packages/tpm2-tss-engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tpm2-tss-engine/test/ecdh.sh
wangyoukang 0260ffe813 add upstream initial src code 
Signed-off-by: wangyoukang <wangyoukang@xfusion.com>
2023-05-17 10:13:46 +08:00

63 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euf
# Create a primary key pair
echo "Generating primary key"
PARENT_CTX=primary_owner_key.ctx
tpm2_createprimary --hierarchy=o \
--key-algorithm=ecc \
--hash-algorithm=sha256 \
--key-context=${PARENT_CTX}
# Create an ECDH key pair
echo "Generating ECDH key pair"
ECDH_TPM_PUBKEY=ecdhtpm.pub
ECDH_TPM_KEY=ecdhtpm
tpm2_create --key-auth=abc \
--parent-context=${PARENT_CTX} \
--key-algorithm=ecc256:ecdh-sha256 \
--public=${ECDH_TPM_PUBKEY} \
--private=${ECDH_TPM_KEY} \
--attributes fixedparent\|fixedtpm\|decrypt\|sensitivedataorigin\|userwithauth\|noda
tpm2_flushcontext --transient-object
# Load key to persistent handle
ECDH_CTX=ecdhkey.ctx
tpm2_load --parent-context=${PARENT_CTX} \
--public=${ECDH_TPM_PUBKEY} \
--private=${ECDH_TPM_KEY} \
--key-context=${ECDH_CTX}
tpm2_flushcontext --transient-object
HANDLE=$(tpm2_evictcontrol --hierarchy=o --object-context=${ECDH_CTX} | cut -d ' ' -f 2 | head -n 1)
tpm2_flushcontext --transient-object
# Get public key of handle
ECDH_TPM_PUBKEY_PEM=ecdhtpm.pem
tpm2_readpublic --object-context=${HANDLE} --output=${ECDH_TPM_PUBKEY_PEM} --format=pem
# Generate peer key pair
ECDH_PEER_PUBKEY=echdpeer.pub
ECDH_PEER_KEY=ecdhpeer
openssl ecparam -name prime256v1 -genkey -noout -out ${ECDH_PEER_KEY}
openssl ec -in ${ECDH_PEER_KEY} -pubout -out ${ECDH_PEER_PUBKEY}
# Perform ECDH using the TPM key pair as the private key and the peer key pair as the public key
SECRET0=$(echo "abc" | openssl pkeyutl -derive -engine tpm2tss -keyform engine -inkey ${HANDLE} -peerkey ${ECDH_PEER_PUBKEY} -peerform pem -passin stdin | base64)
echo -e "TPM(prv) <-> PEER(pub): ${SECRET0}"
# Perform ECDH with the peer key pair as the private key and the TPM key pair as the public key
SECRET1=$(openssl pkeyutl -derive -inkey ${ECDH_PEER_KEY} -peerkey ${ECDH_TPM_PUBKEY_PEM} -peerform pem | base64)
echo -e "TPM(pub) <-> PEER(prv): ${SECRET1}"
# Release persistent HANDLE and remove files
tpm2_evictcontrol --object-context=${HANDLE}
rm ${ECDH_PEER_KEY} ${ECDH_PEER_PUBKEY} ${ECDH_TPM_PUBKEY} ${ECDH_TPM_KEY} ${ECDH_TPM_PUBKEY_PEM} ${ECDH_CTX}
# Ensure tpm and peer generated secrets are the same
if [ "${SECRET0}" != "${SECRET1}" ]; then
echo "secrets don't match"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink