security/tpm-quote-tools: Add new port

The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism. The manual page for tpm_quote_tools provides a usage overview. The manangement tools are only used to take ownership of a TPM. The additional patches[1] in files/ come from AUR and were authored by Michael Niewöhner. The patches were incomplete according to grawity[2]. I've incorporated grawity's feedback into our patches so that the -y flag is recognized by a call to getopt(). [1]: https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools [2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239 Sponsored by: Klara, Inc.
2022-11-03 14:26:29 +01:00 · 2022-11-03 14:26:29 +01:00 · 01e03aed2f
commit 01e03aed2f
parent ea0c1f1917
7 changed files with 122 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -1253,6 +1253,7 @@
    SUBDIR += tor
    SUBDIR += tor-devel
    SUBDIR += totp-cli
+    SUBDIR += tpm-quote-tools
    SUBDIR += tpm-tools
    SUBDIR += tpm2-abrmd
    SUBDIR += tpm2-tools
--- a/security/tpm-quote-tools/Makefile
+++ b/security/tpm-quote-tools/Makefile
@ -0,0 +1,19 @@
+PORTNAME=	tpm-quote-tools
+DISTVERSION=	1.0.4
+CATEGORIES=	security
+MASTER_SITES=	SF/tpmquotetools/${PORTVERSION}
+
+MAINTAINER=	0mp@FreeBSD.org
+COMMENT=	Tools for TPM-based remote attestation using the TPM quote operation
+WWW=		https://sourceforge.net/projects/tpmquotetools/
+
+LICENSE=	BSD3CLAUSE
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libtspi.so:security/trousers
+
+USES=		iconv localbase:ldflags ssl
+
+GNU_CONFIGURE=	YES
+
+.include <bsd.port.mk>
--- a/security/tpm-quote-tools/distinfo
+++ b/security/tpm-quote-tools/distinfo
@ -0,0 +1,5 @@
+TIMESTAMP = 1667481591
+SHA256 (tpm-quote-tools-1.0.4.tar.gz) = 10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2
+SIZE (tpm-quote-tools-1.0.4.tar.gz) = 188806
+SHA256 (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 32f814b8d22c409d3543c34e4199f21152a30f3410162ef6c91f6a713641f19d
+SIZE (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 2803
--- a/security/tpm-quote-tools/files/patch-tpm__mkaik.8
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
@ -0,0 +1,24 @@
+--- tpm_mkaik.8.orig	2017-01-18 17:10:09 UTC
+++ tpm_mkaik.8
+@@ -3,7 +3,7 @@ tpm_mkaik \- make a TPM Attestation Identity Key
+ tpm_mkaik \- make a TPM Attestation Identity Key
+ .SH SYNOPSIS
+ .B tpm_mkaik
+-.RB [ \-zuhv ]
+.RB [ \-yzuhv ]
+ .RI BLOB-FILE
+ .RI PUBKEY-FILE
+ .br
+@@ -16,8 +16,11 @@ The public key is DER encoded.
+ .RI PUBKEY-FILE.
+ The public key is DER encoded.
+ .TP
+-.RB \-z
+.RB \-y
+ Use the well known secret used as the owner secret.
+.TP
+.RB \-z
+Use the well known secret used as the SRK secret.
+ .TP
+ .RB \-u
+ Use TSS UNICODE encoding for passwords.
--- a/security/tpm-quote-tools/files/patch-tpm__mkaik.c
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
@ -0,0 +1,51 @@
+--- tpm_mkaik.c.orig	2017-05-26 13:25:17 UTC
+++ tpm_mkaik.c
+@@ -102,7 +102,8 @@ static int usage(const char *prog)
+   const char text[] =
+     "Usage: %s [options] blob pubkey\n"
+     "Options:\n"
+-    "\t-z   Use well known secret used as owner secret\n"
+    "\t-y   Use well known secret used as owner secret\n"
+    "\t-z   Use well known secret used as SRK secret\n"
+     "\t-u   Use TSS UNICODE encoding for passwords\n"
+     "\t-h   Display command usage info\n"
+     "\t-v   Display command version info\n"
+@@ -115,13 +116,17 @@ int main (int argc, char **argv)
+ 
+ int main (int argc, char **argv)
+ {
+-  int well_known = 0;
+  int well_known_srk = 0;
+  int well_known_owner = 0;
+   int utf16le = 0;
+   int opt;
+-  while ((opt = getopt(argc, argv, "zuhv")) != -1) {
+  while ((opt = getopt(argc, argv, "yzuhv")) != -1) {
+     switch (opt) {
+    case 'y':
+      well_known_owner = 1;
+      break;
+     case 'z':
+-      well_known = 1;
+      well_known_srk = 1;
+       break;
+     case 'u':
+       utf16le = 1;
+@@ -173,7 +178,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "getting SRK policy"));
+ 
+-  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le);
+  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known_srk, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting SRK secret"));
+ 
+@@ -193,7 +198,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "assigning TPM policy"));
+ 
+-  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le);
+  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known_owner, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting TPM policy secret"));
+ 
--- a/security/tpm-quote-tools/pkg-descr
+++ b/security/tpm-quote-tools/pkg-descr
@ -0,0 +1,5 @@
+The TPM Quote Tools is a collection of programs that provide support
+for TPM based attestation using the TPM quote mechanism.  The manual
+page for tpm_quote_tools provides a usage overview.
+
+The management tools are only used to take ownership of a TPM.
--- a/security/tpm-quote-tools/pkg-plist
+++ b/security/tpm-quote-tools/pkg-plist
@ -0,0 +1,17 @@
+bin/tpm_getpcrhash
+bin/tpm_getquote
+bin/tpm_loadkey
+bin/tpm_mkaik
+bin/tpm_mkuuid
+bin/tpm_unloadkey
+bin/tpm_updatepcrhash
+bin/tpm_verifyquote
+man/man8/tpm_getpcrhash.8.gz
+man/man8/tpm_getquote.8.gz
+man/man8/tpm_loadkey.8.gz
+man/man8/tpm_mkaik.8.gz
+man/man8/tpm_mkuuid.8.gz
+man/man8/tpm_quote_tools.8.gz
+man/man8/tpm_unloadkey.8.gz
+man/man8/tpm_updatepcrhash.8.gz
+man/man8/tpm_verifyquote.8.gz