=0 12 | set name=%0 13 | 14 | :START 15 | if (%1)==() ( 16 | goto END 17 | ) 18 | if %1==-zz ( 19 | set zz=1 20 | ) 21 | if %1==-ekcca if not (%2)==() ( 22 | set ekcca=%2 23 | shift 24 | ) 25 | if %1==-ekc if not (%2)==() ( 26 | set ekc=%2 27 | shift 28 | ) 29 | if %1==-ekcxmlout if not (%2)==() ( 30 | set ekcxmlout=%2 31 | shift 32 | ) 33 | if %1==-pcca if not (%2)==() ( 34 | set pcca=%2 35 | shift 36 | ) 37 | if %1==-pc if not (%2)==() ( 38 | set pc=%2 39 | shift 40 | ) 41 | if %1==-pcd if not (%2)==() ( 42 | set pcd=%2 43 | shift 44 | ) 45 | if %1==-crlurl if not (%2)==() ( 46 | set crlurl=%2 47 | shift 48 | ) 49 | if %1==-pcxmlout if not (%2)==() ( 50 | set pcxmlout=%2 51 | shift 52 | ) 53 | if %1==-v ( 54 | set v=-v 55 | ) 56 | shift 57 | goto START 58 | :END 59 | 60 | :: Test legitimate combinations 61 | 62 | set valid=1 63 | 64 | set error_msg_flags=Missing required command-line arguments: 65 | 66 | :: one of -pc or -pcd is required 67 | if not defined pc if not defined pcd ( 68 | set valid=0 69 | set error_msg_flags=%error_msg_flags% [One of -pc or -pcd is required] 70 | ) 71 | if defined pc if defined pcd ( 72 | set valid=0 73 | set error_msg_flags=%error_msg_flags% [One of -pc or -pcd is required] 74 | ) 75 | 76 | if %valid%==0 ( 77 | echo. 1>&2 78 | echo %RED%ERROR: %error_msg_flags%%NC% 1>&2 79 | echo. 1>&2 80 | 81 | echo %name%: Perform validation of Platform Certificate against TPM Certificate 82 | echo Usage: %name% [OPTIONS] 83 | echo OPTIONS: 84 | echo -ekcca ^ ^(EK CA Bundle file^) 85 | echo Use this file containing a list of certificate files in the CA chain 86 | echo REQUIRED for EK Certificate verification 87 | echo -ekc ^ ^(EK certificate file^) 88 | echo REQUIRED for EK Certificate verification 89 | echo -ekcxmlout ^ ^(XML representation of the EK Certificate File^) 90 | echo If this is present the EK Cert serial # and Issuer will be output to this XML formatted file 91 | echo -pcca ^ Platform CA cert that signs the platform cert 92 | echo REQUIRED for Platform Certificate verification 93 | echo -pc ^ ^(Platform certificate file^) 94 | echo -pcd ^ ^(drectory of Platform certificate files^) 95 | echo One of -pc or -pcd is required 96 | echo -crlurl ^ ^(URL to where CRL can be Downloaded^) 97 | echo REQUIRED for CRL verification of Platform certificate 98 | echo -pcxmlout ^ ^(XML representation of the Platform Certificate File^) 99 | echo If this is present the Platform Cert serial # and Issuer will be output to this XML formatted file 100 | echo -v ^(Verbose mode^) 101 | exit /b 102 | ) 103 | 104 | :: Get working directory 105 | set DIR=%cd% 106 | 107 | :: Verify EK cert against input CA certs 108 | echo. 1>&2 109 | echo %BLUE%Verifying EK cert%NC% 1>&2 110 | echo. 1>&2 111 | 112 | 113 | :: Verify Platform cert against input CA certs and perform CRL checking 114 | :: Verify that EK cert and Platform cert match 115 | :: Output Platform Certificate XML file by parsing the Platform certificate file (optional) 116 | 117 | if defined pc ( 118 | set pcparse=%pc% 119 | ) else ( 120 | set pcparse=%pcd% 121 | ) 122 | 123 | echo. 1>&2 124 | echo %BLUE%Verifying Platform cert%NC% 1>&2 125 | echo. 1>&2 126 | 127 | if %zz%==1 pause 128 | 129 | echo java -cp "%DIR%\tpm20VerificationToolset1.1.jar;%DIR%\lib\*" com.trustiphi.tpm2verification.VerifyPlatformCert %pcca% %pcparse% %crlurl% %ekc% %v% %pcxmlout% 130 | (java -cp "%DIR%\tpm20VerificationToolset1.1.jar;%DIR%\lib\*" com.trustiphi.tpm2verification.VerifyPlatformCert %pcca% %pcparse% %crlurl% %ekc% %v% %pcxmlout%) 131 | 132 | if %errorlevel% neq 0 ( 133 | echo %RED%Failed to verify Platform cert%NC% 1>&2 134 | ) else ( 135 | echo %GREEN%Successfully verified Platform cert%NC% 1>&2 136 | ) 137 | 138 | ENDLOCAL 139 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | TPM 2.0 PLATFORM CERTIFICATE VERIFICATION TOOLS INTSALLATION GUIDE 3 | ================================================================== 4 | 5 | These are the Installation instructions for the TPM 2.0 version of the Platform Certificate Tools package. 6 | 7 | 1. DEPENDENCIES 8 | This version of the TPM 2.0 Platform Certificate Verification toolset has the following dependencies. 9 | 10 | 1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (version 1045+) 11 | 2. OpenSSL 1.0.x 12 | 3. [optional] IBM's Software TPM 2.0 (https://sourceforge.net/projects/ibmswtpm2/) (version 974+) 13 | 4. Java JVM 1.7 or greater 14 | 5. Ability to run Linux Bash script 15 | 16 | 17 | 2. BUILDING ‘C’ EXECUTABLES 18 | There are two ‘C’ executables used in this package. These two executables will have to be built and linked into the same directory the tools shell scripts are run in. 19 | 20 | 1. To build the two required executable files, getAndVerifyEK, and getAndVerifyEK2, follow the instructions in their respective readme.txt files. The readme file are found in the following two directories (relative to the toolset installation directory), ./src/c/getAndVerifyEK, and ./src/c/getAndVerifyEK2. 21 | 22 | 2. Once those executable files are built link them into the installation directory for this toolset. 23 | 24 | # cd . 25 | # ln -s ./src/c/getAndVerifyEK/getAndVerifyEK . 26 | # ln -s ./src/c/getAndVerifyEK2/getAndVerifyEK2 . 27 | 28 | 3. Link IBM TSS libraries to current directory. 29 | 30 | # ln -s /ibmtss1045/utils/libtss.so* . 31 | 32 | 3. Shell Scripts 33 | The shell scripts have to be designated as executable files. 34 | 35 | 1. Excute the following command from the command line 36 | 37 | # chmod +x *.sh# PCVT_TPM20 38 | Platform Certificate Validation Tool - TPM 2.0 39 | 40 | 4. TPM 2.0 PLATFORM CERTIFICATE VERIFICATION TOOLS 41 | The TPM2_Verification_Too_Usage file describes typical use cases for this TPM 2.0 version of the Platform Certificate Tools package. 42 | 43 | The first three use cases indicate how the tools may be used together in a manufacturing setting to obtain the EK Certificate from the platform, create the Platform Certificate, and then verify the binding between the two certificates. It will also generate XML files containing the information in the platform certificate to more easily access information about the certificates. 44 | 45 | The fourth use case shows how the tools may be used out in the field to verify that the Endorsement Key (EK) Certificate and the Platform Certificate match. 46 | 47 | This file has the command line usage and the expected output examples files. 48 | 49 | 5. C code Readme Files 50 | 51 | The Readme_getAndVerifyEK.txt and Readme_getAndVerifyEK2.txt files describe how to generate and compile the C tools 52 | getAndVerifyEK and getAndVerifyEK2 53 | 54 | a. Overview 55 | 56 | This tool is designed to be used by a customer after a platform's delivery, to verify the signature of the Endorsement Key (EK) Certificate and that it matches the EK in the TPM. It performs the following steps. 57 | 58 | o Fetch EK Cert from TPM NV – find the correct certificate based Template 59 | o Verify the EK Cert against the input EK CA Public Key Chain 60 | o Compare the EK in the Cert with the EK in the TPM 61 | 62 | 63 | b. Dependencies 64 | 65 | 1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (verison 1045+) 66 | 67 | 2. OpenSSL 1.0.x 68 | 69 | 70 | c. Build Instructions 71 | 72 | 1. Build OpenSSL (see instructions inside OpenSSL package) 73 | 74 | 2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS pacgage) 75 | 76 | 3. Link "ibmtss1045/utils/tss2/" and "ibmtss1045/utils/libtss.so*" to current directory 77 | 78 | 4. Run commands below: 79 | # cd src 80 | # make 81 | # cd .. 82 | 83 | 84 | d. Run 85 | 86 | To run this exectable file, run "./getAndVerifyEK2". 87 | 88 | END of README 89 | -------------------------------------------------------------------------------- /TPM2_Verifcation_Tools_Installation_Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/TPM2_Verifcation_Tools_Installation_Guide.pdf -------------------------------------------------------------------------------- /TPM2_Verifcation_Tools_Installation_Guide.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/TPM2_Verifcation_Tools_Installation_Guide.txt -------------------------------------------------------------------------------- /TPM2_Verifcation_Tools_Usage.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/TPM2_Verifcation_Tools_Usage.pdf -------------------------------------------------------------------------------- /TPM2_Verifcation_Tools_Usage.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/TPM2_Verifcation_Tools_Usage.txt -------------------------------------------------------------------------------- /cert.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/cert.cer -------------------------------------------------------------------------------- /getAndVerifyEK.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/getAndVerifyEK.exe -------------------------------------------------------------------------------- /getAndVerifyEK2.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/getAndVerifyEK2.exe -------------------------------------------------------------------------------- /lib/bcpkix-jdk15on-157.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/lib/bcpkix-jdk15on-157.jar -------------------------------------------------------------------------------- /lib/bcpkix-jdk15on-157.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/lib/bcpkix-jdk15on-157.txt -------------------------------------------------------------------------------- /lib/bcprov-jdk15on-157.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/lib/bcprov-jdk15on-157.jar -------------------------------------------------------------------------------- /lib/bcprov-jdk15on-157.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/lib/bcprov-jdk15on-157.txt -------------------------------------------------------------------------------- /platformCertFromXml.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: Workflow for generating platform certificate from XML files 3 | 4 | SETLOCAL 5 | 6 | set BLUE= 7 | set NC= 8 | set GREEN= 9 | set RED= 10 | 11 | set zz=0 12 | set name=%0 13 | 14 | :START 15 | if (%1)==() ( 16 | goto END 17 | ) 18 | if %1==-zz ( 19 | set zz=1 20 | ) 21 | if %1==-xcommon if not (%2)==() ( 22 | set xcommon=%2 23 | shift 24 | ) 25 | if %1==-xek if not (%2)==() ( 26 | set xek=%2 27 | shift 28 | ) 29 | if %1==-xplat if not (%2)==() ( 30 | set xplat=%2 31 | shift 32 | ) 33 | if %1==-privkey if not (%2)==() ( 34 | set privkey=%2 35 | shift 36 | ) 37 | if %1==-out if not (%2)==() ( 38 | set out=%2 39 | shift 40 | ) 41 | if %1==-der if not (%2)==() ( 42 | set der=%2 43 | shift 44 | ) 45 | if %1==-v ( 46 | set v=-v 47 | ) 48 | shift 49 | goto START 50 | :END 51 | 52 | :: Test legitimate combinations 53 | 54 | set valid=1 55 | 56 | :: at least one input xml file is required 57 | if not defined xcommon if not defined xek if not defined xplat ( 58 | set valid=0 59 | ) 60 | 61 | :: output file name is required 62 | if not defined out ( 63 | set valid=0 64 | ) 65 | 66 | if %valid%==0 ( 67 | echo %name%: Generate a Platform Certificate from ^(combining^) information input in XML formatted file^(s^) 68 | echo Usage: %name% [OPTIONS] 69 | echo OPTIONS: 70 | echo -xcommon ^ XML file containing information common accross platforms 71 | echo ^(at least one of -xcommon, -xek, -xplat is required^) 72 | echo -xek ^ XML file containing information contained in the Endorsement Key 73 | echo ^(The intended for EKIssuer, EKCertSerialNumber - which go into Holder field 74 | echo This file will typically be auto-generated by another tool in this toolset from the EK Cert in the TPM^) 75 | echo ^(at least one of -xcommon, -xek, -xplat is required^) 76 | echo -xplat ^ XML file containing information specific to this platform 77 | echo ^(at least one of -xcommon, -xek, -xplat is required^) 78 | echo -privkey ^ Signing private key for generated certificate 79 | echo ^(If this is not present the Platform Certificate will be signed with a default generic key^) 80 | echo -out ^ Output Platform Certificate file name ^(REQUIRED^) 81 | echo -der Output file will be in DER format if present, otherwise output will be in PEM format 82 | echo -v ^(Verbose mode^) 83 | exit /b 84 | ) 85 | 86 | :: Get working directory 87 | set DIR=%cd% 88 | 89 | :: Create the optional command line arguments 90 | set opt_cmd_line= 91 | 92 | if defined xcommon ( 93 | set opt_cmd_line=%opt_cmd_line% -c=%xcommon% 94 | ) 95 | 96 | if defined xplat ( 97 | set opt_cmd_line=%opt_cmd_line% -p=%xplat% 98 | ) 99 | 100 | if defined xek ( 101 | set opt_cmd_line=%opt_cmd_line% -e=%xek% 102 | ) 103 | 104 | if defined privkey ( 105 | set opt_cmd_line=%opt_cmd_line% -k=%privkey% 106 | ) 107 | 108 | :: Generate the platform certificate 109 | echo. 1>&2 110 | echo %BLUE%Generating Platform Certificate from input XML files%NC% 1>&2 111 | 112 | echo java -cp "%DIR%\tpm20VerificationToolset1.1.jar;%DIR%\lib\*" com.trustiphi.tpm2verification.PlatformCertFromXml %opt_cmd_line% -o=%out% %der% %v% 1>&2 113 | 114 | (java -cp "%DIR%\tpm20VerificationToolset1.1.jar;%DIR%\lib\*" com.trustiphi.tpm2verification.PlatformCertFromXml %opt_cmd_line% -o=%out% %der% %v% 1>&2) 115 | 116 | if %errorlevel% neq 0 ( 117 | echo %RED%Failed to generate Platform Certificate %out%%NC% 1>&2 118 | ) else ( 119 | echo %GREEN%Successfully generated Platform Certificate %out%%NC% 1>&2 120 | ) 121 | 122 | ENDLOCAL 123 | -------------------------------------------------------------------------------- /platformCertFromXml.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Workflow for generating platform certificate from XML files 3 | 4 | BLUE='\033[1;34m' 5 | NC='\033[0m' 6 | GREEN='\033[1;32m' 7 | RED='\033[1;31m' 8 | 9 | zz="0" 10 | 11 | while [[ $# > 0 ]] 12 | do 13 | key="$1" 14 | 15 | case $key in 16 | -zz) 17 | zz="1" 18 | ;; 19 | -xcommon) 20 | xcommon="$2" 21 | shift 22 | ;; 23 | -xek) 24 | xek="$2" 25 | shift 26 | ;; 27 | -xplat) 28 | xplat="$2" 29 | shift 30 | ;; 31 | -privkey) 32 | privkey="$2" 33 | shift 34 | ;; 35 | -out) 36 | out="$2" 37 | shift 38 | ;; 39 | -der) 40 | format="-der" 41 | shift 42 | ;; 43 | -v) 44 | v="-v" 45 | ;; 46 | 47 | *) 48 | # unknown option 49 | ;; 50 | esac 51 | shift # past argument or value 52 | done 53 | 54 | # Test legitimate combinations 55 | 56 | 57 | valid=1 58 | 59 | # at least one input xml file is required 60 | 61 | if [ -z "$xcommon" ] && [ -z "$xek" ] && [ -z "$xplat" ] 62 | then 63 | valid=0 64 | fi 65 | 66 | # output file name is required 67 | if [ -z "$out" ] 68 | then 69 | valid=0 70 | fi 71 | 72 | if [ $valid == 0 ] 73 | then 74 | echo "$0: Generate a Platform Certificate from (combining) information input in XML formatted file(s)" 75 | echo "Usage: $0 [OPTIONS]" 76 | echo "OPTIONS:" 77 | echo " -xcommon XML file containing information common accross platforms" 78 | echo " (at least one of -xcommon, -xek, -xplat is required)" 79 | echo " -xek XML file containing information contained in the Endorsement Key" 80 | echo " (The intended for EKIssuer, EKCertSerialNumber - which go into Holder field" 81 | echo " This file will typically be auto-generated by another tool in this toolset from the EK Cert in the TPM)" 82 | echo " (at least one of -xcommon, -xek, -xplat is required)" 83 | echo " -xplat XML file containing information specific to this platform" 84 | echo " (at least one of -xcommon, -xek, -xplat is required)" 85 | echo " -privkey Signing private key for generated certificate" 86 | echo " (If this is not present the Platform Certificate will be signed with a default generic key)" 87 | echo " -out Output Platform Certificate file name (REQUIRED)" 88 | echo " -der Output file will be in DER format if present, otherwise output will be in PEM format" 89 | echo " -v (Verbose mode)" 90 | exit 91 | 92 | 93 | else 94 | 95 | # Get working directory 96 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 97 | 98 | # Show options 99 | #echo "Options selected:" 100 | #echo "xcommon: $xcommon" 101 | #echo "xplat: $xplat" 102 | #echo "privkey: $privkey" 103 | #echo "out: $out" 104 | #echo "der: $der" 105 | #echo "v: $v" 106 | 107 | # Create the optional command line arguments 108 | opt_cmd_line="" 109 | if [ -n "$xcommon" ] 110 | then 111 | opt_cmd_line="$opt_cmd_line -c=$xcommon" 112 | fi 113 | 114 | if [ -n "$xplat" ] 115 | then 116 | opt_cmd_line="$opt_cmd_line -p=$xplat" 117 | fi 118 | 119 | if [ -n "$xek" ] 120 | then 121 | opt_cmd_line="$opt_cmd_line -e=$xek" 122 | fi 123 | 124 | if [ -n "$privkey" ] 125 | then 126 | opt_cmd_line="$opt_cmd_line -k=$privkey" 127 | fi 128 | 129 | # Generate the platform certificate 130 | >&2 echo " " 131 | >&2 printf "${BLUE}Generating Platform Certificate from input XML files${NC}\n" 132 | >&2 echo "java -cp $DIR/tpm20VerificationToolset1.1.jar:$DIR/lib/* com.trustiphi.tpm2verification.PlatformCertFromXml $opt_cmd_line -o=$out $der $v" 133 | (java -cp $DIR/tpm20VerificationToolset1.1.jar:$DIR/lib/* com.trustiphi.tpm2verification.PlatformCertFromXml $opt_cmd_line -o=$out $der $v) 134 | rc=$? 135 | if [ "$rc" -ne "0" ] 136 | then 137 | >&2 printf "${RED}Failed to generate Platform Certificate $out ${NC}\n" 138 | exit $rc 139 | else 140 | >&2 printf "${GREEN}Successfully generated Platform Certificate $out ${NC}\n" 141 | fi 142 | 143 | fi 144 | -------------------------------------------------------------------------------- /sampleFiles/CAchainECC.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaEccMfrCA003.pem 2 | ./sampleFiles/OptigaEccRootCA.pem 3 | -------------------------------------------------------------------------------- /sampleFiles/CAchainNuvoton.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/NuvotonTPMRootCA2110.pem 2 | -------------------------------------------------------------------------------- /sampleFiles/CAchainOptigaEccMfrCA022.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaEccMfrCA022.pem 2 | ./sampleFiles/OptigaEccRootCA.pem 3 | -------------------------------------------------------------------------------- /sampleFiles/CAchainOptigaRsaMfrCA022.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaRsaMfrCA022.pem 2 | ./sampleFiles/OptigaRsaRootCA.pem 3 | -------------------------------------------------------------------------------- /sampleFiles/CAchainRSA.txt: -------------------------------------------------------------------------------- 1 | ./sampleFiles/OptigaRsaMfrCA003.pem 2 | ./sampleFiles/OptigaRsaRootCA.pem 3 | -------------------------------------------------------------------------------- /sampleFiles/NuvotonTPMRootCA2110.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICBjCCAaygAwIBAgIIP5MvnZk8FrswCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY 3 | TnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s 4 | b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUxMDE5MDQzMjAwWhcNMzUx 5 | MDE1MDQzMjAwWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDIxMTAw 6 | JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU 7 | VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPv9uK2BNm8/nmIyNsc2/aKHV0WR 8 | ptzge3jKAIgUMosQIokl4LE3iopXWD3Hruxjf9vkLMDJrTeK3hWh2ySS4ySjZjBk 9 | MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSf 10 | u3mqD1JieL7RUJKacXHpajW+9zAfBgNVHSMEGDAWgBSfu3mqD1JieL7RUJKacXHp 11 | ajW+9zAKBggqhkjOPQQDAgNIADBFAiEA/jiywhOKpiMOUnTfDmXsXfDFokhKVNTX 12 | B6Xtqm7J8L4CICjT3/Y+rrSnf8zrBXqWeHDh8Wi41+w2ppq6Ev9orZFI 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /sampleFiles/OptigaEccMfrCA003.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRjCCAs2gAwIBAgIER3V5aDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND 5 | IFJvb3QgQ0EwHhcNMTQxMTI0MTU0OTQ3WhcNMzQxMTI0MTU0OTQ3WjCBgzELMAkG 6 | A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG 7 | A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH 8 | QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMFkwEwYHKoZIzj0CAQYIKoZI 9 | zj0DAQcDQgAECjK/9FKtsbnyopQGwokCmiJARyiyr4/G9Lthttr86gWbZ3MQsQ5V 10 | w+Api4ZrS01BO1F54Qc3aI2Ji3yPEE2U0qOCATgwggE0MFcGCCsGAQUFBwEBBEsw 11 | STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj 12 | Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFFVd72wz+DBEi62s 13 | /+yx03ut8eeGMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG 14 | A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj 15 | Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB 16 | FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF 17 | Z4EFCAEwCgYIKoZIzj0EAwMDZwAwZAIwZ9HqVEOTXAk1RGCLWk0aLfppEwQk2/VP 18 | AuQumUi48hbpfK41ZjB3IYoS9lgfEC+QAjAvWrLXq1v7rIm8Pcf6iZ+rlI72d/39 19 | q4sIXNmXHqUWrIegp+usDAGjAYDpBffEbow= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /sampleFiles/OptigaEccMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRzCCAs2gAwIBAgIEeBLchjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND 5 | IFJvb3QgQ0EwHhcNMTcwMzIxMTMzOTA3WhcNMzcwMzIxMTMzOTA3WjCBgzELMAkG 6 | A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG 7 | A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH 8 | QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMFkwEwYHKoZIzj0CAQYIKoZI 9 | zj0DAQcDQgAEt+5SPdxvaWHAUKuv0gtia7dbIQSaVslB3aqHkzhfS1930P+FZCmp 10 | TVbIxXkDTza+Wwtrofi6Iv+NCnQBslJu/qOCATgwggE0MFcGCCsGAQUFBwEBBEsw 11 | STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj 12 | Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFIzH4wB9wx8/J0OF 13 | yzCHkzmb1p0bMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG 14 | A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj 15 | Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB 16 | FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF 17 | Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIxAJPeOMJc0a3JD0BHPbLphFHMXlz8cd57 18 | 5aE1sFnU3DYSkasKcZLs/UCJNpPJ44jR/wIwJ0gbuL+rSQ6DsBkJZvByyIQ2bwI0 19 | 3InIj4rhlXOCqCcsgSQ93oE+Z4v7rTPjm9HI 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /sampleFiles/OptigaEccRootCA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G 3 | A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo 4 | VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv 5 | b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG 6 | EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL 7 | DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU 8 | TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 9 | GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe 10 | Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud 11 | DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T 12 | AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk 13 | MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ 14 | +O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /sampleFiles/OptigaRsaMfrCA003.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFszCCA5ugAwIBAgIEasM5FDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE 3 | RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP 4 | UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIFJvb3QgQ0EwHhcNMTQxMTI0MTUzNzE2WhcNMzQxMTI0MTUzNzE2WjCBgzEL 6 | MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa 7 | MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q 8 | VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMIIBIjANBgkqhkiG9w0B 9 | AQEFAAOCAQ8AMIIBCgKCAQEAuUD5SLLVYRmuxDjT3cWQbRTywTWUVFE3EupJQZjJ 10 | 9mvFc2KcjpQv6rpdaT4JC33P1M9iJgrHwYO0AZlGl2FcFpSNkc/3CWoMTT9rOdwS 11 | /MxlNSkxwTz6IAYUYh7+pd7T49NpRRGZ1dOMfyOxWgA4C0g3EP/ciIvA2cCZ95Hf 12 | ARD9NhuG2DAEYGNRSHY2d/Oxu+7ytzkGFFj0h1jnvGNJpWNCf3CG8aNc5gJAduMr 13 | WcaMHb+6fWEysg++F2FLav813+/61FqvSrUMsQg0lpE16KBA5QC2Wcr/kLZGVVGc 14 | uALtgJ/bnd8XgEv7W8WG+jyblUe+hkZWmxYluHS3yJeRbwIDAQABo4IBODCCATQw 15 | VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u 16 | LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E 17 | FgQUQLhoK40YRQorBoSdm1zZb0zd9L4wDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB 18 | /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv 19 | bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g 20 | BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS 21 | uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAeUzrsGq3oQOT 22 | mF7g71TtMMndwPxgZvaB4bAc7dNettn5Yc1usikERfvJu4/iBs/Tdl6z6TokO+6V 23 | JuBb6PDV7f5MFfffeThraPCTeDcyYBzQRGnoCxc8Kf81ZJT04ef8CQkkfuZHW1pO 24 | +HHM1ZfFfNdNTay1h83x1lg1U0KnlmJ5KCVFiB94owr9t5cUoiSbAsPcpqCrWczo 25 | Rsg1aTpokwI8Y45lqgt0SxEmQw2PIAEjHG2GQcLBDeI0c7cK5OMEjSMXStJHmNbp 26 | u4RHXzd+47nCD2kGV8Bx5QnK8qDVAFAe/UTDQi5mTtDFRL36Nns7jz8USemu+bw9 27 | l24PN73rKcB2wNF2/oFTLPHkdYfTKYGXG1g2ZkDcTAENSOq3fcTfAuyHQozBwYHG 28 | GGyyPHy6KvLkqMQuqeDv0QxGOtE+6cedFMP2D9bMaujR389mSm7DE6YyNQClRW7w 29 | J1+rNYuN2vErvB96ir1zljXq0yMxrm5nTeiAT4p5eoFqoeSYDbFljt/f+PebREiO 30 | nJIy4fdvKlHAf70gPdYpYipc4oTZxLeWjDQxRFFBDFrnLdlPSg6zSL2Q3ANAEI3y 31 | MtHaEaU0wbaBvezyzMUHI5nLnYFL+QRP4N2OFNI/ejBaEpmIXzf6+/eF40MNLHuR 32 | 9/B93Q+hpw8O6XZ7qx697I+5+smLlPQ= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /sampleFiles/OptigaRsaMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFszCCA5ugAwIBAgIEddrr8zANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE 3 | RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP 4 | UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIFJvb3QgQ0EwHhcNMTcwMzIxMTMyODA2WhcNMzcwMzIxMTMyODA2WjCBgzEL 6 | MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa 7 | MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q 8 | VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMIIBIjANBgkqhkiG9w0B 9 | AQEFAAOCAQ8AMIIBCgKCAQEAnFpFSA+DGquMUBFXwRPfuqD7xt8iM0P5erFCkhqW 10 | zt9DRzHt8ZP6+oPa+rlKncXyvpPAZckchkMRI9c6VRLWMFtMKxgnp19Z1aZKHWNo 11 | dcLACmHQWVaw7KRraVrGLg/v7oZB7Hlqd/OByP83r1WoR4hWzhYS98bSIYAlZYOk 12 | bvGpyilwkKBBiuhyBylGg1PS06b5sbEUgxlb0YA8pWrWICDYIwQTRXcrXZqqXct5 13 | wnuhoTHnxGnhBmbrnGkhAoTomXcFdzBchk/NBdUsIWZ3J1RE+1rLftcODqZ79hpd 14 | Ixi3ltYfVBrBsAKTrP+7Qh4o/xncu1cZTYO4Kj4dQ++RCQIDAQABo4IBODCCATQw 15 | VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u 16 | LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E 17 | FgQUcCbQntk13NxE2E19p1zPCrwf3gowDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB 18 | /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv 19 | bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g 20 | BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS 21 | uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAiPpFXHrY2Br9 22 | z4Uw9+7YLlyEWgZfH6BRrDzXUHzuePRSa8odikOrDX/UcZYjzjJOOmDZhMDH9RGC 23 | xf5ZmJgDBirgk6GF27qgKyGi6TM2SMPp1EfPC/QigAEeBdSeHJPqfDSiaHaFRCuB 24 | MZSdy6oIXZhfaKd6iT//m2eYMHu7bVWBB/g9fwTvmSkim8EGjMOkiBrZWsejkbwu 25 | /Z9rTTw/fsZs1gCLLIiCB9oQbnsz07VIPqucup+rhv9XVJ/cWs4qo0GeWKuExGuk 26 | ZfjXSqIlmldb/SnGoX8U+GhweElMLWTYAResAtaEMDg2vPek87PXywnRWbMEt68t 27 | PSwxAM5bqeD7eSl4WR+kRgx8harnDrBi2mwch4C4IqMHn6bP/OysDODw72o62nXu 28 | 5jqR0UIz4zGvkkYlMuPcQ1izfYcd7m+MB5spZe9vxbVaXkPa+XF2b0uZNMyyOuME 29 | vMubFylnNiqmcAl8U+8RVRlLxG2Hh35KK9qIlQ2lZ7hTPRmQpFC9S4uRIzonXnL8 30 | 7L6BVkn8zjCtL3xu9S7Br77y5DQCR++WLACS+tKY6NXmW4pXEcDBqwWsKTwaXjvP 31 | ICAGfLGQZ+uFoKhRM5w3OySzsWV5l2U7hxBrrag2L6cNkUbVvSrEjXxaDq9xQTS6 32 | 8OY/sm8ZOVzgfXKihvQuMr9uE8wq3s4= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /sampleFiles/OptigaRsaRootCA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh 3 | MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ 4 | R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB 5 | IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD 6 | VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD 7 | VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH 8 | QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC 9 | AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn 10 | 25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr 11 | R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS 12 | JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT 13 | ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl 14 | 8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 15 | 7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 16 | bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d 17 | cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS 18 | ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu 19 | 81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV 20 | HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud 21 | EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN 22 | UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M 23 | BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y 24 | rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ 25 | gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y 26 | np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 27 | DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr 28 | la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf 29 | Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR 30 | pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv 31 | JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM 32 | 6sJa8iBpdRjZrBp5sJBI 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /sampleFiles/sample_ekcert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIElTCCA32gAwIBAgIEHhwNFDANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC 3 | REUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgGA1UECwwR 4 | T1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMB4XDTE2MDEwMTEzMjgyN1oXDTMxMDEw 6 | MTEzMjgyN1owADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIzGgyCA 7 | aBPKqzesD3p5Uecy3TjIvuBDnHxkJUjTXZiziB3bSOyRO2xRvSBKi/I9mpxmPPvo 8 | UGKE9N1luN8mIT3G82HP0BBGm8IAXi0/9nb/qauFjy4ZWXnVtp1ntuNHUOBq+rK1 9 | ktf/eqZOX/pAv2ocZPC4mn/hvbTAD1T2km9M6mmLxlvjVQNrHIbm0cpjArHty8qN 10 | Hgm6t9aJ3JvTHgPGUQoN9VDnGoZvpC91ivJddv55uf7RyCbMz1hDhvi/eTSZVB15 11 | erreu2jRlz9t8Sj+v6AruyeaTMxUeo88hloIbvvE7hZrblnB5Px6/sTA4J7GjJ/d 12 | u2ZEa68MZg8ccskCAwEAAaOCAZEwggGNMFsGCCsGAQUFBwEBBE8wTTBLBggrBgEF 13 | BQcwAoY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0EwMDMv 14 | T3B0aWdhUnNhTWZyQ0EwMDMuY3J0MA4GA1UdDwEB/wQEAwIAIDBRBgNVHREBAf8E 15 | RzBFpEMwQTEWMBQGBWeBBQIBDAtpZDo0OTQ2NTgwMDETMBEGBWeBBQICDAhTTEIg 16 | OTY2NTESMBAGBWeBBQIDDAdpZDowNTI4MAwGA1UdEwEB/wQCMAAwUAYDVR0fBEkw 17 | RzBFoEOgQYY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0Ew 18 | MDMvT3B0aWdhUnNhTWZyQ0EwMDMuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQBFAEw 19 | HwYDVR0jBBgwFoAUQLhoK40YRQorBoSdm1zZb0zd9L4wEAYDVR0lBAkwBwYFZ4EF 20 | CAEwIQYDVR0JBBowGDAWBgVngQUCEDENMAsMAzIuMAIBAAIBdDANBgkqhkiG9w0B 21 | AQsFAAOCAQEAryCAA5SqjLE4auHhpf1X2tr88+fZjvGVez2HTEvBQXETWDICx/lA 22 | UTfVhD5GH1ZqvYyc1AVcnUZLFWiwTvdxIAuCGeH4gVrsqQat3MsSE4XhHyQB6E4N 23 | aLe5O1EeX5l7ZSYOfASNc46YrBqo7z0xT8ggNYfPeYhLJSyuMZQthaR1zRkPjCjy 24 | 3HQ6avcn2D1j3LRbHHl5q54RMAHtMC3CFuUlOgb08fomYnczJglFtsxfti0npj0Q 25 | r+iYoM4GG5isogdVG6yYkETbh2rj+wdGw+H/JeIMgvXHidUX3W1Zt8nRbvJEq+kk 26 | hrYc4bLtr3kjJtP3OGBM15jOqVRHRIKIYw== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /sampleFiles/sample_ekcert.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1e1c0d14 4 | C=DE,O=Infineon Technologies AG,OU=OPTIGA(TM) TPM2.0,CN=Infineon OPTIGA(TM) RSA Manufacturing CA 003 5 | 6 | -------------------------------------------------------------------------------- /sampleFiles/sample_ekcert_OptigaRsaMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIElTCCA32gAwIBAgIEM8iEZjANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC 3 | REUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgGA1UECwwR 4 | T1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMB4XDTE3MDIyNDE0MjgxMloXDTMyMDIy 6 | NDE0MjgxMlowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOxoDSA 7 | hCeBfbynsDNWGOIqAwA/UmB6Uiv/RIKPz+fKjsNxnmRxMEC++RrCatnTGKHRCtEj 8 | DRzbA0XtSEM7CpqkWS/XATRBb3dQ7jlkoBE+8vzQ8moXKIou1yQK9aXqRss9sjp1 9 | iAKt0UPav6bMTgAh6XEaQ+n6wuUlRTj9jm/+DnVHPRWW0bF8RtIBnHtNXlUbz4cN 10 | DGBiy+FMkboZBcvioYOIT3wjmWKajhjg6D6X4RcvERUFpSkPWfvUrw2Ie45Y93BM 11 | ixazE/ZeC3fP4o+xle3Vx51iDCxwFeZqoJ8+XaalB7rOq5hQ+m7gepge7O7IsHxY 12 | rL668HPtAItErdsCAwEAAaOCAZEwggGNMFsGCCsGAQUFBwEBBE8wTTBLBggrBgEF 13 | BQcwAoY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0EwMjIv 14 | T3B0aWdhUnNhTWZyQ0EwMjIuY3J0MA4GA1UdDwEB/wQEAwIAIDBRBgNVHREBAf8E 15 | RzBFpEMwQTEWMBQGBWeBBQIBDAtpZDo0OTQ2NTgwMDETMBEGBWeBBQICDAhTTEIg 16 | OTY2NTESMBAGBWeBBQIDDAdpZDowNTNEMAwGA1UdEwEB/wQCMAAwUAYDVR0fBEkw 17 | RzBFoEOgQYY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0Ew 18 | MjIvT3B0aWdhUnNhTWZyQ0EwMjIuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQBFAEw 19 | HwYDVR0jBBgwFoAUcCbQntk13NxE2E19p1zPCrwf3gowEAYDVR0lBAkwBwYFZ4EF 20 | CAEwIQYDVR0JBBowGDAWBgVngQUCEDENMAsMAzIuMAIBAAIBdDANBgkqhkiG9w0B 21 | AQsFAAOCAQEAOoQr3ZgYsGhWH3aEKfGNuJoC89/blKmfum3f2BqQKW9ZqHiwRJba 22 | DTRTgmHiqIwrnwHYgwFQb9rINrz6dx/UUCViBdf2lug25irSF/SUW1MR0UmT9HSp 23 | 09XUUHTt7iFwa34d5QY8k3X5cuJoj7k9TR3l/UEpyeAK+F+ARV0QGQx6svodSFIR 24 | bvpByiKmfMSZt89AzlkX/Ljgcvy/fDwTIVXQLIOjRl2tX5hAOq+7AILg2Clj1kIj 25 | gDZKd/ER7zTro2YEllrDK7hcUFfgO1iSRNemugnENsILoRJdh/ifZ678LikZRvGK 26 | ufL3nwYtaqqz4C0bXTqQt+aWs8fm3k6CLw== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /sampleFiles/sample_plat_cert.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/sampleFiles/sample_plat_cert.cer -------------------------------------------------------------------------------- /sampleFiles/sample_plat_cert_common.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2020-08-20T11:53:44.000-04:00 4 | 2 5 | 0 6 | 43 7 | 2017-08-20T11:53:44.000-04:00 8 | 0x00000001 9 | C=US,ST=CA,L=Santa Clara,O=Intel Corporation,OU=Platform Attribute Certificate Issuer,CN=www.intel.com 10 | 11 | 1.2.840.113741.1.5.2.4 12 | 13 | 1.3.6.1.5.5.7.2.1 14 | https://www.intel.com/platcertcps.pdf 15 | 16 | 17 | 1.3.6.1.5.5.7.2.2 18 | TCG Trusted Platform Endorsement 19 | 20 | 21 | 9993D439CB32E2AB95F737A3B777291CD4A439B6 22 | 1.3.6.1.5.5.7.48.1 23 | 24 | uniformResourceIdentifier 25 | https://www.intel.com/ocsp 26 | 27 | SHA256WITHRSA 28 | 0 29 | 30 | 3.1 31 | 7 32 | 2 33 | false 34 | 1 35 | 1.2.3.4.5.6 36 | 37 | https://www.intel.com/protectionprofile.pdf 38 | 39 | 1.2.3.4.5.7 40 | 41 | https://www.intel.com/cctarget.pdf 42 | 43 | 44 | 140-2 45 | 4 46 | false 47 | 3 48 | false 49 | https://www.intel.com/isocertification.pdf 50 | 1 51 | 0 52 | 11 53 | 54 | https://www.intel.com/PCRs.xml 55 | 56 | 57 | -------------------------------------------------------------------------------- /sampleFiles/sample_plat_cert_ek.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 37408374 4 | C=US,ST=CA,L=Santa Clara,O=Intel Corporation,OU=EK Certificate Issuer,CN=www.intel.com 5 | 6 | -------------------------------------------------------------------------------- /sampleFiles/sample_plat_cert_platform.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 602967ea7924fdee6cc150b91e83777d1f427999 4 | Intel 5 | S2600KP 6 | H76962-350 7 | BQKP99940643 8 | 1.3.6.1.4.1.343 9 | 10 | Mitac-Shunde 11 | WR06X7871FTL 12 | A5555-999 13 | 1.1 14 | 1.3.6.1.4.1.300 15 | true 16 | 17 | 2.23.133.17.1 18 | AF:3A:94:10:A5 19 | 20 | 21 | 2.23.133.17.2 22 | AF:37:10:D2:A8 23 | 24 | 25 | 26 | Mitac-Shunde 27 | LMBT3904DW1T1G 28 | C5555-555 29 | 3.1 30 | 1.3.6.1.4.1.300 31 | false 32 | 33 | 2.23.133.17.1 34 | 82:89:FA:D3:61 35 | 36 | 37 | 2.23.133.17.2 38 | D4:83:B4:F2:78 39 | 40 | 41 | 42 | vPro 43 | true 44 | 45 | 46 | AMT 47 | true 48 | 49 | 50 | https://www.intel.com/platformproperties.xml 51 | 52 | 53 | -------------------------------------------------------------------------------- /sample_ekcert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIElTCCA32gAwIBAgIEHhwNFDANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC 3 | REUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgGA1UECwwR 4 | T1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDAzMB4XDTE2MDEwMTEzMjgyN1oXDTMxMDEw 6 | MTEzMjgyN1owADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIzGgyCA 7 | aBPKqzesD3p5Uecy3TjIvuBDnHxkJUjTXZiziB3bSOyRO2xRvSBKi/I9mpxmPPvo 8 | UGKE9N1luN8mIT3G82HP0BBGm8IAXi0/9nb/qauFjy4ZWXnVtp1ntuNHUOBq+rK1 9 | ktf/eqZOX/pAv2ocZPC4mn/hvbTAD1T2km9M6mmLxlvjVQNrHIbm0cpjArHty8qN 10 | Hgm6t9aJ3JvTHgPGUQoN9VDnGoZvpC91ivJddv55uf7RyCbMz1hDhvi/eTSZVB15 11 | erreu2jRlz9t8Sj+v6AruyeaTMxUeo88hloIbvvE7hZrblnB5Px6/sTA4J7GjJ/d 12 | u2ZEa68MZg8ccskCAwEAAaOCAZEwggGNMFsGCCsGAQUFBwEBBE8wTTBLBggrBgEF 13 | BQcwAoY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0EwMDMv 14 | T3B0aWdhUnNhTWZyQ0EwMDMuY3J0MA4GA1UdDwEB/wQEAwIAIDBRBgNVHREBAf8E 15 | RzBFpEMwQTEWMBQGBWeBBQIBDAtpZDo0OTQ2NTgwMDETMBEGBWeBBQICDAhTTEIg 16 | OTY2NTESMBAGBWeBBQIDDAdpZDowNTI4MAwGA1UdEwEB/wQCMAAwUAYDVR0fBEkw 17 | RzBFoEOgQYY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0Ew 18 | MDMvT3B0aWdhUnNhTWZyQ0EwMDMuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQBFAEw 19 | HwYDVR0jBBgwFoAUQLhoK40YRQorBoSdm1zZb0zd9L4wEAYDVR0lBAkwBwYFZ4EF 20 | CAEwIQYDVR0JBBowGDAWBgVngQUCEDENMAsMAzIuMAIBAAIBdDANBgkqhkiG9w0B 21 | AQsFAAOCAQEAryCAA5SqjLE4auHhpf1X2tr88+fZjvGVez2HTEvBQXETWDICx/lA 22 | UTfVhD5GH1ZqvYyc1AVcnUZLFWiwTvdxIAuCGeH4gVrsqQat3MsSE4XhHyQB6E4N 23 | aLe5O1EeX5l7ZSYOfASNc46YrBqo7z0xT8ggNYfPeYhLJSyuMZQthaR1zRkPjCjy 24 | 3HQ6avcn2D1j3LRbHHl5q54RMAHtMC3CFuUlOgb08fomYnczJglFtsxfti0npj0Q 25 | r+iYoM4GG5isogdVG6yYkETbh2rj+wdGw+H/JeIMgvXHidUX3W1Zt8nRbvJEq+kk 26 | hrYc4bLtr3kjJtP3OGBM15jOqVRHRIKIYw== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /sample_ekcert.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1e1c0d14 4 | C=DE,O=Infineon Technologies AG,OU=OPTIGA(TM) TPM2.0,CN=Infineon OPTIGA(TM) RSA Manufacturing CA 003 5 | 6 | -------------------------------------------------------------------------------- /sample_ekcert_OptigaRsaMfrCA022.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIElTCCA32gAwIBAgIEM8iEZjANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC 3 | REUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgGA1UECwwR 4 | T1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElHQShUTSkg 5 | UlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDIyMB4XDTE3MDIyNDE0MjgxMloXDTMyMDIy 6 | NDE0MjgxMlowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOxoDSA 7 | hCeBfbynsDNWGOIqAwA/UmB6Uiv/RIKPz+fKjsNxnmRxMEC++RrCatnTGKHRCtEj 8 | DRzbA0XtSEM7CpqkWS/XATRBb3dQ7jlkoBE+8vzQ8moXKIou1yQK9aXqRss9sjp1 9 | iAKt0UPav6bMTgAh6XEaQ+n6wuUlRTj9jm/+DnVHPRWW0bF8RtIBnHtNXlUbz4cN 10 | DGBiy+FMkboZBcvioYOIT3wjmWKajhjg6D6X4RcvERUFpSkPWfvUrw2Ie45Y93BM 11 | ixazE/ZeC3fP4o+xle3Vx51iDCxwFeZqoJ8+XaalB7rOq5hQ+m7gepge7O7IsHxY 12 | rL668HPtAItErdsCAwEAAaOCAZEwggGNMFsGCCsGAQUFBwEBBE8wTTBLBggrBgEF 13 | BQcwAoY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0EwMjIv 14 | T3B0aWdhUnNhTWZyQ0EwMjIuY3J0MA4GA1UdDwEB/wQEAwIAIDBRBgNVHREBAf8E 15 | RzBFpEMwQTEWMBQGBWeBBQIBDAtpZDo0OTQ2NTgwMDETMBEGBWeBBQICDAhTTEIg 16 | OTY2NTESMBAGBWeBBQIDDAdpZDowNTNEMAwGA1UdEwEB/wQCMAAwUAYDVR0fBEkw 17 | RzBFoEOgQYY/aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNhTWZyQ0Ew 18 | MjIvT3B0aWdhUnNhTWZyQ0EwMjIuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQBFAEw 19 | HwYDVR0jBBgwFoAUcCbQntk13NxE2E19p1zPCrwf3gowEAYDVR0lBAkwBwYFZ4EF 20 | CAEwIQYDVR0JBBowGDAWBgVngQUCEDENMAsMAzIuMAIBAAIBdDANBgkqhkiG9w0B 21 | AQsFAAOCAQEAOoQr3ZgYsGhWH3aEKfGNuJoC89/blKmfum3f2BqQKW9ZqHiwRJba 22 | DTRTgmHiqIwrnwHYgwFQb9rINrz6dx/UUCViBdf2lug25irSF/SUW1MR0UmT9HSp 23 | 09XUUHTt7iFwa34d5QY8k3X5cuJoj7k9TR3l/UEpyeAK+F+ARV0QGQx6svodSFIR 24 | bvpByiKmfMSZt89AzlkX/Ljgcvy/fDwTIVXQLIOjRl2tX5hAOq+7AILg2Clj1kIj 25 | gDZKd/ER7zTro2YEllrDK7hcUFfgO1iSRNemugnENsILoRJdh/ifZ678LikZRvGK 26 | ufL3nwYtaqqz4C0bXTqQt+aWs8fm3k6CLw== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /sample_plat_cert.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/sample_plat_cert.cer -------------------------------------------------------------------------------- /sample_plat_cert_common.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2020-08-20T11:53:44.000-04:00 4 | 2 5 | 0 6 | 43 7 | 2017-08-20T11:53:44.000-04:00 8 | 0x00000001 9 | C=US,ST=CA,L=Santa Clara,O=Intel Corporation,OU=Platform Attribute Certificate Issuer,CN=www.intel.com 10 | 11 | 1.2.840.113741.1.5.2.4 12 | 13 | 1.3.6.1.5.5.7.2.1 14 | https://www.intel.com/platcertcps.pdf 15 | 16 | 17 | 1.3.6.1.5.5.7.2.2 18 | TCG Trusted Platform Endorsement 19 | 20 | 21 | 9993D439CB32E2AB95F737A3B777291CD4A439B6 22 | 1.3.6.1.5.5.7.48.1 23 | 24 | uniformResourceIdentifier 25 | https://www.intel.com/ocsp 26 | 27 | SHA256WITHRSA 28 | 0 29 | 30 | 3.1 31 | 7 32 | 2 33 | false 34 | 1 35 | 1.2.3.4.5.6 36 | 37 | https://www.intel.com/protectionprofile.pdf 38 | 39 | 1.2.3.4.5.7 40 | 41 | https://www.intel.com/cctarget.pdf 42 | 43 | 44 | 140-2 45 | 4 46 | false 47 | 3 48 | false 49 | https://www.intel.com/isocertification.pdf 50 | 1 51 | 0 52 | 11 53 | 54 | https://www.intel.com/PCRs.xml 55 | 56 | 57 | -------------------------------------------------------------------------------- /sample_plat_cert_ek.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 37408374 4 | C=US,ST=CA,L=Santa Clara,O=Intel Corporation,OU=EK Certificate Issuer,CN=www.intel.com 5 | 6 | -------------------------------------------------------------------------------- /sample_plat_cert_platform.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 602967ea7924fdee6cc150b91e83777d1f427999 4 | Intel 5 | S2600KP 6 | H76962-350 7 | BQKP99940643 8 | 1.3.6.1.4.1.343 9 | 10 | Mitac-Shunde 11 | WR06X7871FTL 12 | A5555-999 13 | 1.1 14 | 1.3.6.1.4.1.300 15 | true 16 | 17 | 2.23.133.17.1 18 | AF:3A:94:10:A5 19 | 20 | 21 | 2.23.133.17.2 22 | AF:37:10:D2:A8 23 | 24 | 25 | 26 | Mitac-Shunde 27 | LMBT3904DW1T1G 28 | C5555-555 29 | 3.1 30 | 1.3.6.1.4.1.300 31 | false 32 | 33 | 2.23.133.17.1 34 | 82:89:FA:D3:61 35 | 36 | 37 | 2.23.133.17.2 38 | D4:83:B4:F2:78 39 | 40 | 41 | 42 | vPro 43 | true 44 | 45 | 46 | AMT 47 | true 48 | 49 | 50 | https://www.intel.com/platformproperties.xml 51 | 52 | 53 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/Readme_getAndVerifyEK.txt: -------------------------------------------------------------------------------- 1 | GetAndVerifyEK 2 | 3 | 1. Overview 4 | 5 | This tool is designed to be used to verify an Endorsement Key (EK) and TPM during a platform's manufacturing process for platform certificate generation. It performs the following steps. 6 | 7 | o If no input EK Cert: Get the EK Cert from TPM NV 8 | o If input EK Cert: Load EK Cert (PEM) 9 | o Verify the EK Cert against the input CA Certificate Chain 10 | o Verify EK (Sorted session, or Make/Activate Credential) 11 | o If input EK Cert: Compare the EK in the Cert with the EK in the TPM (OpenSSL) 12 | 13 | 14 | 2. Dependencies 15 | 16 | This software has the following dependencies. 17 | 18 | 1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (verison 1045+) 19 | 20 | 2. OpenSSL 1.0.x 21 | 22 | 3. [optional] IBM's Software TPM 2.0 (https://sourceforge.net/projects/ibmswtpm2/) (version 974+) (This tool employs two techniques for verifying that private part of the EK is in the TPM. This package is only needed for the make/activate-credential EK verifcation technique. This library is required to emplow the EK by make/activate credential verification because the make-credential step is done in a SW TPM. For more details on the verfication techniques, see the design document.) 23 | 24 | 25 | 3. Build Instructions 26 | 27 | 1. Build OpenSSL (see instructions inside OpenSSL package) 28 | 29 | 2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS pacgage) 30 | 31 | 3. Link "ibmtss1045/utils/tss2/" and "ibmtss1045/utils/libtss.so*" to current directory 32 | 33 | 4. Run commands below: 34 | # cd src 35 | # make 36 | # cd .. 37 | 38 | 5. [optional] Build IBM's Software TPM 2.0 (see instructions inside IBM TPM package) 39 | 40 | 41 | 4. Run Instructions 42 | 43 | 1. [optional] Run IBM's SW TPM: 44 | # cd /ibmtpm974/src/ 45 | # ./tmp_server & 46 | # cd /ibmtss1045/utils/ 47 | # ./powerup 48 | # ./startup 49 | 50 | 2. To run this exectable file, run "./getAndVerifyEK". 51 | 52 | 5. Usage 53 | 54 | getAndVerifyEK -ekcacert [-ekc ] [-ekout ] [-ekindex <1 | 2>] [-ekmehod <1 | 2>] [-endorsementpw ] [-ownerpw ] [-v] 55 | 56 | -ekcacert where the file contains a list of filenames of CA certificates 57 | (including the root and intermeidate ones) for the EK certificate 58 | -ekc where the file contains the EK certificate 59 | -ekout where filename is the name of the output EK Cert PEM file 60 | -ekindex <1 | 2> The built-in EK certificate "index" indicating which EK certificate 61 | in the NV to use, RSA, or ECC. 1 for RSA and 2 for ECC. 62 | This is not a required option. If not included on the command line, 63 | the code will attempt to use RSA and if not found will use ECC. 64 | -ekmethod <1 | 2> Indicates which method will be used for TPM validation. 65 | In method 1, a make credential and activate credential are performed, 66 | while in method 2, a salted session is used. This is not a required option. 67 | If not included on the command line, method 2 will be used. 68 | -endorsementpw password for endorsement auth 69 | -ownerpw password for owner auth 70 | -v verbose mode 71 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/Readme_getAndVerifyEK_updated_10-31-18.txt: -------------------------------------------------------------------------------- 1 | GetAndVerifyEK 2 | 3 | 1. Overview 4 | 5 | This tool is designed to be used to verify an Endorsement Key (EK) and TPM during a platform's manufacturing process for platform certificate generation. It performs the following steps. 6 | 7 | o If no input EK Cert: Get the EK Cert from TPM NV 8 | o If input EK Cert: Load EK Cert (PEM) 9 | o Verify the EK Cert against the input CA Certificate Chain 10 | o Verify EK (Sorted session, or Make/Activate Credential) 11 | o If input EK Cert: Compare the EK in the Cert with the EK in the TPM (OpenSSL) 12 | 13 | 14 | 2. Dependencies 15 | 16 | This software has the following dependencies. 17 | 18 | 1. IBM's TPM 2.0 TSS Verison 1045 (https://sourceforge.net/projects/ibmtpm20tss/) 19 | (Note that if a later version of the TSS is used, modifications to the paths in the "#include" statements in the c source code may be required. Additionally, this code has not been tested with later versions of the TSS). 20 | 21 | 2. OpenSSL 1.0.x 22 | 23 | 3. [optional] IBM's Software TPM 2.0 (https://sourceforge.net/projects/ibmswtpm2/) (version 974+) (This tool employs two techniques for verifying that private part of the EK is in the TPM. This package is only needed for the make/activate-credential EK verifcation technique. This library is required to emplow the EK by make/activate credential verification because the make-credential step is done in a SW TPM. For more details on the verfication techniques, see the design document.) 24 | 25 | 26 | 3. Build Instructions 27 | 28 | 1. Build OpenSSL (see instructions inside OpenSSL package) 29 | 30 | 2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS pacgage) 31 | 32 | 3. Change directory ("cd") to the folder "/src/c/getAndVerifyEK". (This is should be the folder containing this readme file.) 33 | 34 | 4. Create soft links to the folder "/utils/tss2/", and the library files "/utils/libtss.so", "/utils/libtss.so.0", and "/utils/libtss.so.0.1" in the current folder as follows. 35 | # ln -s /utils/tss2/ . 36 | # ln -s /utils/libtss.so . 37 | # ln -s /utils/libtss.so.0 . 38 | # ln -s /utils/libtss.so.0.1 . 39 | 40 | 5. Run commands below: 41 | # cd src 42 | # make 43 | # cd .. 44 | 45 | 6. [optional] Build IBM's Software TPM 2.0 (see instructions inside IBM TPM package) 46 | 47 | 48 | 4. Run Instructions 49 | 50 | 1. [optional] Run IBM's SW TPM: 51 | # cd /ibmtpm974/src/ 52 | # ./tmp_server & 53 | # cd /ibmtss1045/utils/ 54 | # ./powerup 55 | # ./startup 56 | 57 | 2. To run this exectable file, run "./getAndVerifyEK". 58 | 59 | 5. Usage 60 | 61 | getAndVerifyEK -ekcacert [-ekc ] [-ekout ] [-ekindex <1 | 2>] [-ekmehod <1 | 2>] [-endorsementpw ] [-ownerpw ] [-v] 62 | 63 | -ekcacert where the file contains a list of filenames of CA certificates 64 | (including the root and intermeidate ones) for the EK certificate 65 | -ekc where the file contains the EK certificate 66 | -ekout where filename is the name of the output EK Cert PEM file 67 | -ekindex <1 | 2> The built-in EK certificate "index" indicating which EK certificate 68 | in the NV to use, RSA, or ECC. 1 for RSA and 2 for ECC. 69 | This is not a required option. If not included on the command line, 70 | the code will attempt to use RSA and if not found will use ECC. 71 | -ekmethod <1 | 2> Indicates which method will be used for TPM validation. 72 | In method 1, a make credential and activate credential are performed, 73 | while in method 2, a salted session is used. This is not a required option. 74 | If not included on the command line, method 2 will be used. 75 | -endorsementpw password for endorsement auth 76 | -ownerpw password for owner auth 77 | -v verbose mode 78 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/commonerror.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common Error Codes */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commonerror.h 895 2016-12-31 16:52:59Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef COMMONERROR_H 41 | #define COMMONERROR_H 42 | 43 | /* client errors */ 44 | 45 | #define ACE_PACKET_LENGTH 0x90000001 /* client packet length too large */ 46 | #define ACE_READ 0x90000002 /* client data read error */ 47 | #define ACE_WRITE 0x90000003 /* client data write error */ 48 | #define ACE_JSON_COMMAND 0x90000004 /* client json command parse error */ 49 | #define ACE_JSON_KEY 0x90000005 /* json missing key */ 50 | #define ACE_HEXASCII 0x90000006 /* client malformed hexascii */ 51 | #define ACE_INVALID_CERT 0x90000007 /* client certificate is invalid */ 52 | #define ACE_MISMATCH_CERT 0x90000008 /* client certificate mismatch */ 53 | 54 | #define ACE_QUOTE_SIGNATURE 0x90000010 /* client quote signature invalid */ 55 | #define ACE_QUOTE_MISSING 0x90000011 /* client quote has not been sent */ 56 | #define ACE_PCR_LENGTH 0x90000012 /* client PCR length incorrect */ 57 | #define ACE_PCR_BANK 0x90000013 /* client PCR bank incorrect */ 58 | #define ACE_PCR_SELECT 0x90000014 /* client PCR select incorrect */ 59 | #define ACE_PCR_VALUE 0x90000015 /* client PCRs values incorrect */ 60 | #define ACE_PCR_MISSING 0x90000016 /* client PCRs missing in DB */ 61 | #define ACE_DIGEST_LENGTH 0x90000017 /* client digest length is incorrect */ 62 | #define ACE_DIGEST_VALUE 0x90000018 /* client digest value is incorrect */ 63 | #define ACE_NONCE_LENGTH 0x90000019 /* client nonce length is incorrect */ 64 | #define ACE_NONCE_VALUE 0x9000001a /* client nonce value is incorrect */ 65 | #define ACE_NONCE_MISSING 0x9000001b /* client nonce value missing */ 66 | #define ACE_NONCE_USED 0x9000001c /* client nonce value has already been used */ 67 | #define ACE_PCR_INDEX 0x9000001d /* client invalid PCR index */ 68 | #define ACE_BAD_ALGORITHM 0x9000001e /* client algorithm not supported */ 69 | 70 | #define ACE_EVENT 0x90000020 /* client event invalid */ 71 | #define ACE_NO_ENROLL_REQ 0x90000021 /* client hostname missing enroll request */ 72 | #define ACE_ENROLLED 0x90000022 /* client hostname already enrolled */ 73 | #define ACE_NOT_ENROLLED 0x90000023 /* client hostname not enrolled */ 74 | #define ACE_INVALID_KEY 0x90000024 /* client attestation key invalid */ 75 | #define ACE_OSSL_AES 0x90000025 /* client decrypt error */ 76 | #define ACE_UNKNOWN_CMD 0x90000026 /* client unknown command */ 77 | #define ACE_BAD_JSON 0x90000027 /* client sent malformed json */ 78 | #define ACE_OUT_OF_MEMORY 0x90000028 /* client out of memory */ 79 | #define ACE_FILE_OPEN 0x9000002a /* client file open failure */ 80 | #define ACE_FILE_READ 0x9000002b /* client file read failure */ 81 | #define ACE_OSSL_X509 0x9000002c /* openssl X509 failure */ 82 | #define ACE_OSSL_ECC 0x9000002e /* openssl ECC failure */ 83 | 84 | /* server errors, likely fatal */ 85 | 86 | #define ASE_ACCEPT 0x80000001 /* client accept failed */ 87 | #define ASE_OUT_OF_MEMORY 0x80000002 /* server out of memory */ 88 | #define ASE_PACKET_LENGTH 0x80000003 /* server packet length too large */ 89 | #define ASE_JSON_SERIALIZE 0x80000004 /* server could not serialize response */ 90 | #define ASE_OSSL_RAND 0x80000005 /* openssl random number failure */ 91 | #define ASE_SQL_CONNECT 0x80000006 /* server could not connect to database */ 92 | #define ASE_SQL_QUERY 0x80000007 /* server database query failed */ 93 | #define ASE_OSSL_BIO 0x80000008 /* openssl BIO failure */ 94 | #define ASE_OSSL_PEM 0x80000009 /* openssl PEM failure */ 95 | #define ASE_OSSL_X509 0x8000000a /* openssl X509 failure */ 96 | #define ASE_OSSL_NID 0x8000000b /* openssl NID failure */ 97 | #define ASE_OSSL_BN 0x8000000c /* openssl BN failure */ 98 | #define ASE_OSSL_RSA 0x8000000d /* openssl RSA failure */ 99 | #define ASE_OSSL_AES 0x8000000e /* openssl AES failure */ 100 | #define ASE_FILE_READ 0x8000000f /* server file read failure */ 101 | #define ASE_NO_RESPONSE 0x80000010 /* server could not construct response */ 102 | #define ASE_BAD_ALG 0x80000020 /* server unsupported algorithm */ 103 | #define ASE_NULL_VALUE 0x80000030 /* a value is unexpectedly NULL */ 104 | 105 | 106 | #endif 107 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/commontss.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common TSS Functions */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commontss.h 898 2017-01-03 20:34:24Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef COMMONTSS_H 41 | #define COMMONTSS_H 42 | 43 | #include 44 | 45 | TPM_RC getTpmVendor(TSS_CONTEXT *tssContext, 46 | char *tpmVendor); 47 | TPM_RC getCapSrk(TSS_CONTEXT *tssContext, 48 | int *exists); 49 | TPM_RC createSrk(TSS_CONTEXT *tssContext, 50 | TPM_HANDLE *handle); 51 | TPM_RC persistSrk(TSS_CONTEXT *tssContext, 52 | TPM_HANDLE srkHandle); 53 | TPM_RC createAttestationKey(TSS_CONTEXT *tssContext, 54 | TPMI_RH_NV_INDEX nvIndex, 55 | TPM2B_PRIVATE *attestPriv, 56 | TPM2B_PUBLIC *attestPub, 57 | uint16_t *attestPubLength, 58 | unsigned char **attestPubBin); 59 | TPM_RC loadAttestationKey(TSS_CONTEXT *tssContext, 60 | TPM_HANDLE *handle, 61 | TPM2B_PRIVATE *attestPriv, 62 | TPM2B_PUBLIC *attestPub); 63 | TPM_RC activatecredential(TSS_CONTEXT *tssContext, 64 | TPM2B_DIGEST *certInfo, 65 | TPM_HANDLE activateHandle, 66 | TPM_HANDLE keyHandle, 67 | unsigned char *credentialBlobBin, 68 | size_t credentialBlobBinSize, 69 | unsigned char *secretBin, 70 | size_t secretBinSize); 71 | TPM_RC makePolicySession(TSS_CONTEXT *tssContext, 72 | TPMI_SH_AUTH_SESSION *sessionHandle); 73 | TPM_RC flushContext(TSS_CONTEXT *tssContext, 74 | TPM_HANDLE handle); 75 | uint32_t readPcrs(TSS_CONTEXT *tssContext, 76 | TPML_PCR_BANKS *pcrBanks, 77 | const TPML_PCR_SELECTION *pcrSelection); 78 | uint32_t signQuote(TSS_CONTEXT *tssContext, 79 | TPM2B_ATTEST *quoted, 80 | TPMT_SIGNATURE *signature, 81 | TPM_HANDLE keyHandle, 82 | TPMI_ALG_PUBLIC type, 83 | const unsigned char *nonceBin, 84 | size_t nonceLen, 85 | const TPML_PCR_SELECTION *pcrSelection); 86 | 87 | #endif 88 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/commonutils.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common Client / Server Utilities */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commonutils.c 888 2016-12-28 16:35:37Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | #include "commonerror.h" 46 | 47 | #include "commonutils.h" 48 | 49 | /* Array_Print() converts a binary array 'data' of 'len' to a string. 50 | 51 | For debug: 52 | 53 | If name is not NULL, prints the name first. 54 | If string is NULL, prints the data to stdout. If string is not NULL, prints data to string. 55 | If string is NULL and newlines is TRUE, prints a newline after every 16 characters and at the end 56 | */ 57 | 58 | void Array_Print(char *string, const char *name, int newlines, 59 | const unsigned char *data, unsigned int len) 60 | { 61 | unsigned int i = 0; 62 | if (name != NULL) { 63 | printf("%s \n", name); 64 | } 65 | while (i < len) { 66 | if (string == NULL) { 67 | printf("%02x ",data[i]); 68 | } 69 | else { 70 | sprintf(string, "%02x",data[i]); 71 | string += 2; 72 | } 73 | i++; 74 | if (0 == (i & 0xf)) { 75 | if ((string == NULL) && newlines) { 76 | printf("\n"); 77 | } 78 | } 79 | } 80 | if ((string == NULL) && newlines) { 81 | printf("\n"); 82 | } 83 | return; 84 | } 85 | 86 | /* Array_PrintMalloc() allocates a buffer, then prints the array in hexascii to the buffer. 87 | 88 | */ 89 | 90 | uint32_t Array_PrintMalloc(char **string, /* freed by caller */ 91 | const uint8_t *data, 92 | uint32_t len) 93 | { 94 | uint32_t rc = 0; 95 | if (rc == 0) { 96 | *string = malloc((len * 2) + 1); 97 | if (*string == NULL) { 98 | printf("ERROR: Array_PrintMalloc: could not malloc %u bytes\n", (len * 2) + 1); 99 | rc = ASE_OUT_OF_MEMORY; 100 | } 101 | } 102 | if (rc == 0) { 103 | Array_Print(*string, NULL, FALSE, data, len); 104 | } 105 | return rc; 106 | } 107 | 108 | /* Array_Scan() converts a string to a binary array */ 109 | 110 | /* FIXME use tssprint.c function */ 111 | 112 | uint32_t Array_Scan(unsigned char **data, /* output binary, freed by caller */ 113 | size_t *len, 114 | const char *string) /* input string */ 115 | { 116 | uint32_t rc = 0; 117 | size_t strLength; 118 | 119 | if (rc == 0) { 120 | strLength = strlen(string); 121 | if ((strLength %2) != 0) { 122 | printf("ERROR: Array_Scan: number of bytes %lu is not even\n", 123 | (unsigned long)strLength); 124 | rc = ACE_HEXASCII; 125 | } 126 | } 127 | if (rc == 0) { 128 | *len = strlen(string) / 2; /* safe because already tested for even number of bytes */ 129 | *data = malloc((*len) + 8); /* add bytes at end because scanf uses int */ 130 | if (*data == NULL) { 131 | printf("ERROR: Array_Scan: could not malloc %u bytes\n", (unsigned int)*len); 132 | rc = ASE_OUT_OF_MEMORY; 133 | } 134 | } 135 | if (rc == 0) { 136 | unsigned int i; 137 | for (i = 0 ; i < *len ; i++) { 138 | unsigned int tmpint; 139 | int irc = sscanf(string + (2*i), "%2x", &tmpint); 140 | *((*data)+i) = tmpint; 141 | if (irc != 1) { 142 | printf("ERROR: Array_Scan: invalid hexascii\n"); 143 | rc = ACE_HEXASCII; 144 | } 145 | } 146 | } 147 | return rc; 148 | } 149 | 150 | /* Structure_Print() is a general purpose "hexascii print a structure" function. 151 | 152 | It marshals the structure using "marshalFunction", and returns the malloc'ed hexascii 153 | */ 154 | 155 | uint8_t Structure_Print(char **string, /* freed by caller */ 156 | void *structure, 157 | MarshalFunction_t marshalFunction) 158 | { 159 | uint32_t rc = 0; 160 | uint8_t *buffer = 0; /* marshaled binary */ 161 | uint16_t written; 162 | 163 | if (rc == 0) { 164 | rc = TSS_Structure_Marshal(&buffer, /* freed by caller */ 165 | &written, 166 | structure, 167 | marshalFunction); 168 | } 169 | if (rc == 0) { 170 | rc = Array_PrintMalloc(string, /* freed by caller */ 171 | buffer, 172 | written); 173 | } 174 | free(buffer); 175 | return rc; 176 | } 177 | 178 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/commonutils.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common Client / Server Utilities */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commonutils.h 757 2016-09-26 20:02:41Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef COMMONUTILS_H 41 | #define COMMONUTILS_H 42 | 43 | #include 44 | #include 45 | 46 | #define TPM_NUM_PCR 24 47 | #define TPM_SHA1_SIZE 20 48 | #define TPM_SHA256_SIZE 32 49 | #define ERR_STRUCTURE 1 /* FIXME need better error codes */ 50 | 51 | #ifndef TRUE 52 | #define TRUE 1 53 | #endif 54 | #ifndef FALSE 55 | #define FALSE 0 56 | #endif 57 | 58 | void Array_Print(char *string, const char *name, int newlines, 59 | const unsigned char *data, unsigned int len); 60 | uint32_t Array_PrintMalloc(char **string, 61 | const uint8_t *data, 62 | uint32_t len); 63 | uint32_t Array_Scan(unsigned char **data, 64 | size_t *len, 65 | const char *string); 66 | 67 | #include 68 | #include 69 | 70 | uint8_t Structure_Print(char **string, /* freed by caller */ 71 | void *structure, 72 | MarshalFunction_t marshalFunction); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/config.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Configuration */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: config.h 898 2017-01-03 20:34:24Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef CONFIG_H 41 | #define CONFIG_H 42 | 43 | #include 44 | 45 | /* the same value Windows 10 uses */ 46 | #define SRK_HANDLE 0x81000001 47 | 48 | /* files to store attestation key public and private parts */ 49 | #define AK_RSA_PUB_FILENAME "akrsapub.bin" 50 | #define AK_RSA_PRIV_FILENAME "akrsapriv.bin" 51 | #define AK_EC_PUB_FILENAME "akecpub.bin" 52 | #define AK_EC_PRIV_FILENAME "akecpriv.bin" 53 | 54 | /* SW TPM EK certificate issuer */ 55 | #define CA_KEY "cakey.pem" 56 | #define CA_PASSWORD "rrrr" 57 | 58 | /* Server privacy CA */ 59 | #define PCA_KEY "pcakey.pem" /* signing key */ 60 | #define PCA_PASSWORD "rrrr" /* password for signing key */ 61 | #define PCA_CERT "pcacert.pem" /* self-signed certificate */ 62 | 63 | /* Debug tools */ 64 | #define CLIENT_NONCE_FILENAME "tmpnonce.txt" 65 | #define CLIENT_PCRSELECT_FILENAME "tmppcrselect.txt" 66 | 67 | /* the TPM TPML_DIGEST is limited to 8 PCRs because of the buffer sizes. Define a new 68 | structure here that can hold all PCRs. 69 | */ 70 | 71 | typedef struct { 72 | UINT32 count; /* number of digests for this bank */ 73 | TPMI_ALG_HASH hash; /* the hash algorithm associated with the bank */ 74 | TPM2B_DIGEST digests[IMPLEMENTATION_PCR]; /* a list of digests */ 75 | } TPML_PCR_BANK; 76 | 77 | /* all PCRs for all banks */ 78 | 79 | typedef struct { 80 | UINT32 count; /* number of banks */ 81 | TPML_PCR_BANK pcrBank[HASH_COUNT]; 82 | } TPML_PCR_BANKS; 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/ekutils.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* IWG EK Index Parsing Utilities */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: ekutils.h 1015 2017-06-07 13:16:34Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016, 2017. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef EKUTILS_H 41 | #define EKUTILS_H 42 | 43 | #include 44 | #include 45 | 46 | #include 47 | 48 | /* legacy TCG IWG NV indexes */ 49 | 50 | #define EK_CERT_RSA_INDEX 0x01c00002 51 | #define EK_NONCE_RSA_INDEX 0x01c00003 52 | #define EK_TEMPLATE_RSA_INDEX 0x01c00004 53 | 54 | #define EK_CERT_EC_INDEX 0x01c0000a 55 | #define EK_NONCE_EC_INDEX 0x01c0000b 56 | #define EK_TEMPLATE_EC_INDEX 0x01c0000c 57 | 58 | #define MAX_ROOTS 100 /* 100 should be more than enough */ 59 | 60 | #ifdef __cplusplus 61 | extern "C" { 62 | #endif 63 | 64 | TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext, 65 | uint32_t *nvBufferMax); 66 | TPM_RC getIndexSize(TSS_CONTEXT *tssContext, 67 | uint16_t *dataSize, 68 | TPMI_RH_NV_INDEX nvIndex); 69 | TPM_RC getIndexData(TSS_CONTEXT *tssContext, 70 | unsigned char **buffer, 71 | TPMI_RH_NV_INDEX nvIndex, 72 | uint16_t dataSize); 73 | TPM_RC getIndexContents(TSS_CONTEXT *tssContext, 74 | unsigned char **buffer, 75 | uint16_t *bufferSize, 76 | TPMI_RH_NV_INDEX nvIndex); 77 | void getRsaTemplate(TPMT_PUBLIC *tpmtPublic); 78 | void getEccTemplate(TPMT_PUBLIC *tpmtPublic); 79 | TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext, 80 | X509 **certificate, 81 | TPMI_RH_NV_INDEX nvIndex); 82 | uint32_t getPubkeyFromDerCertFile(RSA **rsaPkey, 83 | X509 **x509, 84 | const char *derCertificateFileName); 85 | uint32_t getPubKeyFromX509Cert(RSA **rsaPkey, 86 | X509 *x509); 87 | TPM_RC getRootCertificateFilenames(char *rootFilename[], 88 | unsigned int *rootFileCount, 89 | const char *listFilename, 90 | int print); 91 | TPM_RC getCaStore(X509_STORE **caStore, 92 | X509 *caCert[], 93 | const char *rootFilename[], 94 | unsigned int rootFileCount); 95 | TPM_RC verifyCertificate(X509 *x509Certificate, 96 | const char *rootFilename[], 97 | unsigned int rootFileCount, 98 | int print); 99 | 100 | TPM_RC processEKNonce(TSS_CONTEXT *tssContext, 101 | unsigned char **nonce, 102 | uint16_t *nonceSize, 103 | TPMI_RH_NV_INDEX ekNonceIndex, 104 | int print); 105 | TPM_RC processEKTemplate(TSS_CONTEXT *tssContext, 106 | TPMT_PUBLIC *tpmtPublic, 107 | TPMI_RH_NV_INDEX ekTemplateIndex, 108 | int print); 109 | TPM_RC processEKCertificate(TSS_CONTEXT *tssContext, 110 | X509 **ekCertificate, 111 | uint8_t **modulusBin, 112 | int *modulusBytes, 113 | TPMI_RH_NV_INDEX ekCertIndex, 114 | int print); 115 | TPM_RC convertX509ToDer(uint32_t *certLength, 116 | unsigned char **certificate, 117 | X509 *x509Certificate); 118 | TPM_RC convertX509ToRsa(RSA **rsaPkey, 119 | X509 *x509); 120 | TPM_RC convertX509ToEc(EC_KEY **ecKey, 121 | X509 *x509); 122 | TPM_RC convertPemToX509(X509 **x509, 123 | const char *pemCertificate); 124 | TPM_RC convertCertificatePubKey(uint8_t **modulusBin, 125 | int *modulusBytes, 126 | X509 *ekCertificate, 127 | TPMI_RH_NV_INDEX ekCertIndex, 128 | int print); 129 | TPM_RC processRoot(TSS_CONTEXT *tssContext, 130 | TPMI_RH_NV_INDEX ekCertIndex, 131 | const char *rootFilename[], 132 | unsigned int rootFileCount, 133 | int print); 134 | TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext, 135 | TPM_HANDLE *keyHandle, 136 | TPMI_RH_NV_INDEX ekCertIndex, 137 | unsigned char *nonce, 138 | uint16_t nonceSize, 139 | TPMT_PUBLIC *tpmtPublicIn, 140 | TPMT_PUBLIC *tpmtPublicOut, 141 | unsigned int noFlush, 142 | int print); 143 | TPM_RC processValidatePrimary(uint8_t *publicKeyBin, 144 | int publicKeyBytes, 145 | TPMT_PUBLIC *tpmtPublic, 146 | TPMI_RH_NV_INDEX ekCertIndex, 147 | int print); 148 | TPM_RC processPrimary(TSS_CONTEXT *tssContext, 149 | TPM_HANDLE *keyHandle, 150 | TPMI_RH_NV_INDEX ekCertIndex, 151 | TPMI_RH_NV_INDEX ekNonceIndex, 152 | TPMI_RH_NV_INDEX ekTemplateIndex, 153 | unsigned int noFlush, 154 | int print); 155 | 156 | TPM_RC TSS_RSAGetKey(const BIGNUM **n, 157 | const BIGNUM **e, 158 | const BIGNUM **d, 159 | const BIGNUM **p, 160 | const BIGNUM **q, 161 | const RSA *rsaKey); 162 | 163 | int TSS_Pubkey_GetAlgorithm(EVP_PKEY *pkey); 164 | 165 | #ifdef __cplusplus 166 | } 167 | #endif 168 | 169 | #endif 170 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/getAndVerifyEK.txt: -------------------------------------------------------------------------------- 1 | int main(int argc, char* argv[]) 2 | { 3 | TPM_RC rc = 0; 4 | TPM_RC rc1 = 0; 5 | int i; /* argc iterator */ 6 | TSS_CONTEXT *tssContext = NULL; 7 | /* EK cert index */ 8 | TPMI_RH_NV_INDEX ekCertIndex = EK_CERT_RSA_INDEX; /* default rsa */ 9 | /* EK validation method: 1: make/activate credential; 2: salted session */ 10 | int ekmethod = 2; 11 | /* CA cert filename*/ 12 | const char *ekcacert = NULL; 13 | /* EK cert filename */ 14 | const char* ekc = NULL; 15 | /* output EK cert PEM file */ 16 | const char* ekout = NULL; 17 | /* Owner auth */ 18 | const char * ownerPw = NULL; 19 | /* Endorsement auth */ 20 | const char* endorsementPw = NULL; 21 | /* EK handle */ 22 | TPM_HANDLE ekKeyHandle = 0; 23 | /* EK public */ 24 | TPMT_PUBLIC ekPub; 25 | 26 | /* command line argument defaults */ 27 | for (i = 1; (i < argc) && (rc == 0); i++) { 28 | if (strcmp(argv[i], "-ekcacert") == 0) { 29 | i++; 30 | if (i < argc) { 31 | ekcacert = argv[i]; 32 | } 33 | else { 34 | printf("Missing parameter for -ekcacert\n"); 35 | printUsage(); 36 | } 37 | } 38 | else if (strcmp(argv[i], "-ekc") == 0) { 39 | i++; 40 | if (i < argc) { 41 | ekc = argv[i]; 42 | } 43 | else { 44 | printf("Missing parameter for -ekc\n"); 45 | printUsage(); 46 | } 47 | } 48 | else if (strcmp(argv[i], "-ekout") == 0) { 49 | i++; 50 | if (i < argc) { 51 | ekout = argv[i]; 52 | } 53 | else { 54 | printf("Missing parameter for -ekout\n"); 55 | printUsage(); 56 | } 57 | } 58 | else if (strcmp(argv[i], "-ekindex") == 0) { 59 | i++; 60 | if (i < argc) { 61 | if (strcmp(argv[i], "1") == 0) { 62 | ekCertIndex = EK_CERT_RSA_INDEX; 63 | } 64 | else if (strcmp(argv[i], "2") == 0) 65 | { 66 | ekCertIndex = EK_CERT_EC_INDEX; 67 | } 68 | else { 69 | printf("-ekindex is not valid\n"); 70 | printUsage(); 71 | } 72 | } 73 | else { 74 | printf("Missing parameter for -ekindex\n"); 75 | printUsage(); 76 | } 77 | } 78 | else if (strcmp(argv[i], "-ekmethod") == 0) { 79 | i++; 80 | if (i < argc) { 81 | if (strcmp(argv[i], "1") == 0) 82 | { 83 | ekmethod = 1; 84 | } 85 | else if (strcmp(argv[i], "2") == 0) { 86 | ekmethod = 2; 87 | } 88 | else { 89 | printf("-ekmethod is not valid\n"); 90 | printUsage(); 91 | } 92 | } 93 | else { 94 | printf("Missing parameter for -ekmethod\n"); 95 | printUsage(); 96 | } 97 | } 98 | else if (strcmp(argv[i], "-endorsementpw") == 0) { 99 | i++; 100 | if (i < argc) { 101 | endorsementPw = argv[i]; 102 | } 103 | else { 104 | printf("Missing parameter for -endorsementpw\n"); 105 | printUsage(); 106 | } 107 | } 108 | else if (strcmp(argv[i], "-ownerpw") == 0) { 109 | i++; 110 | if (i < argc) { 111 | ownerPw = argv[i]; 112 | } 113 | else { 114 | printf("Missing parameter for -ownerpw\n"); 115 | printUsage(); 116 | } 117 | } 118 | else if (strcmp(argv[i], "-v") == 0) { 119 | verbose = 1; 120 | } 121 | else { 122 | printf("\n%s is not a valid option\n", argv[i]); 123 | printUsage(); 124 | } 125 | } 126 | 127 | if (ekcacert == NULL) { 128 | printf("Missing or illegal parameter -ekcacert\n"); 129 | printUsage(); 130 | } 131 | 132 | /* start a TSS context */ 133 | if (rc == 0) { 134 | rc = TSS_Create(&tssContext); 135 | } 136 | /* run in HW TPM */ 137 | if (rc == 0) { 138 | rc = TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev"); 139 | } 140 | /* validate EK cert */ 141 | if (rc == 0) { 142 | rc1 = validateEkCert(tssContext, &ekCertIndex, ekcacert, ekc, 143 | endorsementPw, ekout, &ekKeyHandle, &ekPub); 144 | } 145 | /* validate EK */ 146 | if (ekmethod == 1) { 147 | /* makecredential and activatecredential*/ 148 | if (verbose) { 149 | printf("INFO: Verify EK by make/activate credential\n"); 150 | } 151 | rc = validateEk1(tssContext, ekCertIndex, ownerPw, endorsementPw, 152 | &ekKeyHandle, &ekPub); 153 | } 154 | else if (ekmethod == 2) { 155 | /* salted session */ 156 | if (verbose) { 157 | printf("INFO: Verify EK by salted session\n"); 158 | } 159 | rc = validateEk2(tssContext, ekCertIndex, endorsementPw, &ekKeyHandle); 160 | } 161 | if (rc == 0) 162 | { 163 | printf("INFO: EK verification success\n"); 164 | } 165 | /* delete TSS context*/ 166 | { 167 | TPM_RC rc1 = TSS_Delete(tssContext); 168 | tssContext = NULL; 169 | if (rc == 0) { 170 | rc = rc1; 171 | } 172 | } 173 | if (rc == 0 && rc1 != 0) 174 | { 175 | rc = rc1; 176 | } 177 | 178 | return rc; 179 | } -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/makefile: -------------------------------------------------------------------------------- 1 | # The terms of the software license agreement included with any software you 2 | # download will control your use of the software. 3 | # 4 | # INTEL SOFTWARE LICENSE AGREEMENT 5 | # 6 | # IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 7 | # 8 | # Do not use or load this software and any associated materials (collectively, 9 | # the "Software") until you have carefully read the following terms and 10 | # conditions. By loading or using the Software, you agree to the terms of this 11 | # Agreement. If you do not wish to so agree, do not install or use the Software. 12 | # 13 | # SEE "Intel Software License Agreement" file included with this package. 14 | # 15 | # Copyright Intel, Inc 2017 16 | # 17 | # Initial Development by TrustPhi, LLC, www.trusiphi.com 18 | 19 | TARGET = ../getAndVerifyEK 20 | INCLUDES = -I../ 21 | LIBS = -L../ -ltss -lcrypto 22 | CC = gcc 23 | CFLAGS = -g -Wall 24 | 25 | .PHONY: default all clean 26 | 27 | default: $(TARGET) 28 | all: default 29 | 30 | OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c)) 31 | HEADERS = $(wildcard *.h) 32 | 33 | %.o: %.c $(HEADERS) 34 | $(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@ 35 | 36 | .PRECIOUS: $(TARGET) $(OBJECTS) 37 | 38 | $(TARGET): $(OBJECTS) 39 | $(CC) $(OBJECTS) -Wall $(LIBS) -Wl,-rpath=./ -o $@ 40 | 41 | clean: 42 | -rm -f *.o 43 | -rm -f $(TARGET) 44 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK/src/objecttemplates.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* Object Templates */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: objecttemplates.h 1015 2017-06-07 13:16:34Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef OBJECTTEMPLATES_H 41 | #define OBJECTTEMPLATES_H 42 | 43 | /* object type */ 44 | 45 | #define TYPE_BL 1 46 | #define TYPE_ST 2 47 | #define TYPE_DEN 3 48 | #define TYPE_DEO 4 49 | #define TYPE_SI 5 50 | #define TYPE_SIR 6 51 | #define TYPE_GP 7 52 | #define TYPE_DES 8 53 | #define TYPE_KH 9 54 | #define TYPE_DP 10 55 | #define TYPE_DAA 11 56 | #define TYPE_DAAR 12 57 | 58 | #ifdef __cplusplus 59 | extern "C" { 60 | #endif 61 | 62 | TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, 63 | TPMA_OBJECT addObjectAttributes, 64 | TPMA_OBJECT deleteObjectAttributes, 65 | int type, 66 | TPMI_ALG_PUBLIC algPublic, 67 | TPMI_ECC_CURVE curveID, 68 | TPMI_ALG_HASH nalg, 69 | TPMI_ALG_HASH halg, 70 | const char *policyFilename); 71 | TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, 72 | TPMA_OBJECT addObjectAttributes, 73 | TPMA_OBJECT deleteObjectAttributes, 74 | TPMI_ALG_HASH nalg, 75 | int rev116, 76 | const char *policyFilename); 77 | TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, 78 | TPMA_OBJECT addObjectAttributes, 79 | TPMA_OBJECT deleteObjectAttributes, 80 | TPMI_ALG_HASH nalg, 81 | TPMI_ALG_HASH halg, 82 | const char *policyFilename); 83 | TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, 84 | TPMA_OBJECT addObjectAttributes, 85 | TPMA_OBJECT deleteObjectAttributes, 86 | TPMI_ALG_HASH nalg, 87 | TPMI_ALG_HASH halg, 88 | const char *policyFilename); 89 | TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, 90 | TPMA_OBJECT addObjectAttributes, 91 | TPMA_OBJECT deleteObjectAttributes, 92 | TPMI_ALG_HASH nalg, 93 | const char *policyFilename); 94 | 95 | void printUsageTemplate(void); 96 | 97 | TPM_RC getPolicy(TPMT_PUBLIC *publicArea, 98 | const char *policyFilename); 99 | 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif 106 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/Readme_getAndVerfiyEK2.txt: -------------------------------------------------------------------------------- 1 | GetAndVerifyEK2 2 | 3 | 1. Overview 4 | 5 | This tool is designed to be used by a customer after a platform's delivery, to verify the signature of the Endorsement Key (EK) Certificate and that it matches the EK in the TPM. It performs the following steps. 6 | 7 | o Fetch EK Cert from TPM NV – find the correct certificate based Template 8 | o Verify the EK Cert against the input EK CA Public Key Chain 9 | o Compare the EK in the Cert with the EK in the TPM 10 | 11 | 12 | 2. Dependencies 13 | 14 | 1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (verison 1045+) 15 | 16 | 2. OpenSSL 1.0.x 17 | 18 | 19 | 3. Build Instructions 20 | 21 | 1. Build OpenSSL (see instructions inside OpenSSL package) 22 | 23 | 2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS pacgage) 24 | 25 | 3. Link "ibmtss1045/utils/tss2/" and "ibmtss1045/utils/libtss.so*" to current directory 26 | 27 | 4. Run commands below: 28 | # cd src 29 | # make 30 | # cd .. 31 | 32 | 33 | 4. Run 34 | 35 | To run this exectable file, run "./getAndVerifyEK2". 36 | 37 | 5. Usage 38 | 39 | getAndVerifyEK2 -ekcacert [-ekc ] [-ekout ] [-ekindex <1 | 2>] [-endorsementpw ] [-v] 40 | 41 | -ekcacert where the file contains a list of filenames of CA certificates 42 | (including the root and intermeidate ones) for the EK certificate 43 | -ekc where the file contains the EK certificate 44 | -ekout where filename is the name of the output EK Cert PEM file 45 | -ekindex <1 | 2> The built-in EK certificate "index" indicating which EK certificate 46 | in the NV to use, RSA, or ECC. 1 for RSA and 2 for ECC. 47 | This is not a required option. If not included on the command line, 48 | the code will attempt to use RSA and if not found will use ECC. 49 | -endorsementpw password for endorsement auth 50 | -v verbose mode -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/Readme_getAndVerfiyEK2_updated_10-31-18.txt: -------------------------------------------------------------------------------- 1 | GetAndVerifyEK2 2 | 3 | 1. Overview 4 | 5 | This tool is designed to be used by a customer after a platform's delivery, to verify the signature of the Endorsement Key (EK) Certificate and that it matches the EK in the TPM. It performs the following steps. 6 | 7 | o Fetch EK Cert from TPM NV – find the correct certificate based Template 8 | o Verify the EK Cert against the input EK CA Public Key Chain 9 | o Compare the EK in the Cert with the EK in the TPM 10 | 11 | 12 | 2. Dependencies 13 | 14 | 1. IBM's TPM 2.0 TSS Verison 1045 (https://sourceforge.net/projects/ibmtpm20tss/) 15 | (Note that if a later version of the TSS is used, modifications to the paths in the "#include" statements in the c source code may be required. Additionally, this code has not been tested with later versions of the TSS). 16 | 17 | 2. OpenSSL 1.0.x 18 | 19 | 20 | 3. Build Instructions 21 | 22 | 1. Build OpenSSL (see instructions inside OpenSSL package) 23 | 24 | 2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS package) 25 | 26 | 3. Change directory ("cd") to the folder "/src/c/getAndVerifyEK2". (This is should be the folder containing this readme file.) 27 | 28 | 4. Create soft links to the folder "/utils/tss2/", and the library files "/utils/libtss.so", "/utils/libtss.so.0", and "/utils/libtss.so.0.1" in the current folder as follows. 29 | # ln -s /utils/tss2/ . 30 | # ln -s /utils/libtss.so . 31 | # ln -s /utils/libtss.so.0 . 32 | # ln -s /utils/libtss.so.0.1 . 33 | 34 | 5. Run commands below: 35 | # cd src 36 | # make 37 | # cd .. 38 | 39 | 40 | 4. Run 41 | 42 | To run this exectable file, run "./getAndVerifyEK2". 43 | 44 | 5. Usage 45 | 46 | getAndVerifyEK2 -ekcacert [-ekc ] [-ekout ] [-ekindex <1 | 2>] [-endorsementpw ] [-v] 47 | 48 | -ekcacert where the file contains a list of filenames of CA certificates 49 | (including the root and intermeidate ones) for the EK certificate 50 | -ekc where the file contains the EK certificate 51 | -ekout where filename is the name of the output EK Cert PEM file 52 | -ekindex <1 | 2> The built-in EK certificate "index" indicating which EK certificate 53 | in the NV to use, RSA, or ECC. 1 for RSA and 2 for ECC. 54 | This is not a required option. If not included on the command line, 55 | the code will attempt to use RSA and if not found will use ECC. 56 | -endorsementpw password for endorsement auth 57 | -v verbose mode -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/commonerror.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common Error Codes */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commonerror.h 895 2016-12-31 16:52:59Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef COMMONERROR_H 41 | #define COMMONERROR_H 42 | 43 | /* client errors */ 44 | 45 | #define ACE_PACKET_LENGTH 0x90000001 /* client packet length too large */ 46 | #define ACE_READ 0x90000002 /* client data read error */ 47 | #define ACE_WRITE 0x90000003 /* client data write error */ 48 | #define ACE_JSON_COMMAND 0x90000004 /* client json command parse error */ 49 | #define ACE_JSON_KEY 0x90000005 /* json missing key */ 50 | #define ACE_HEXASCII 0x90000006 /* client malformed hexascii */ 51 | #define ACE_INVALID_CERT 0x90000007 /* client certificate is invalid */ 52 | #define ACE_MISMATCH_CERT 0x90000008 /* client certificate mismatch */ 53 | 54 | #define ACE_QUOTE_SIGNATURE 0x90000010 /* client quote signature invalid */ 55 | #define ACE_QUOTE_MISSING 0x90000011 /* client quote has not been sent */ 56 | #define ACE_PCR_LENGTH 0x90000012 /* client PCR length incorrect */ 57 | #define ACE_PCR_BANK 0x90000013 /* client PCR bank incorrect */ 58 | #define ACE_PCR_SELECT 0x90000014 /* client PCR select incorrect */ 59 | #define ACE_PCR_VALUE 0x90000015 /* client PCRs values incorrect */ 60 | #define ACE_PCR_MISSING 0x90000016 /* client PCRs missing in DB */ 61 | #define ACE_DIGEST_LENGTH 0x90000017 /* client digest length is incorrect */ 62 | #define ACE_DIGEST_VALUE 0x90000018 /* client digest value is incorrect */ 63 | #define ACE_NONCE_LENGTH 0x90000019 /* client nonce length is incorrect */ 64 | #define ACE_NONCE_VALUE 0x9000001a /* client nonce value is incorrect */ 65 | #define ACE_NONCE_MISSING 0x9000001b /* client nonce value missing */ 66 | #define ACE_NONCE_USED 0x9000001c /* client nonce value has already been used */ 67 | #define ACE_PCR_INDEX 0x9000001d /* client invalid PCR index */ 68 | #define ACE_BAD_ALGORITHM 0x9000001e /* client algorithm not supported */ 69 | 70 | #define ACE_EVENT 0x90000020 /* client event invalid */ 71 | #define ACE_NO_ENROLL_REQ 0x90000021 /* client hostname missing enroll request */ 72 | #define ACE_ENROLLED 0x90000022 /* client hostname already enrolled */ 73 | #define ACE_NOT_ENROLLED 0x90000023 /* client hostname not enrolled */ 74 | #define ACE_INVALID_KEY 0x90000024 /* client attestation key invalid */ 75 | #define ACE_OSSL_AES 0x90000025 /* client decrypt error */ 76 | #define ACE_UNKNOWN_CMD 0x90000026 /* client unknown command */ 77 | #define ACE_BAD_JSON 0x90000027 /* client sent malformed json */ 78 | #define ACE_OUT_OF_MEMORY 0x90000028 /* client out of memory */ 79 | #define ACE_FILE_OPEN 0x9000002a /* client file open failure */ 80 | #define ACE_FILE_READ 0x9000002b /* client file read failure */ 81 | #define ACE_OSSL_X509 0x9000002c /* openssl X509 failure */ 82 | #define ACE_OSSL_ECC 0x9000002e /* openssl ECC failure */ 83 | 84 | /* server errors, likely fatal */ 85 | 86 | #define ASE_ACCEPT 0x80000001 /* client accept failed */ 87 | #define ASE_OUT_OF_MEMORY 0x80000002 /* server out of memory */ 88 | #define ASE_PACKET_LENGTH 0x80000003 /* server packet length too large */ 89 | #define ASE_JSON_SERIALIZE 0x80000004 /* server could not serialize response */ 90 | #define ASE_OSSL_RAND 0x80000005 /* openssl random number failure */ 91 | #define ASE_SQL_CONNECT 0x80000006 /* server could not connect to database */ 92 | #define ASE_SQL_QUERY 0x80000007 /* server database query failed */ 93 | #define ASE_OSSL_BIO 0x80000008 /* openssl BIO failure */ 94 | #define ASE_OSSL_PEM 0x80000009 /* openssl PEM failure */ 95 | #define ASE_OSSL_X509 0x8000000a /* openssl X509 failure */ 96 | #define ASE_OSSL_NID 0x8000000b /* openssl NID failure */ 97 | #define ASE_OSSL_BN 0x8000000c /* openssl BN failure */ 98 | #define ASE_OSSL_RSA 0x8000000d /* openssl RSA failure */ 99 | #define ASE_OSSL_AES 0x8000000e /* openssl AES failure */ 100 | #define ASE_FILE_READ 0x8000000f /* server file read failure */ 101 | #define ASE_NO_RESPONSE 0x80000010 /* server could not construct response */ 102 | #define ASE_BAD_ALG 0x80000020 /* server unsupported algorithm */ 103 | #define ASE_NULL_VALUE 0x80000030 /* a value is unexpectedly NULL */ 104 | 105 | 106 | #endif 107 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/commontss.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Common TSS Functions */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: commontss.h 898 2017-01-03 20:34:24Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef COMMONTSS_H 41 | #define COMMONTSS_H 42 | 43 | #include 44 | 45 | TPM_RC getTpmVendor(TSS_CONTEXT *tssContext, 46 | char *tpmVendor); 47 | TPM_RC getCapSrk(TSS_CONTEXT *tssContext, 48 | int *exists); 49 | TPM_RC createSrk(TSS_CONTEXT *tssContext, 50 | TPM_HANDLE *handle); 51 | TPM_RC persistSrk(TSS_CONTEXT *tssContext, 52 | TPM_HANDLE srkHandle); 53 | TPM_RC createAttestationKey(TSS_CONTEXT *tssContext, 54 | TPMI_RH_NV_INDEX nvIndex, 55 | TPM2B_PRIVATE *attestPriv, 56 | TPM2B_PUBLIC *attestPub, 57 | uint16_t *attestPubLength, 58 | unsigned char **attestPubBin); 59 | TPM_RC loadAttestationKey(TSS_CONTEXT *tssContext, 60 | TPM_HANDLE *handle, 61 | TPM2B_PRIVATE *attestPriv, 62 | TPM2B_PUBLIC *attestPub); 63 | TPM_RC activatecredential(TSS_CONTEXT *tssContext, 64 | TPM2B_DIGEST *certInfo, 65 | TPM_HANDLE activateHandle, 66 | TPM_HANDLE keyHandle, 67 | unsigned char *credentialBlobBin, 68 | size_t credentialBlobBinSize, 69 | unsigned char *secretBin, 70 | size_t secretBinSize); 71 | TPM_RC makePolicySession(TSS_CONTEXT *tssContext, 72 | TPMI_SH_AUTH_SESSION *sessionHandle); 73 | TPM_RC flushContext(TSS_CONTEXT *tssContext, 74 | TPM_HANDLE handle); 75 | uint32_t readPcrs(TSS_CONTEXT *tssContext, 76 | TPML_PCR_BANKS *pcrBanks, 77 | const TPML_PCR_SELECTION *pcrSelection); 78 | uint32_t signQuote(TSS_CONTEXT *tssContext, 79 | TPM2B_ATTEST *quoted, 80 | TPMT_SIGNATURE *signature, 81 | TPM_HANDLE keyHandle, 82 | TPMI_ALG_PUBLIC type, 83 | const unsigned char *nonceBin, 84 | size_t nonceLen, 85 | const TPML_PCR_SELECTION *pcrSelection); 86 | 87 | #endif 88 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/config.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM 2.0 Attestation - Configuration */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: config.h 898 2017-01-03 20:34:24Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef CONFIG_H 41 | #define CONFIG_H 42 | 43 | #include 44 | 45 | /* the same value Windows 10 uses */ 46 | #define SRK_HANDLE 0x81000001 47 | 48 | /* files to store attestation key public and private parts */ 49 | #define AK_RSA_PUB_FILENAME "akrsapub.bin" 50 | #define AK_RSA_PRIV_FILENAME "akrsapriv.bin" 51 | #define AK_EC_PUB_FILENAME "akecpub.bin" 52 | #define AK_EC_PRIV_FILENAME "akecpriv.bin" 53 | 54 | /* SW TPM EK certificate issuer */ 55 | #define CA_KEY "cakey.pem" 56 | #define CA_PASSWORD "rrrr" 57 | 58 | /* Server privacy CA */ 59 | #define PCA_KEY "pcakey.pem" /* signing key */ 60 | #define PCA_PASSWORD "rrrr" /* password for signing key */ 61 | #define PCA_CERT "pcacert.pem" /* self-signed certificate */ 62 | 63 | /* Debug tools */ 64 | #define CLIENT_NONCE_FILENAME "tmpnonce.txt" 65 | #define CLIENT_PCRSELECT_FILENAME "tmppcrselect.txt" 66 | 67 | /* the TPM TPML_DIGEST is limited to 8 PCRs because of the buffer sizes. Define a new 68 | structure here that can hold all PCRs. 69 | */ 70 | 71 | typedef struct { 72 | UINT32 count; /* number of digests for this bank */ 73 | TPMI_ALG_HASH hash; /* the hash algorithm associated with the bank */ 74 | TPM2B_DIGEST digests[IMPLEMENTATION_PCR]; /* a list of digests */ 75 | } TPML_PCR_BANK; 76 | 77 | /* all PCRs for all banks */ 78 | 79 | typedef struct { 80 | UINT32 count; /* number of banks */ 81 | TPML_PCR_BANK pcrBank[HASH_COUNT]; 82 | } TPML_PCR_BANKS; 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/getAndVerifyEK2.txt: -------------------------------------------------------------------------------- 1 | int main(int argc, char* argv[]) 2 | { 3 | TPM_RC rc = 0; 4 | int i; /* argc iterator */ 5 | TSS_CONTEXT *tssContext = NULL; 6 | /* EK cert index */ 7 | TPMI_RH_NV_INDEX ekCertIndex = EK_CERT_RSA_INDEX; /* default rsa */ 8 | /* CA cert filename*/ 9 | const char *ekcacert = NULL; 10 | /* EK cert filename */ 11 | const char* ekc = NULL; 12 | /* output EK cert PEM file */ 13 | const char* ekout = NULL; 14 | /* Endorsement auth */ 15 | const char* endorsementPw = NULL; 16 | /* EK handle */ 17 | TPM_HANDLE ekKeyHandle = 0; 18 | /* EK public */ 19 | TPMT_PUBLIC ekPub; 20 | 21 | /* command line argument defaults */ 22 | for (i = 1; (i < argc) && (rc == 0); i++) { 23 | if (strcmp(argv[i], "-ekcacert") == 0) { 24 | i++; 25 | if (i < argc) { 26 | ekcacert = argv[i]; 27 | } 28 | else { 29 | printf("Missing parameter for -ekcacert\n"); 30 | printUsage(); 31 | } 32 | } 33 | else if (strcmp(argv[i], "-ekc") == 0) { 34 | i++; 35 | if (i < argc) { 36 | ekc = argv[i]; 37 | } 38 | else { 39 | printf("Missing parameter for -ekc\n"); 40 | printUsage(); 41 | } 42 | } 43 | else if (strcmp(argv[i], "-ekout") == 0) { 44 | i++; 45 | if (i < argc) { 46 | ekout = argv[i]; 47 | } 48 | else { 49 | printf("Missing parameter for -ekout\n"); 50 | printUsage(); 51 | } 52 | } 53 | else if (strcmp(argv[i], "-ekindex") == 0) { 54 | i++; 55 | if (i < argc) { 56 | if (strcmp(argv[i], "1") == 0) { 57 | ekCertIndex = EK_CERT_RSA_INDEX; 58 | } 59 | else if (strcmp(argv[i], "2") == 0) 60 | { 61 | ekCertIndex = EK_CERT_EC_INDEX; 62 | } 63 | else { 64 | printf("-ekindex is not valid\n"); 65 | printUsage(); 66 | } 67 | } 68 | else { 69 | printf("Missing parameter for -ekindex\n"); 70 | printUsage(); 71 | } 72 | } 73 | else if (strcmp(argv[i], "-endorsementpw") == 0) { 74 | i++; 75 | if (i < argc) { 76 | endorsementPw = argv[i]; 77 | } 78 | else { 79 | printf("Missing parameter for -endorsementpw\n"); 80 | printUsage(); 81 | } 82 | } 83 | else if (strcmp(argv[i], "-v") == 0) { 84 | verbose = 1; 85 | } 86 | else { 87 | printf("\n%s is not a valid option\n", argv[i]); 88 | printUsage(); 89 | } 90 | } 91 | 92 | if (ekcacert == NULL) { 93 | printf("Missing or illegal parameter -ekcacert\n"); 94 | printUsage(); 95 | } 96 | 97 | /* start a TSS context */ 98 | if (rc == 0) { 99 | rc = TSS_Create(&tssContext); 100 | } 101 | /* run in HW TPM */ 102 | if (rc == 0) { 103 | rc = TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev"); 104 | } 105 | /* validate EK cert */ 106 | if (rc == 0) { 107 | rc = validateEkCert(tssContext, &ekCertIndex, ekcacert, ekc, 108 | endorsementPw, ekout, &ekKeyHandle, &ekPub); 109 | } 110 | /* flush EK */ 111 | if (ekKeyHandle != 0) { 112 | if (verbose) printf("INFO: Flush EK %08x\n", 113 | ekKeyHandle); 114 | TPM_RC rc1 = flushContext(tssContext, ekKeyHandle); 115 | if (rc == 0) { 116 | rc = rc1; 117 | } 118 | } 119 | /* delete TSS context*/ 120 | { 121 | TPM_RC rc1 = TSS_Delete(tssContext); 122 | tssContext = NULL; 123 | if (rc == 0) { 124 | rc = rc1; 125 | } 126 | } 127 | 128 | return rc; 129 | } 130 | 131 | /* pinrtUsage() 132 | */ 133 | static void printUsage() 134 | { 135 | printf("\n"); 136 | printf("getAndVerifyEK2 -ekcacert [-ekc ] " 137 | "[-ekout ] [-ekindex <1 | 2>] [-endorsementpw ] " 138 | "[-v]\n"); 139 | printf("\n"); 140 | printf("-ekcacert where the file contains a list of filenames of CA certificates\n"); 141 | printf(" (including the root and intermeidate ones) for the EK certificate\n"); 142 | printf("-ekc where the file contains the EK certificate\n"); 143 | printf("-ekout where filename is the name of the output EK Cert PEM file\n"); 144 | printf("-ekindex <1 | 2> The built-in EK certificate \"index\" indicating which EK certificate\n"); 145 | printf(" in the NV to use, RSA, or ECC. 1 for RSA and 2 for ECC.\n"); 146 | printf(" This is not a required option. If not included on the command line,\n"); 147 | printf(" the code will attempt to use RSA and if not found will use ECC.\n"); 148 | printf("-endorsementpw password for endorsement auth\n"); 149 | printf("-v verbose mode\n"); 150 | 151 | exit(1); 152 | } 153 | 154 | /* ekCertToX509() 155 | Convert EK cert string to X509 structure. 156 | @param[in] EK cert binary 157 | @param[in] EK cert length 158 | @param[out] EK cert X509 structure 159 | */ 160 | static TPM_RC ekCertToX509(unsigned char *ekCertificate, 161 | uint16_t ekCertLength, 162 | X509 **ekX509Certificate) /* freed by caller */ 163 | { 164 | TPM_RC rc = 0; 165 | 166 | /* unmarshal the EK certificate DER stream to 167 | EK certificate X509 structure */ 168 | if (rc == 0) { 169 | /* temp because d2i moves the pointer */ 170 | //unsigned char *tmpCert = ekCertBin; 171 | unsigned char *tmpCert = ekCertificate; 172 | *ekX509Certificate = d2i_X509(NULL, /* freed by caller */ 173 | (const unsigned char **)&tmpCert, ekCertLength); 174 | if (*ekX509Certificate == NULL) { 175 | printf("ERROR: Could not parse X509 EK certificate\n"); 176 | rc = ACE_INVALID_CERT; 177 | } 178 | } 179 | 180 | return rc; 181 | } 182 | 183 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/makefile: -------------------------------------------------------------------------------- 1 | # The terms of the software license agreement included with any software you 2 | # download will control your use of the software. 3 | # 4 | # INTEL SOFTWARE LICENSE AGREEMENT 5 | # 6 | # IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 7 | # 8 | # Do not use or load this software and any associated materials (collectively, 9 | # the "Software") until you have carefully read the following terms and 10 | # conditions. By loading or using the Software, you agree to the terms of this 11 | # Agreement. If you do not wish to so agree, do not install or use the Software. 12 | # 13 | # SEE "Intel Software License Agreement" file included with this package. 14 | # 15 | # Copyright Intel, Inc 2017 16 | # 17 | # Initial Development by TrustPhi, LLC, www.trusiphi.com 18 | 19 | TARGET = ../getAndVerifyEK2 20 | INCLUDES = -I../ 21 | LIBS = -L../ -ltss -lcrypto 22 | CC = gcc 23 | CFLAGS = -g -Wall 24 | 25 | .PHONY: default all clean 26 | 27 | default: $(TARGET) 28 | all: default 29 | 30 | OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c)) 31 | HEADERS = $(wildcard *.h) 32 | 33 | %.o: %.c $(HEADERS) 34 | $(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@ 35 | 36 | .PRECIOUS: $(TARGET) $(OBJECTS) 37 | 38 | $(TARGET): $(OBJECTS) 39 | $(CC) $(OBJECTS) -Wall $(LIBS) -Wl,-rpath=./ -o $@ 40 | 41 | clean: 42 | -rm -f *.o 43 | -rm -f $(TARGET) 44 | -------------------------------------------------------------------------------- /src/c/getAndVerifyEK2/src/objecttemplates.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* Object Templates */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: objecttemplates.h 1015 2017-06-07 13:16:34Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2016. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef OBJECTTEMPLATES_H 41 | #define OBJECTTEMPLATES_H 42 | 43 | /* object type */ 44 | 45 | #define TYPE_BL 1 46 | #define TYPE_ST 2 47 | #define TYPE_DEN 3 48 | #define TYPE_DEO 4 49 | #define TYPE_SI 5 50 | #define TYPE_SIR 6 51 | #define TYPE_GP 7 52 | #define TYPE_DES 8 53 | #define TYPE_KH 9 54 | #define TYPE_DP 10 55 | #define TYPE_DAA 11 56 | #define TYPE_DAAR 12 57 | 58 | #ifdef __cplusplus 59 | extern "C" { 60 | #endif 61 | 62 | TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, 63 | TPMA_OBJECT addObjectAttributes, 64 | TPMA_OBJECT deleteObjectAttributes, 65 | int type, 66 | TPMI_ALG_PUBLIC algPublic, 67 | TPMI_ECC_CURVE curveID, 68 | TPMI_ALG_HASH nalg, 69 | TPMI_ALG_HASH halg, 70 | const char *policyFilename); 71 | TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, 72 | TPMA_OBJECT addObjectAttributes, 73 | TPMA_OBJECT deleteObjectAttributes, 74 | TPMI_ALG_HASH nalg, 75 | int rev116, 76 | const char *policyFilename); 77 | TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, 78 | TPMA_OBJECT addObjectAttributes, 79 | TPMA_OBJECT deleteObjectAttributes, 80 | TPMI_ALG_HASH nalg, 81 | TPMI_ALG_HASH halg, 82 | const char *policyFilename); 83 | TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, 84 | TPMA_OBJECT addObjectAttributes, 85 | TPMA_OBJECT deleteObjectAttributes, 86 | TPMI_ALG_HASH nalg, 87 | TPMI_ALG_HASH halg, 88 | const char *policyFilename); 89 | TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, 90 | TPMA_OBJECT addObjectAttributes, 91 | TPMA_OBJECT deleteObjectAttributes, 92 | TPMI_ALG_HASH nalg, 93 | const char *policyFilename); 94 | 95 | void printUsageTemplate(void); 96 | 97 | TPM_RC getPolicy(TPMT_PUBLIC *publicArea, 98 | const char *policyFilename); 99 | 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif 106 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/asn1/Asn1Translator.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | 20 | /****** 21 | * Base class for ASN1 objects with complex structures that are needed by the TPM Verification Tool Set 22 | * but are not defined in the Bouncy Castle library. 23 | * The subclasses will be used to more easily set values in Java and create the (Bouncy Castle) ASN1 structure 24 | * of the object. 25 | */ 26 | 27 | package com.trustiphi.asn1; 28 | 29 | import org.bouncycastle.asn1.ASN1Encodable; 30 | 31 | /** 32 | * @author admin 33 | * 34 | */ 35 | public abstract class Asn1Translator implements ASN1Encodable { 36 | 37 | } 38 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/asn1/ComponentAddress.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.asn1; 20 | 21 | import java.io.IOException; 22 | 23 | import org.bouncycastle.asn1.ASN1Encodable; 24 | import org.bouncycastle.asn1.ASN1ObjectIdentifier; 25 | import org.bouncycastle.asn1.ASN1Primitive; 26 | import org.bouncycastle.asn1.ASN1Sequence; 27 | import org.bouncycastle.asn1.DERUTF8String; 28 | import org.bouncycastle.asn1.DLSequence; 29 | 30 | /** 31 | * ASN1 structure. 32 | * 33 | * 34 | * ComponentAddress ::= SEQUENCE { 35 | * addressType AddressType, 36 | * addressValue UTF8String (SIZE (1..STRMAX)) } 37 | * 38 | * AddressType ::= OBJECT IDENTIFIER ( 39 | * tcg-address-ethernetmac | tcg-address-wlanmac | tcg-address-bluetoothmac) 40 | * 41 | * 42 | * 43 | */ 44 | public class ComponentAddress extends Asn1Translator { 45 | private ASN1ObjectIdentifier addressType=null; 46 | private String addressValue=null; 47 | 48 | /** 49 | * Create an empty ComponentAddress 50 | */ 51 | public ComponentAddress() { 52 | } 53 | 54 | /** 55 | * Create an ComponentAddress with input values 56 | */ 57 | public ComponentAddress(ASN1ObjectIdentifier addressType, String addressValue) { 58 | this.addressType = addressType; 59 | this.addressValue = addressValue; 60 | } 61 | 62 | /** 63 | * Create a ComponentAddress from an ASN1Sequence. 64 | * The ASN1Sequence should be formatted correctly and contain the correct information. 65 | * If it is missing information it is not assigned. If an unexpected format is encountered 66 | * an IOException is thrown. 67 | * 68 | * The expected format is: 69 | * 70 | * ASN1Sequence 71 | * addressType (ASN1ObjectIdentifier) 72 | * addressValue (DERUTF8String) 73 | * 74 | * @param componentAddressEncodable 75 | * @throws IOException if unexpected ASN1 formatting is encountered 76 | */ 77 | public ComponentAddress(ASN1Encodable componentAddressEncodable) 78 | throws IOException 79 | { 80 | if(componentAddressEncodable instanceof ASN1Sequence) 81 | { 82 | ASN1Sequence componentAddressSeq = (ASN1Sequence) componentAddressEncodable; 83 | if(componentAddressSeq.size() > 0) 84 | { 85 | ASN1Encodable[] componentAddress_array = componentAddressSeq.toArray(); 86 | if(componentAddress_array.length > 0) 87 | { 88 | if(componentAddress_array[0] instanceof ASN1ObjectIdentifier) 89 | { 90 | this.addressType = (ASN1ObjectIdentifier) componentAddress_array[0]; 91 | } 92 | else { 93 | // unexpected type 94 | throw new IOException( 95 | "Unexpected ASN1 formatting while parsing ComponentAddress.addressType. Expected ASN1ObjectIdentifier; Found " 96 | + componentAddress_array[0].getClass().toString()); 97 | } 98 | } 99 | if(componentAddress_array.length > 1) 100 | { 101 | if(componentAddress_array[1] instanceof DERUTF8String) 102 | { 103 | this.addressValue = ((DERUTF8String)componentAddress_array[1]).getString(); 104 | } 105 | else { 106 | // unexpected type 107 | throw new IOException( 108 | "Unexpected ASN1 formatting while parsing ComponentAddress.addressValue. Expected DERUTF8String; Found " 109 | + componentAddress_array[1].getClass().toString()); 110 | } 111 | } 112 | } 113 | } 114 | else { 115 | // unexpected type 116 | throw new IOException( 117 | "Unexpected ASN1 formatting while parsing ComponentAddress. Expected ASN1Seqeunce; Found " 118 | + componentAddressEncodable.getClass().toString()); 119 | } 120 | } 121 | 122 | /* (non-Javadoc) 123 | * 124 | * DLSequence 125 | * adressType (ASN1ObjectIdentifier) 126 | * addressValue (DERUTF8String) 127 | * 128 | * @see org.bouncycastle.asn1.ASN1Encodable#toASN1Primitive() 129 | */ 130 | @Override 131 | public ASN1Primitive toASN1Primitive() { 132 | ASN1Encodable[] asn1EncodableArr = new ASN1Encodable[2]; 133 | asn1EncodableArr[0] = asn1EncodableArr[1] = null; 134 | if(addressType != null) { 135 | asn1EncodableArr[0] = addressType; 136 | } 137 | if(addressValue != null) { 138 | asn1EncodableArr[1] = new DERUTF8String(addressValue); 139 | } 140 | DLSequence asn1_componentAddress = new DLSequence(asn1EncodableArr); 141 | 142 | return asn1_componentAddress; 143 | } 144 | 145 | /** 146 | * @return the addressType 147 | */ 148 | public ASN1ObjectIdentifier getAddressType() { 149 | return addressType; 150 | } 151 | 152 | /** 153 | * @param addressType the addressType to set 154 | */ 155 | public void setAddressType(ASN1ObjectIdentifier addressType) { 156 | this.addressType = addressType; 157 | } 158 | 159 | /** 160 | * @return the addressValue 161 | */ 162 | public String getAddressValue() { 163 | return addressValue; 164 | } 165 | 166 | /** 167 | * @param addressValue the addressValue to set 168 | */ 169 | public void setAddressValue(String addressValue) { 170 | this.addressValue = addressValue; 171 | } 172 | 173 | } 174 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/asn1/FIPSLevel.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.asn1; 20 | 21 | import java.io.IOException; 22 | 23 | import org.bouncycastle.asn1.ASN1Boolean; 24 | import org.bouncycastle.asn1.ASN1Encodable; 25 | import org.bouncycastle.asn1.ASN1Enumerated; 26 | import org.bouncycastle.asn1.ASN1Primitive; 27 | import org.bouncycastle.asn1.ASN1Sequence; 28 | import org.bouncycastle.asn1.DERIA5String; 29 | import org.bouncycastle.asn1.DERSequence; 30 | import org.bouncycastle.asn1.DERUTF8String; 31 | 32 | /** 33 | * ASN1 structure. 34 | * 35 | * FIPSLevel ::= SEQUENCE { 36 | * version IA5STRING, -- "140-1" or "140-2" 37 | * level SecurityLevel, 38 | * plus BOOLEAN DEFAULT FALSE } 39 | * 40 | * SecurityLevel ::= ENUMERATED { 41 | * level1 (1), 42 | * level2 (2), 43 | * level3 (3), 44 | * level4 (4) } 45 | * 46 | * 47 | */ 48 | public class FIPSLevel extends Asn1Translator { 49 | private String version=null; 50 | private Integer level=null; 51 | private Boolean plus=null; 52 | 53 | public static final String Version_140_1 = "140-1"; 54 | public static final String Version_140_2 = "140-2"; 55 | 56 | /** 57 | * Create an empty FIPSLevel 58 | */ 59 | public FIPSLevel() { 60 | } 61 | 62 | /** 63 | * Create a FIPSLevel initialized with the input values 64 | */ 65 | public FIPSLevel(String version, Integer level, Boolean plus) { 66 | this.version = version; 67 | this.level = level; 68 | this.plus = plus; 69 | } 70 | 71 | /** 72 | * Create a FIPSLevel from an ASN1Sequence. 73 | * The ASN1Sequence should be formatted correctly and contain the correct information. 74 | * If it is missing information it is not assigned. If an unexpected format is encountered 75 | * an IOException is thrown. 76 | * 77 | * The expected format is: 78 | * 79 | * ASN1Sequence 80 | * Version DERIA5String/DERUTF8String 81 | * securityLevel ASN1Enumerated 82 | * plus ASN1Boolean 83 | * 84 | * @param fipsLevelEncodable 85 | * @throws IOException if unexpected ASN1 formatting is encountered 86 | */ 87 | public FIPSLevel(ASN1Encodable fipsLevelEncodable) 88 | throws IOException 89 | { 90 | if(fipsLevelEncodable instanceof ASN1Sequence) 91 | { 92 | ASN1Encodable[] fipsLevelArray = ((ASN1Sequence) fipsLevelEncodable).toArray(); 93 | if(fipsLevelArray.length > 0) 94 | { 95 | if(fipsLevelArray[0] instanceof DERIA5String) 96 | { 97 | this.version = ((DERIA5String)fipsLevelArray[0]).toString(); 98 | } 99 | else if(fipsLevelArray[0] instanceof DERUTF8String) 100 | { 101 | this.version = ((DERUTF8String)fipsLevelArray[0]).toString(); 102 | } 103 | else { 104 | // unexpected type 105 | throw new IOException( 106 | "Unexpected ASN1 formatting while parsing FIPSLevel.version. Expected ASN1 String type; Found " 107 | + fipsLevelArray[0].getClass().toString()); 108 | } 109 | } 110 | if(fipsLevelArray.length > 1) 111 | { 112 | if(fipsLevelArray[1] instanceof ASN1Enumerated) 113 | { 114 | this.level = new Integer(((ASN1Enumerated)fipsLevelArray[1]).getValue().intValue()); 115 | } 116 | else { 117 | // unexpected type 118 | throw new IOException( 119 | "Unexpected ASN1 formatting while parsing FIPSLevel.level. Expected ASN1Enumerated type; Found " 120 | + fipsLevelArray[1].getClass().toString()); 121 | } 122 | } 123 | if(fipsLevelArray.length > 2) 124 | { 125 | if(fipsLevelArray[2] instanceof ASN1Boolean) 126 | { 127 | this.plus = new Boolean(((ASN1Boolean)fipsLevelArray[2]).isTrue()); 128 | } 129 | else { 130 | // unexpected type 131 | throw new IOException( 132 | "Unexpected ASN1 formatting while parsing FIPSLevel.plus. Expected ASN1Boolean type; Found " 133 | + fipsLevelArray[2].getClass().toString()); 134 | } 135 | } 136 | } 137 | else { 138 | // unexpected type 139 | throw new IOException( 140 | "Unexpected ASN1 formatting while parsing FIPSLevel. Expected ASN1Sequence type; Found " 141 | + fipsLevelEncodable.getClass().toString()); 142 | } 143 | } 144 | 145 | /* (non-Javadoc) 146 | * @see org.bouncycastle.asn1.ASN1Encodable#toASN1Primitive() 147 | */ 148 | @Override 149 | public ASN1Primitive toASN1Primitive() { 150 | int numFields; 151 | if(plus == null) 152 | { 153 | numFields = 2; 154 | } 155 | else { 156 | numFields = 3; 157 | } 158 | 159 | ASN1Encodable[] outputArray = new ASN1Encodable[numFields]; 160 | if(version != null) 161 | { 162 | outputArray[0] = new DERIA5String(version); 163 | } else { 164 | outputArray[0] = null; 165 | } 166 | if(level != null) 167 | { 168 | outputArray[1] = new ASN1Enumerated(level); 169 | } else { 170 | outputArray[1] = null; 171 | } 172 | if(plus != null) 173 | { 174 | outputArray[2] = ASN1Boolean.getInstance(plus.booleanValue()); 175 | } 176 | 177 | return new DERSequence(outputArray); 178 | } 179 | 180 | /** 181 | * @return the version 182 | */ 183 | public String getVersion() { 184 | return version; 185 | } 186 | 187 | /** 188 | * @param version the version to set 189 | */ 190 | public void setVersion(String version) { 191 | this.version = version; 192 | } 193 | 194 | /** 195 | * @return the level 196 | */ 197 | public Integer getLevel() { 198 | return level; 199 | } 200 | 201 | /** 202 | * @param level the level to set 203 | */ 204 | public void setLevel(Integer level) { 205 | this.level = level; 206 | } 207 | 208 | /** 209 | * @return the plus 210 | */ 211 | public Boolean getPlus() { 212 | return plus; 213 | } 214 | 215 | /** 216 | * @param plus the plus to set 217 | */ 218 | public void setPlus(Boolean plus) { 219 | this.plus = plus; 220 | } 221 | } 222 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/asn1/ManufacturerId.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.asn1; 20 | 21 | import java.io.IOException; 22 | import java.util.ArrayList; 23 | import java.util.List; 24 | 25 | import org.bouncycastle.asn1.ASN1Encodable; 26 | import org.bouncycastle.asn1.ASN1ObjectIdentifier; 27 | import org.bouncycastle.asn1.ASN1Primitive; 28 | import org.bouncycastle.asn1.ASN1Sequence; 29 | import org.bouncycastle.asn1.DERUTF8String; 30 | import org.bouncycastle.asn1.DLSequence; 31 | 32 | /** 33 | * ASN1 structure. 34 | * 35 | * 36 | * ManufacturerId ::= SEQUENCE { 37 | * manufacturerIdentifier PrivateEnterpriseNumber 38 | * } 39 | * 40 | * PrivateEnterpriseNumber OBJECT IDENTIFIER :: = { enterprise private-enterprise-number } 41 | * 42 | * All assigened private enterprise numbers are listed at the Internet Assigned Numbers 43 | * Authority (IANA) web site. 44 | * 45 | */ 46 | public class ManufacturerId extends Asn1Translator { 47 | private List manufacturer_id_list=new ArrayList<>(); 48 | 49 | /** 50 | * 51 | */ 52 | public ManufacturerId() { 53 | 54 | 55 | } 56 | public ManufacturerId(String manufacturer_identifier) { 57 | manufacturer_id_list.add(manufacturer_identifier); 58 | } 59 | 60 | public ManufacturerId(ASN1ObjectIdentifier manufacturer_identifier) { 61 | manufacturer_id_list.add(manufacturer_identifier.getId()); 62 | } 63 | 64 | public void add(String manufacturer_identifier) { 65 | manufacturer_id_list.add(manufacturer_identifier); 66 | } 67 | 68 | public void add(ASN1ObjectIdentifier manufacturer_identifier) { 69 | manufacturer_id_list.add(manufacturer_identifier.getId()); 70 | } 71 | 72 | public ManufacturerId(ASN1Encodable manufacturerIdEncodable) throws IOException { 73 | if(manufacturerIdEncodable instanceof ASN1Sequence) 74 | { 75 | ASN1Sequence propertiesSeq = (ASN1Sequence) manufacturerIdEncodable; 76 | ASN1Encodable[] manuId_array = propertiesSeq.toArray(); 77 | for(ASN1Encodable manuId: manuId_array) 78 | { 79 | if(manuId instanceof ASN1ObjectIdentifier) 80 | { 81 | manufacturer_id_list.add(((ASN1ObjectIdentifier) manuId).getId()); 82 | } 83 | else if(manuId instanceof DERUTF8String) 84 | { 85 | manufacturer_id_list.add(((DERUTF8String) manuId).toString()); 86 | } 87 | } 88 | } 89 | else if(manufacturerIdEncodable instanceof ASN1ObjectIdentifier) 90 | { 91 | manufacturer_id_list.add(((ASN1ObjectIdentifier) manufacturerIdEncodable).getId()); 92 | } 93 | else if(manufacturerIdEncodable instanceof DERUTF8String) 94 | { 95 | manufacturer_id_list.add(((DERUTF8String) manufacturerIdEncodable).toString()); 96 | } 97 | else { 98 | // unexpected type 99 | throw new IOException( 100 | "Unexpected ASN1 formatting while parsing ManufacturerId. Expected ASN1Seqeunce; Found " 101 | + manufacturerIdEncodable.getClass().toString()); 102 | } 103 | } 104 | 105 | /* (non-Javadoc) 106 | * @see org.bouncycastle.asn1.ASN1Encodable#toASN1Primitive() 107 | */ 108 | @Override 109 | public ASN1Primitive toASN1Primitive() { 110 | ASN1Encodable[] asn1EncodableArr = new ASN1Encodable[manufacturer_id_list.size()]; 111 | for(int i=0; i < manufacturer_id_list.size(); i++) 112 | { 113 | asn1EncodableArr[i] = new ASN1ObjectIdentifier(manufacturer_id_list.get(i)); 114 | } 115 | 116 | DLSequence asn1_menufacturer_id = new DLSequence(asn1EncodableArr); 117 | 118 | return asn1_menufacturer_id; 119 | } 120 | /** 121 | * @return the manufacturer_id_list 122 | */ 123 | public List getManufacturerIdList() { 124 | return manufacturer_id_list; 125 | } 126 | 127 | } 128 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/asn1/Properties.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.asn1; 20 | 21 | import java.io.IOException; 22 | 23 | import org.bouncycastle.asn1.ASN1Encodable; 24 | import org.bouncycastle.asn1.ASN1Primitive; 25 | import org.bouncycastle.asn1.ASN1Sequence; 26 | import org.bouncycastle.asn1.DERUTF8String; 27 | import org.bouncycastle.asn1.DLSequence; 28 | 29 | /** 30 | * ASN1 structure. 31 | * 32 | * 33 | * Properties ::= SEQUENCE { 34 | * propertyName UTF8String (SIZE (1..STRMAX)), 35 | * propertyValue UTF8String (SIZE (1..STRMAX)) } 36 | * 37 | * 38 | * 39 | */ 40 | public class Properties extends Asn1Translator { 41 | private String propertyName=null; 42 | private String propertyValue=null; 43 | 44 | /** 45 | * Create an empty Properties 46 | */ 47 | public Properties() { 48 | } 49 | 50 | /** 51 | * Create an Properties with input values 52 | */ 53 | public Properties(String propertyName, String propertyValue) { 54 | this.propertyName = propertyName; 55 | this.propertyValue = propertyValue; 56 | } 57 | 58 | /** 59 | * Create a Properties from an ASN1Sequence. 60 | * The ASN1Sequence should be formatted correctly and contain the correct information. 61 | * If it is missing information it is not assigned. If an unexpected format is encountered 62 | * an IOException is thrown. 63 | * 64 | * The expected format is: 65 | * 66 | * ASN1Sequence 67 | * propertyName (DERUTF8String) 68 | * propertyValue (DERUTF8String) 69 | * 70 | * @param propertiesEncodable 71 | * @throws IOException if unexpected ASN1 formatting is encountered 72 | */ 73 | public Properties(ASN1Encodable propertiesEncodable) 74 | throws IOException 75 | { 76 | if(propertiesEncodable instanceof ASN1Sequence) 77 | { 78 | ASN1Sequence propertiesSeq = (ASN1Sequence) propertiesEncodable; 79 | if(propertiesSeq.size() > 0) 80 | { 81 | ASN1Encodable[] properties_array = propertiesSeq.toArray(); 82 | if(properties_array.length > 0) 83 | { 84 | if(properties_array[0] instanceof DERUTF8String) 85 | { 86 | this.propertyName = ((DERUTF8String)properties_array[0]).getString(); 87 | } 88 | else { 89 | // unexpected type 90 | throw new IOException( 91 | "Unexpected ASN1 formatting while parsing Properties.propertyName. Expected DERUTF8String; Found " 92 | + properties_array[0].getClass().toString()); 93 | } 94 | } 95 | if(properties_array.length > 1) 96 | { 97 | if(properties_array[1] instanceof DERUTF8String) 98 | { 99 | this.propertyValue = ((DERUTF8String)properties_array[1]).getString(); 100 | } 101 | else { 102 | // unexpected type 103 | throw new IOException( 104 | "Unexpected ASN1 formatting while parsing Properties.propertyValue. Expected DERUTF8String; Found " 105 | + properties_array[1].getClass().toString()); 106 | } 107 | } 108 | } 109 | } 110 | else { 111 | // unexpected type 112 | throw new IOException( 113 | "Unexpected ASN1 formatting while parsing Properties. Expected ASN1Seqeunce; Found " 114 | + propertiesEncodable.getClass().toString()); 115 | } 116 | } 117 | 118 | /* (non-Javadoc) 119 | * 120 | * DLSequence 121 | * propertyName (DERUTF8String) 122 | * propertyValue (DERUTF8String) 123 | * 124 | * @see org.bouncycastle.asn1.ASN1Encodable#toASN1Primitive() 125 | */ 126 | @Override 127 | public ASN1Primitive toASN1Primitive() { 128 | ASN1Encodable[] asn1EncodableArr = new ASN1Encodable[2]; 129 | asn1EncodableArr[0] = asn1EncodableArr[1] = null; 130 | if(propertyName != null) { 131 | asn1EncodableArr[0] = new DERUTF8String(propertyName); 132 | } 133 | if(propertyValue != null) { 134 | asn1EncodableArr[1] = new DERUTF8String(propertyValue); 135 | } 136 | DLSequence asn1_properties = new DLSequence(asn1EncodableArr); 137 | 138 | return asn1_properties; 139 | } 140 | 141 | /** 142 | * @return the propertyName 143 | */ 144 | public String getPropertyName() { 145 | return propertyName; 146 | } 147 | 148 | /** 149 | * @param propertyName the propertyName to set 150 | */ 151 | public void setPropertyName(String propertyName) { 152 | this.propertyName = propertyName; 153 | } 154 | 155 | /** 156 | * @return the propertyValue 157 | */ 158 | public String getPropertyValue() { 159 | return propertyValue; 160 | } 161 | 162 | /** 163 | * @param propertyValue the propertyValue to set 164 | */ 165 | public void setPropertyValue(String propertyValue) { 166 | this.propertyValue = propertyValue; 167 | } 168 | 169 | } 170 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/EKCertToPlatformCertXml.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | * 18 | * Initial Development by TrustPhi, LLC, www.trusiphi.com 19 | */ 20 | 21 | package com.trustiphi.tpm2verification; 22 | 23 | import java.io.FileOutputStream; 24 | import java.io.IOException; 25 | 26 | import javax.xml.bind.JAXBException; 27 | 28 | import org.bouncycastle.cert.AttributeCertificateHolder; 29 | 30 | import com.trustiphi.asn1.EndorsementKeyCertificateHolder; 31 | 32 | /** 33 | * @author admin 34 | * 35 | */ 36 | public class EKCertToPlatformCertXml { 37 | 38 | /** 39 | * 40 | */ 41 | public EKCertToPlatformCertXml() { // TODO Auto-generated constructor stub 42 | } 43 | 44 | /** 45 | * @param args 46 | */ 47 | public static void main(String[] args) { 48 | if(args.length < 2) 49 | { 50 | output_usage(); 51 | System.exit(1); 52 | } 53 | 54 | String infilename = args[0]; 55 | String outfilename= args[1]; 56 | 57 | try { 58 | EndorsementKeyCertificateHolder ekCert = EndorsementKeyCertificateHolder.loadInstance(infilename); 59 | PlatformCertificateHolder platformCert = new PlatformCertificateHolder(); 60 | platformCert.setHolder(new AttributeCertificateHolder(ekCert.getIssuer(), ekCert.getSerialNumber())); 61 | 62 | PlatformCertificateManager.writeToXML(platformCert, new FileOutputStream(outfilename)); 63 | System.out.println("Wrote XML file to " + outfilename); 64 | System.exit(0); 65 | } catch (IOException e) { 66 | System.out.println("ERROR: " + e.getLocalizedMessage()); 67 | System.exit(1); 68 | } catch (JAXBException e) { 69 | System.out.println("ERROR: " + e.getLocalizedMessage()); 70 | System.exit(1); 71 | } 72 | } 73 | 74 | private static void output_usage() 75 | { 76 | final String usage = 77 | "\nThis application parses an input Endorsement Key X.509 Certificate and outputs the Issuer and Serial Number information to a Platform Certificate XML formated file" + 78 | "\nUSAGE: \n EKCertToPlatformCertXml \n" + 79 | "\n input EK X.509 Certificate in DER (binary) or PEM format" + 80 | "\n filename where the ouput Platform Certificate XML file will be written"; 81 | 82 | System.out.println(usage); 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/ParsingUtils.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.tpm2verification; 20 | 21 | import org.bouncycastle.asn1.x509.GeneralName; 22 | 23 | /** 24 | * General Utilities to help 25 | * 26 | */ 27 | public class ParsingUtils { 28 | /** 29 | * @see @org.bouncycastle.asn1.x509.GeneralName 30 | * @see @getGeneralNameTagStringValue 31 | * 32 | * @param tag_string string value representing the GenaralName tag 33 | * @return the defined int value of the corresponding tag 34 | */ 35 | public static int getGeneralNameTagIntValue(String tag_string) 36 | throws IllegalArgumentException 37 | { 38 | switch(tag_string) 39 | { 40 | case "otherName": 41 | case "0": 42 | case "other_name": 43 | return GeneralName.otherName; 44 | 45 | case "rfc822Name": 46 | case "1": 47 | return GeneralName.rfc822Name; 48 | 49 | case "dNSName": 50 | case "2": 51 | case "dns_name": 52 | return GeneralName.dNSName; 53 | 54 | case "x400Address": 55 | case "3": 56 | return GeneralName.x400Address; 57 | 58 | case "directoryName": 59 | case "4": 60 | case "directory_name": 61 | return GeneralName.directoryName; 62 | 63 | case "ediPartyName": 64 | case "5": 65 | case "edi_party_name": 66 | return GeneralName.ediPartyName; 67 | 68 | case "uniformResourceIdentifier": 69 | case "6": 70 | case "uri": 71 | return GeneralName.uniformResourceIdentifier; 72 | 73 | case "iPAddress": 74 | case "7": 75 | case "ip_address": 76 | return GeneralName.iPAddress; 77 | 78 | case "registeredID": 79 | case "8": 80 | case "registered_id": 81 | return GeneralName.registeredID; 82 | 83 | default: 84 | throw new IllegalArgumentException("Unrecognized GenaralNameTag String value!"); 85 | } 86 | } 87 | 88 | /** 89 | * @see @org.bouncycastle.asn1.x509.GeneralName 90 | * @see @getGeneralNameTagIntValue 91 | * 92 | * @param tag_int int value representing the GenaralName tag 93 | * @return string value of corresponding GenaralName tag 94 | */ 95 | public static String getGeneralNameTagStringValue(int tag_int) 96 | throws IllegalArgumentException 97 | { 98 | switch(tag_int) 99 | { 100 | case GeneralName.otherName: 101 | return "otherName"; 102 | 103 | case GeneralName.rfc822Name: 104 | return "rfc822Name"; 105 | 106 | case GeneralName.dNSName: 107 | return "dNSName"; 108 | 109 | case GeneralName.x400Address: 110 | return "x400Address"; 111 | 112 | case GeneralName.directoryName: 113 | return "directoryName"; 114 | 115 | case GeneralName.ediPartyName: 116 | return "ediPartyName"; 117 | 118 | case GeneralName.uniformResourceIdentifier: 119 | return "uniformResourceIdentifier"; 120 | 121 | case GeneralName.iPAddress: 122 | return "iPAddress"; 123 | 124 | case GeneralName.registeredID: 125 | return "registeredID"; 126 | 127 | default: 128 | throw new IllegalArgumentException("Unrecognized GenaralNameTag value!"); 129 | } 130 | } 131 | 132 | } 133 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/TrustiPhiStyle.java: -------------------------------------------------------------------------------- 1 | package com.trustiphi.tpm2verification; 2 | 3 | import org.bouncycastle.asn1.ASN1ObjectIdentifier; 4 | import org.bouncycastle.asn1.x500.X500NameStyle; 5 | import org.bouncycastle.asn1.x500.style.BCStyle; 6 | 7 | public class TrustiPhiStyle extends BCStyle { 8 | 9 | /** 10 | * SubjectAlternativeName 11 | */ 12 | public static final ASN1ObjectIdentifier SubjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17"); 13 | 14 | /** 15 | * CertificatePolicies 16 | */ 17 | public static final ASN1ObjectIdentifier CertificatePolicies = new ASN1ObjectIdentifier("2.5.29.32"); 18 | 19 | /** 20 | * authorityKeyIdentifier 21 | */ 22 | public static final ASN1ObjectIdentifier AuthorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35"); 23 | 24 | /** 25 | * tcg-at-platformManufacturer 26 | */ 27 | public static final ASN1ObjectIdentifier platformManufacturer = new ASN1ObjectIdentifier("2.23.133.2.4"); 28 | 29 | /** 30 | * tcg-at-platformManufacturerStr 31 | */ 32 | public static final ASN1ObjectIdentifier platformManufacturerStr = new ASN1ObjectIdentifier("2.23.133.5.1.1"); 33 | 34 | /** 35 | * tcg-at-platformManufacturerId 36 | */ 37 | public static final ASN1ObjectIdentifier platformManufacturerId = new ASN1ObjectIdentifier("2.23.133.5.1.2"); 38 | 39 | /** 40 | * tcg-at-platformConfigUri 41 | */ 42 | public static final ASN1ObjectIdentifier platformConfigUri = new ASN1ObjectIdentifier("2.23.133.5.1.3"); 43 | 44 | /** 45 | * tcg-at-platformModel 46 | */ 47 | // public static final ASN1ObjectIdentifier platformModel = new ASN1ObjectIdentifier("2.23.133.2.5"); OLD VALUE 48 | public static final ASN1ObjectIdentifier platformModel = new ASN1ObjectIdentifier("2.23.133.5.1.4"); 49 | 50 | /** 51 | * tcg-at-platformVersion 52 | */ 53 | // public static final ASN1ObjectIdentifier platformVersion = new ASN1ObjectIdentifier("2.23.133.2.6"); OLD VALUE 54 | public static final ASN1ObjectIdentifier platformVersion = new ASN1ObjectIdentifier("2.23.133.5.1.5"); 55 | 56 | /** 57 | * tcg-at-tcgPlatformSpecification 58 | */ 59 | public static final ASN1ObjectIdentifier tcgPlatformSpecification = new ASN1ObjectIdentifier("2.23.133.2.17"); 60 | 61 | /** 62 | * tcg-at-tbbSecurityAssertions 63 | */ 64 | public static final ASN1ObjectIdentifier tbbSecurityAssertions = new ASN1ObjectIdentifier("2.23.133.2.19"); 65 | 66 | /** 67 | * platformSerial 68 | */ 69 | // public static final ASN1ObjectIdentifier platformSerial = new ASN1ObjectIdentifier("2.23.133.2.23"); 70 | public static final ASN1ObjectIdentifier platformSerial = new ASN1ObjectIdentifier("2.23.133.5.1.6"); 71 | 72 | /** 73 | * unotice 74 | */ 75 | public static final ASN1ObjectIdentifier unotice = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.2.2"); 76 | 77 | /* 78 | * Singleton instance 79 | */ 80 | public static final X500NameStyle INSTANCE = new TrustiPhiStyle(); 81 | 82 | protected TrustiPhiStyle () 83 | 84 | { 85 | super(); 86 | 87 | defaultSymbols.put(SubjectAlternativeName, "subjectAlternativeName"); 88 | defaultSymbols.put(CertificatePolicies, "certificatePolicies"); 89 | defaultSymbols.put(platformManufacturer, "platformManufacturer"); 90 | defaultSymbols.put(platformManufacturerStr, "platformManufacturerStr"); 91 | defaultSymbols.put(platformManufacturerId, "platformManufacturerId"); 92 | defaultSymbols.put(platformConfigUri, "platformConfigUri"); 93 | defaultSymbols.put(platformModel, "platformModel"); 94 | defaultSymbols.put(platformVersion, "platformVersion"); 95 | defaultSymbols.put(tbbSecurityAssertions, "tbbSecurityAssertions"); 96 | defaultSymbols.put(platformSerial, "platformSerial"); 97 | defaultSymbols.put(unotice, "unotice"); 98 | 99 | defaultLookUp.put("subjectalternativename", SubjectAlternativeName); 100 | defaultLookUp.put("certificatepolicies", CertificatePolicies); 101 | defaultLookUp.put("platformmanufacturer", platformManufacturer); 102 | defaultLookUp.put("platformmanufacturerStr", platformManufacturerStr); 103 | defaultLookUp.put("platformmanufacturerId", platformManufacturerId); 104 | defaultLookUp.put("platformconfiguri", platformConfigUri); 105 | defaultLookUp.put("platformmodel", platformModel); 106 | defaultLookUp.put("platformversion", platformVersion); 107 | defaultLookUp.put("tbbSecurityassertions", tbbSecurityAssertions); 108 | defaultLookUp.put("platformserial", platformSerial); 109 | defaultLookUp.put("unotice", unotice); 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/X509ToPem.java: -------------------------------------------------------------------------------- 1 | /******** 2 | * The terms of the software license agreement included with any software you 3 | * download will control your use of the software. 4 | * 5 | * INTEL SOFTWARE LICENSE AGREEMENT 6 | * 7 | * IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. 8 | * 9 | * Do not use or load this software and any associated materials (collectively, 10 | * the "Software") until you have carefully read the following terms and 11 | * conditions. By loading or using the Software, you agree to the terms of this 12 | * Agreement. If you do not wish to so agree, do not install or use the Software. 13 | * 14 | * SEE "Intel Software License Agreement" file included with this package. 15 | * 16 | * Copyright Intel, Inc 2017 17 | */ 18 | 19 | package com.trustiphi.tpm2verification; 20 | 21 | import java.io.IOException; 22 | 23 | import org.bouncycastle.cert.X509CertificateHolder; 24 | 25 | /** 26 | * @author admin 27 | * 28 | */ 29 | public class X509ToPem { 30 | 31 | /** 32 | * 33 | */ 34 | public X509ToPem() { 35 | // TODO Auto-generated constructor stub 36 | } 37 | 38 | /** 39 | * @param args 40 | */ 41 | public static void main(String[] args) { 42 | if(args.length != 2) 43 | { 44 | output_usage(); 45 | System.exit(1); 46 | } 47 | 48 | String infilename = args[0]; 49 | String outfilename= args[1]; 50 | 51 | X509CertificateHolder cert; 52 | try { 53 | cert = new X509CertificateHolder(TP_FileUtils.readBinaryFile(infilename, true)); 54 | TP_FileUtils.writePemFile("X509 CERTIFICATE", cert.getEncoded(), outfilename, true); 55 | System.exit(0); 56 | } catch (IOException e) { 57 | System.out.println("ERROR: " + e.getLocalizedMessage()); 58 | System.exit(1); 59 | } 60 | 61 | } 62 | 63 | private static void output_usage() 64 | { 65 | final String usage = 66 | "\nThis application converts an input X.509 Certificate from DER format to PEM format" + 67 | "\nUSAGE: \n X509ToPem \n" + 68 | "\n input X.509 Certificate in DER (binary) format" + 69 | "\n filename where the ouput x.509 Certificate will be written in PEM format"; 70 | 71 | System.out.println(usage); 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/ObjectFactory.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlRegistry; 12 | 13 | @XmlRegistry 14 | public class ObjectFactory { 15 | 16 | 17 | /** 18 | * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: com.trustiphi.tpm2verification.platformcertparse 19 | * 20 | */ 21 | public ObjectFactory() { 22 | } 23 | 24 | /** 25 | * Create an instance of {@link PlatformCertificateData } 26 | * 27 | */ 28 | public PlatformCertificateData createPlatformCertificateData() { 29 | return new PlatformCertificateData(); 30 | } 31 | 32 | /** 33 | * Create an instance of {@link XmlCertificatePolicies } 34 | * 35 | */ 36 | public XmlCertificatePolicies createXmlCertificatePolicies() { 37 | return new XmlCertificatePolicies(); 38 | } 39 | 40 | /** 41 | * Create an instance of {@link XmlGeneralName } 42 | * 43 | */ 44 | public XmlGeneralName createXmlGeneralName() { 45 | return new XmlGeneralName(); 46 | } 47 | 48 | /** 49 | * Create an instance of {@link XmlCRLDistributionPoints } 50 | * 51 | */ 52 | public XmlCRLDistributionPoints createXmlCRLDistributionPoints() { 53 | return new XmlCRLDistributionPoints(); 54 | } 55 | 56 | /** 57 | * Create an instance of {@link XmlCommonCriteriaMeasures } 58 | * 59 | */ 60 | public XmlCommonCriteriaMeasures createXmlCommonCriteriaMeasures() { 61 | return new XmlCommonCriteriaMeasures(); 62 | } 63 | 64 | /** 65 | * Create an instance of {@link XmlURIReference } 66 | * 67 | */ 68 | public XmlURIReference createXmlURIReference() { 69 | return new XmlURIReference(); 70 | } 71 | 72 | /** 73 | * Create an instance of {@link XmlComponentIdentifier } 74 | * 75 | */ 76 | public XmlComponentIdentifier createXmlComponentIdentifier() { 77 | return new XmlComponentIdentifier(); 78 | } 79 | 80 | /** 81 | * Create an instance of {@link XmlProperties } 82 | * 83 | */ 84 | public XmlProperties createXmlProperties() { 85 | return new XmlProperties(); 86 | } 87 | 88 | /** 89 | * Create an instance of {@link XmlDistributionPointName } 90 | * 91 | */ 92 | public XmlDistributionPointName createXmlDistributionPointName() { 93 | return new XmlDistributionPointName(); 94 | } 95 | 96 | /** 97 | * Create an instance of {@link XmlPolicyQualifier } 98 | * 99 | */ 100 | public XmlPolicyQualifier createXmlPolicyQualifier() { 101 | return new XmlPolicyQualifier(); 102 | } 103 | 104 | /** 105 | * Create an instance of {@link XmlComponentAddress } 106 | * 107 | */ 108 | public XmlComponentAddress createXmlComponentAddress() { 109 | return new XmlComponentAddress(); 110 | } 111 | 112 | } 113 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlCRLDistributionPoints.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlType; 15 | 16 | 17 | /** 18 | *

Java class for XmlCRLDistributionPoints complex type. 19 | * 20 | *

The following schema fragment specifies the expected content contained within this class. 21 | * 22 | * 

 23 |  * <complexType name="XmlCRLDistributionPoints">
 24 |  *   <complexContent>
 25 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
 26 |  *       <sequence>
 27 |  *         <element name="distributionPoint" type="{www.trustiphi.com/platfromcertificateparser}XmlDistributionPointName" minOccurs="0"/>
 28 |  *         <element name="reasons" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
 29 |  *         <element name="cRLIssuer" type="{www.trustiphi.com/platfromcertificateparser}XmlGeneralName" minOccurs="0"/>
 30 |  *       </sequence>
 31 |  *     </restriction>
 32 |  *   </complexContent>
 33 |  * </complexType>
 34 |  *
35 | * 36 | * 37 | */ 38 | @XmlAccessorType(XmlAccessType.FIELD) 39 | @XmlType(name = "XmlCRLDistributionPoints", propOrder = { 40 | "distributionPoint", 41 | "reasons", 42 | "crlIssuer" 43 | }) 44 | public class XmlCRLDistributionPoints { 45 | 46 | protected XmlDistributionPointName distributionPoint; 47 | protected String reasons; 48 | @XmlElement(name = "cRLIssuer") 49 | protected XmlGeneralName crlIssuer; 50 | 51 | /** 52 | * Gets the value of the distributionPoint property. 53 | * 54 | * @return 55 | * possible object is 56 | * {@link XmlDistributionPointName } 57 | * 58 | */ 59 | public XmlDistributionPointName getDistributionPoint() { 60 | return distributionPoint; 61 | } 62 | 63 | /** 64 | * Sets the value of the distributionPoint property. 65 | * 66 | * @param value 67 | * allowed object is 68 | * {@link XmlDistributionPointName } 69 | * 70 | */ 71 | public void setDistributionPoint(XmlDistributionPointName value) { 72 | this.distributionPoint = value; 73 | } 74 | 75 | /** 76 | * Gets the value of the reasons property. 77 | * 78 | * @return 79 | * possible object is 80 | * {@link String } 81 | * 82 | */ 83 | public String getReasons() { 84 | return reasons; 85 | } 86 | 87 | /** 88 | * Sets the value of the reasons property. 89 | * 90 | * @param value 91 | * allowed object is 92 | * {@link String } 93 | * 94 | */ 95 | public void setReasons(String value) { 96 | this.reasons = value; 97 | } 98 | 99 | /** 100 | * Gets the value of the crlIssuer property. 101 | * 102 | * @return 103 | * possible object is 104 | * {@link XmlGeneralName } 105 | * 106 | */ 107 | public XmlGeneralName getCRLIssuer() { 108 | return crlIssuer; 109 | } 110 | 111 | /** 112 | * Sets the value of the crlIssuer property. 113 | * 114 | * @param value 115 | * allowed object is 116 | * {@link XmlGeneralName } 117 | * 118 | */ 119 | public void setCRLIssuer(XmlGeneralName value) { 120 | this.crlIssuer = value; 121 | } 122 | 123 | } 124 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlCertificatePolicies.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import java.util.ArrayList; 12 | import java.util.List; 13 | import javax.xml.bind.annotation.XmlAccessType; 14 | import javax.xml.bind.annotation.XmlAccessorType; 15 | import javax.xml.bind.annotation.XmlElement; 16 | import javax.xml.bind.annotation.XmlType; 17 | 18 | 19 | /** 20 | *

Java class for XmlCertificatePolicies complex type. 21 | * 22 | *

The following schema fragment specifies the expected content contained within this class. 23 | * 24 | * 

 25 |  * <complexType name="XmlCertificatePolicies">
 26 |  *   <complexContent>
 27 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
 28 |  *       <sequence>
 29 |  *         <element name="policyIdentifier" type="{http://www.w3.org/2001/XMLSchema}string"/>
 30 |  *         <element name="policyQualifier" type="{www.trustiphi.com/platfromcertificateparser}XmlPolicyQualifier" maxOccurs="unbounded" minOccurs="0"/>
 31 |  *       </sequence>
 32 |  *     </restriction>
 33 |  *   </complexContent>
 34 |  * </complexType>
 35 |  *
36 | * 37 | * 38 | */ 39 | @XmlAccessorType(XmlAccessType.FIELD) 40 | @XmlType(name = "XmlCertificatePolicies", propOrder = { 41 | "policyIdentifier", 42 | "policyQualifier" 43 | }) 44 | public class XmlCertificatePolicies { 45 | 46 | @XmlElement(required = true) 47 | protected String policyIdentifier; 48 | protected List policyQualifier; 49 | 50 | /** 51 | * Gets the value of the policyIdentifier property. 52 | * 53 | * @return 54 | * possible object is 55 | * {@link String } 56 | * 57 | */ 58 | public String getPolicyIdentifier() { 59 | return policyIdentifier; 60 | } 61 | 62 | /** 63 | * Sets the value of the policyIdentifier property. 64 | * 65 | * @param value 66 | * allowed object is 67 | * {@link String } 68 | * 69 | */ 70 | public void setPolicyIdentifier(String value) { 71 | this.policyIdentifier = value; 72 | } 73 | 74 | /** 75 | * Gets the value of the policyQualifier property. 76 | * 77 | *

78 | * This accessor method returns a reference to the live list, 79 | * not a snapshot. Therefore any modification you make to the 80 | * returned list will be present inside the JAXB object. 81 | * This is why there is not a set method for the policyQualifier property. 82 | * 83 | *

84 | * For example, to add a new item, do as follows: 85 | * 

 86 |      *    getPolicyQualifier().add(newItem);
 87 |      *
88 | * 89 | * 90 | *

91 | * Objects of the following type(s) are allowed in the list 92 | * {@link XmlPolicyQualifier } 93 | * 94 | * 95 | */ 96 | public List getPolicyQualifier() { 97 | if (policyQualifier == null) { 98 | policyQualifier = new ArrayList(); 99 | } 100 | return this.policyQualifier; 101 | } 102 | 103 | } 104 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlComponentAddress.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlType; 15 | 16 | 17 | /** 18 | *

Java class for XmlComponentAddress complex type. 19 | * 20 | *

The following schema fragment specifies the expected content contained within this class. 21 | * 22 | * 

23 |  * <complexType name="XmlComponentAddress">
24 |  *   <complexContent>
25 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
26 |  *       <sequence>
27 |  *         <element name="addressType" type="{http://www.w3.org/2001/XMLSchema}string"/>
28 |  *         <element name="addressValue" type="{http://www.w3.org/2001/XMLSchema}string"/>
29 |  *       </sequence>
30 |  *     </restriction>
31 |  *   </complexContent>
32 |  * </complexType>
33 |  *
34 | * 35 | * 36 | */ 37 | @XmlAccessorType(XmlAccessType.FIELD) 38 | @XmlType(name = "XmlComponentAddress", propOrder = { 39 | "addressType", 40 | "addressValue" 41 | }) 42 | public class XmlComponentAddress { 43 | 44 | @XmlElement(required = true) 45 | protected String addressType; 46 | @XmlElement(required = true) 47 | protected String addressValue; 48 | 49 | /** 50 | * Gets the value of the addressType property. 51 | * 52 | * @return 53 | * possible object is 54 | * {@link String } 55 | * 56 | */ 57 | public String getAddressType() { 58 | return addressType; 59 | } 60 | 61 | /** 62 | * Sets the value of the addressType property. 63 | * 64 | * @param value 65 | * allowed object is 66 | * {@link String } 67 | * 68 | */ 69 | public void setAddressType(String value) { 70 | this.addressType = value; 71 | } 72 | 73 | /** 74 | * Gets the value of the addressValue property. 75 | * 76 | * @return 77 | * possible object is 78 | * {@link String } 79 | * 80 | */ 81 | public String getAddressValue() { 82 | return addressValue; 83 | } 84 | 85 | /** 86 | * Sets the value of the addressValue property. 87 | * 88 | * @param value 89 | * allowed object is 90 | * {@link String } 91 | * 92 | */ 93 | public void setAddressValue(String value) { 94 | this.addressValue = value; 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlDistributionPointName.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import java.util.ArrayList; 12 | import java.util.List; 13 | import javax.xml.bind.annotation.XmlAccessType; 14 | import javax.xml.bind.annotation.XmlAccessorType; 15 | import javax.xml.bind.annotation.XmlType; 16 | 17 | 18 | /** 19 | *

Java class for XmlDistributionPointName complex type. 20 | * 21 | *

The following schema fragment specifies the expected content contained within this class. 22 | * 23 | * 

 24 |  * <complexType name="XmlDistributionPointName">
 25 |  *   <complexContent>
 26 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
 27 |  *       <choice>
 28 |  *         <element name="fullname" type="{www.trustiphi.com/platfromcertificateparser}XmlGeneralName" maxOccurs="unbounded"/>
 29 |  *         <element name="nameRelativeToCRLIssuer" type="{www.trustiphi.com/platfromcertificateparser}XmlGeneralName" maxOccurs="unbounded"/>
 30 |  *       </choice>
 31 |  *     </restriction>
 32 |  *   </complexContent>
 33 |  * </complexType>
 34 |  *
35 | * 36 | * 37 | */ 38 | @XmlAccessorType(XmlAccessType.FIELD) 39 | @XmlType(name = "XmlDistributionPointName", propOrder = { 40 | "fullname", 41 | "nameRelativeToCRLIssuer" 42 | }) 43 | public class XmlDistributionPointName { 44 | 45 | protected List fullname; 46 | protected List nameRelativeToCRLIssuer; 47 | 48 | /** 49 | * Gets the value of the fullname property. 50 | * 51 | *

52 | * This accessor method returns a reference to the live list, 53 | * not a snapshot. Therefore any modification you make to the 54 | * returned list will be present inside the JAXB object. 55 | * This is why there is not a set method for the fullname property. 56 | * 57 | *

58 | * For example, to add a new item, do as follows: 59 | * 

 60 |      *    getFullname().add(newItem);
 61 |      *
62 | * 63 | * 64 | *

65 | * Objects of the following type(s) are allowed in the list 66 | * {@link XmlGeneralName } 67 | * 68 | * 69 | */ 70 | public List getFullname() { 71 | if (fullname == null) { 72 | fullname = new ArrayList(); 73 | } 74 | return this.fullname; 75 | } 76 | 77 | /** 78 | * Gets the value of the nameRelativeToCRLIssuer property. 79 | * 80 | *

81 | * This accessor method returns a reference to the live list, 82 | * not a snapshot. Therefore any modification you make to the 83 | * returned list will be present inside the JAXB object. 84 | * This is why there is not a set method for the nameRelativeToCRLIssuer property. 85 | * 86 | *

87 | * For example, to add a new item, do as follows: 88 | * 

 89 |      *    getNameRelativeToCRLIssuer().add(newItem);
 90 |      *
91 | * 92 | * 93 | *

94 | * Objects of the following type(s) are allowed in the list 95 | * {@link XmlGeneralName } 96 | * 97 | * 98 | */ 99 | public List getNameRelativeToCRLIssuer() { 100 | if (nameRelativeToCRLIssuer == null) { 101 | nameRelativeToCRLIssuer = new ArrayList(); 102 | } 103 | return this.nameRelativeToCRLIssuer; 104 | } 105 | 106 | } 107 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlGeneralName.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlType; 15 | 16 | 17 | /** 18 | *

Java class for XmlGeneralName complex type. 19 | * 20 | *

The following schema fragment specifies the expected content contained within this class. 21 | * 22 | * 

23 |  * <complexType name="XmlGeneralName">
24 |  *   <complexContent>
25 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
26 |  *       <sequence>
27 |  *         <element name="tag" type="{www.trustiphi.com/platfromcertificateparser}XmlGeneralNameTag"/>
28 |  *         <element name="name" type="{http://www.w3.org/2001/XMLSchema}string"/>
29 |  *       </sequence>
30 |  *     </restriction>
31 |  *   </complexContent>
32 |  * </complexType>
33 |  *
34 | * 35 | * 36 | */ 37 | @XmlAccessorType(XmlAccessType.FIELD) 38 | @XmlType(name = "XmlGeneralName", propOrder = { 39 | "tag", 40 | "name" 41 | }) 42 | public class XmlGeneralName { 43 | 44 | @XmlElement(required = true) 45 | protected XmlGeneralNameTag tag; 46 | @XmlElement(required = true) 47 | protected String name; 48 | 49 | /** 50 | * Gets the value of the tag property. 51 | * 52 | * @return 53 | * possible object is 54 | * {@link XmlGeneralNameTag } 55 | * 56 | */ 57 | public XmlGeneralNameTag getTag() { 58 | return tag; 59 | } 60 | 61 | /** 62 | * Sets the value of the tag property. 63 | * 64 | * @param value 65 | * allowed object is 66 | * {@link XmlGeneralNameTag } 67 | * 68 | */ 69 | public void setTag(XmlGeneralNameTag value) { 70 | this.tag = value; 71 | } 72 | 73 | /** 74 | * Gets the value of the name property. 75 | * 76 | * @return 77 | * possible object is 78 | * {@link String } 79 | * 80 | */ 81 | public String getName() { 82 | return name; 83 | } 84 | 85 | /** 86 | * Sets the value of the name property. 87 | * 88 | * @param value 89 | * allowed object is 90 | * {@link String } 91 | * 92 | */ 93 | public void setName(String value) { 94 | this.name = value; 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlGeneralNameTag.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlEnum; 12 | import javax.xml.bind.annotation.XmlEnumValue; 13 | import javax.xml.bind.annotation.XmlType; 14 | 15 | 16 | /** 17 | *

Java class for XmlGeneralNameTag. 18 | * 19 | *

The following schema fragment specifies the expected content contained within this class. 20 | *

21 | * 

22 |  * <simpleType name="XmlGeneralNameTag">
23 |  *   <restriction base="{http://www.w3.org/2001/XMLSchema}string">
24 |  *     <enumeration value="otherName"/>
25 |  *     <enumeration value="rfc822Name"/>
26 |  *     <enumeration value="dNSName"/>
27 |  *     <enumeration value="x400Address"/>
28 |  *     <enumeration value="directoryName"/>
29 |  *     <enumeration value="ediPartyName"/>
30 |  *     <enumeration value="uniformResourceIdentifier"/>
31 |  *     <enumeration value="iPAddress"/>
32 |  *     <enumeration value="registeredID"/>
33 |  *   </restriction>
34 |  * </simpleType>
35 |  *
36 | * 37 | */ 38 | @XmlType(name = "XmlGeneralNameTag") 39 | @XmlEnum 40 | public enum XmlGeneralNameTag { 41 | 42 | @XmlEnumValue("otherName") 43 | OTHER_NAME("otherName"), 44 | @XmlEnumValue("rfc822Name") 45 | RFC_822_NAME("rfc822Name"), 46 | @XmlEnumValue("dNSName") 47 | D_NS_NAME("dNSName"), 48 | @XmlEnumValue("x400Address") 49 | X_400_ADDRESS("x400Address"), 50 | @XmlEnumValue("directoryName") 51 | DIRECTORY_NAME("directoryName"), 52 | @XmlEnumValue("ediPartyName") 53 | EDI_PARTY_NAME("ediPartyName"), 54 | @XmlEnumValue("uniformResourceIdentifier") 55 | UNIFORM_RESOURCE_IDENTIFIER("uniformResourceIdentifier"), 56 | @XmlEnumValue("iPAddress") 57 | I_P_ADDRESS("iPAddress"), 58 | @XmlEnumValue("registeredID") 59 | REGISTERED_ID("registeredID"); 60 | private final String value; 61 | 62 | XmlGeneralNameTag(String v) { 63 | value = v; 64 | } 65 | 66 | public String value() { 67 | return value; 68 | } 69 | 70 | public static XmlGeneralNameTag fromValue(String v) { 71 | for (XmlGeneralNameTag c: XmlGeneralNameTag.values()) { 72 | if (c.value.equals(v)) { 73 | return c; 74 | } 75 | } 76 | throw new IllegalArgumentException(v); 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlPolicyQualifier.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlType; 15 | 16 | 17 | /** 18 | *

Java class for XmlPolicyQualifier complex type. 19 | * 20 | *

The following schema fragment specifies the expected content contained within this class. 21 | * 22 | * 

23 |  * <complexType name="XmlPolicyQualifier">
24 |  *   <complexContent>
25 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
26 |  *       <sequence>
27 |  *         <element name="policyQualifierId" type="{http://www.w3.org/2001/XMLSchema}string"/>
28 |  *         <element name="qualifier" type="{http://www.w3.org/2001/XMLSchema}string"/>
29 |  *       </sequence>
30 |  *     </restriction>
31 |  *   </complexContent>
32 |  * </complexType>
33 |  *
34 | * 35 | * 36 | */ 37 | @XmlAccessorType(XmlAccessType.FIELD) 38 | @XmlType(name = "XmlPolicyQualifier", propOrder = { 39 | "policyQualifierId", 40 | "qualifier" 41 | }) 42 | public class XmlPolicyQualifier { 43 | 44 | @XmlElement(required = true) 45 | protected String policyQualifierId; 46 | @XmlElement(required = true) 47 | protected String qualifier; 48 | 49 | /** 50 | * Gets the value of the policyQualifierId property. 51 | * 52 | * @return 53 | * possible object is 54 | * {@link String } 55 | * 56 | */ 57 | public String getPolicyQualifierId() { 58 | return policyQualifierId; 59 | } 60 | 61 | /** 62 | * Sets the value of the policyQualifierId property. 63 | * 64 | * @param value 65 | * allowed object is 66 | * {@link String } 67 | * 68 | */ 69 | public void setPolicyQualifierId(String value) { 70 | this.policyQualifierId = value; 71 | } 72 | 73 | /** 74 | * Gets the value of the qualifier property. 75 | * 76 | * @return 77 | * possible object is 78 | * {@link String } 79 | * 80 | */ 81 | public String getQualifier() { 82 | return qualifier; 83 | } 84 | 85 | /** 86 | * Sets the value of the qualifier property. 87 | * 88 | * @param value 89 | * allowed object is 90 | * {@link String } 91 | * 92 | */ 93 | public void setQualifier(String value) { 94 | this.qualifier = value; 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlProperties.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlType; 15 | 16 | 17 | /** 18 | *

Java class for XmlProperties complex type. 19 | * 20 | *

The following schema fragment specifies the expected content contained within this class. 21 | * 22 | * 

23 |  * <complexType name="XmlProperties">
24 |  *   <complexContent>
25 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
26 |  *       <sequence>
27 |  *         <element name="propertyName" type="{http://www.w3.org/2001/XMLSchema}string"/>
28 |  *         <element name="propertyValue" type="{http://www.w3.org/2001/XMLSchema}string"/>
29 |  *       </sequence>
30 |  *     </restriction>
31 |  *   </complexContent>
32 |  * </complexType>
33 |  *
34 | * 35 | * 36 | */ 37 | @XmlAccessorType(XmlAccessType.FIELD) 38 | @XmlType(name = "XmlProperties", propOrder = { 39 | "propertyName", 40 | "propertyValue" 41 | }) 42 | public class XmlProperties { 43 | 44 | @XmlElement(required = true) 45 | protected String propertyName; 46 | @XmlElement(required = true) 47 | protected String propertyValue; 48 | 49 | /** 50 | * Gets the value of the propertyName property. 51 | * 52 | * @return 53 | * possible object is 54 | * {@link String } 55 | * 56 | */ 57 | public String getPropertyName() { 58 | return propertyName; 59 | } 60 | 61 | /** 62 | * Sets the value of the propertyName property. 63 | * 64 | * @param value 65 | * allowed object is 66 | * {@link String } 67 | * 68 | */ 69 | public void setPropertyName(String value) { 70 | this.propertyName = value; 71 | } 72 | 73 | /** 74 | * Gets the value of the propertyValue property. 75 | * 76 | * @return 77 | * possible object is 78 | * {@link String } 79 | * 80 | */ 81 | public String getPropertyValue() { 82 | return propertyValue; 83 | } 84 | 85 | /** 86 | * Sets the value of the propertyValue property. 87 | * 88 | * @param value 89 | * allowed object is 90 | * {@link String } 91 | * 92 | */ 93 | public void setPropertyValue(String value) { 94 | this.propertyValue = value; 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/XmlURIReference.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | 11 | import javax.xml.bind.annotation.XmlAccessType; 12 | import javax.xml.bind.annotation.XmlAccessorType; 13 | import javax.xml.bind.annotation.XmlElement; 14 | import javax.xml.bind.annotation.XmlSchemaType; 15 | import javax.xml.bind.annotation.XmlType; 16 | import javax.xml.bind.annotation.adapters.HexBinaryAdapter; 17 | import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; 18 | 19 | 20 | /** 21 | *

Java class for XmlURIReference complex type. 22 | * 23 | *

The following schema fragment specifies the expected content contained within this class. 24 | * 25 | * 

 26 |  * <complexType name="XmlURIReference">
 27 |  *   <complexContent>
 28 |  *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
 29 |  *       <sequence>
 30 |  *         <element name="uniformResourceIdentifier" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
 31 |  *         <element name="hashAlgorithm" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
 32 |  *         <element name="hashValue" type="{http://www.w3.org/2001/XMLSchema}hexBinary" minOccurs="0"/>
 33 |  *       </sequence>
 34 |  *     </restriction>
 35 |  *   </complexContent>
 36 |  * </complexType>
 37 |  *
38 | * 39 | * 40 | */ 41 | @XmlAccessorType(XmlAccessType.FIELD) 42 | @XmlType(name = "XmlURIReference", propOrder = { 43 | "uniformResourceIdentifier", 44 | "hashAlgorithm", 45 | "hashValue" 46 | }) 47 | public class XmlURIReference { 48 | 49 | protected String uniformResourceIdentifier; 50 | protected String hashAlgorithm; 51 | @XmlElement(type = String.class) 52 | @XmlJavaTypeAdapter(HexBinaryAdapter.class) 53 | @XmlSchemaType(name = "hexBinary") 54 | protected byte[] hashValue; 55 | 56 | /** 57 | * Gets the value of the uniformResourceIdentifier property. 58 | * 59 | * @return 60 | * possible object is 61 | * {@link String } 62 | * 63 | */ 64 | public String getUniformResourceIdentifier() { 65 | return uniformResourceIdentifier; 66 | } 67 | 68 | /** 69 | * Sets the value of the uniformResourceIdentifier property. 70 | * 71 | * @param value 72 | * allowed object is 73 | * {@link String } 74 | * 75 | */ 76 | public void setUniformResourceIdentifier(String value) { 77 | this.uniformResourceIdentifier = value; 78 | } 79 | 80 | /** 81 | * Gets the value of the hashAlgorithm property. 82 | * 83 | * @return 84 | * possible object is 85 | * {@link String } 86 | * 87 | */ 88 | public String getHashAlgorithm() { 89 | return hashAlgorithm; 90 | } 91 | 92 | /** 93 | * Sets the value of the hashAlgorithm property. 94 | * 95 | * @param value 96 | * allowed object is 97 | * {@link String } 98 | * 99 | */ 100 | public void setHashAlgorithm(String value) { 101 | this.hashAlgorithm = value; 102 | } 103 | 104 | /** 105 | * Gets the value of the hashValue property. 106 | * 107 | * @return 108 | * possible object is 109 | * {@link String } 110 | * 111 | */ 112 | public byte[] getHashValue() { 113 | return hashValue; 114 | } 115 | 116 | /** 117 | * Sets the value of the hashValue property. 118 | * 119 | * @param value 120 | * allowed object is 121 | * {@link String } 122 | * 123 | */ 124 | public void setHashValue(byte[] value) { 125 | this.hashValue = value; 126 | } 127 | 128 | } 129 | -------------------------------------------------------------------------------- /src/java/src/com/trustiphi/tpm2verification/platformcertparse/package-info.java: -------------------------------------------------------------------------------- 1 | // 2 | // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4-2 3 | // See http://java.sun.com/xml/jaxb 4 | // Any modifications to this file will be lost upon recompilation of the source schema. 5 | // Generated on: 2017.09.06 at 02:40:54 PM EDT 6 | // 7 | 8 | @javax.xml.bind.annotation.XmlSchema(namespace = "www.trustiphi.com/platfromcertificateparser", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) 9 | package com.trustiphi.tpm2verification.platformcertparse; 10 | -------------------------------------------------------------------------------- /title.txt: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /tss.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PlatformCertTool/PCVT_TPM20/60a6182c419d3616252705f11fc3b24dd65b3722/tss.dll --------------------------------------------------------------------------------