Merge pull request tpm2-software#79 from gwei3/quote-enhance-20160707

tpm2_quote: add -q option to get qualifying data

manual

@@ -431,11 +431,16 @@ Usage:
   -o, --outFile<filePath>       output file path, recording the two structures
                                 output by tpm2_quote function
   -X, --passwdInHex             passwords given by any options are hex format.
+  -q, --qualifyData <hexData>   Data given as a Hex string to qualify the
+                                quote, optional.
 
 example:
     tpm2_quote -k 0x81010002 -P abc123 -g 0x4 -l 16,17,18 -o outFile001
     tpm2_quote -c ak.context -P abc123 -g 0x4 -l 16,17,18 -o outFile001
-    tpm2_quote -k 0x81010002 -P 123abc -X -g 0x4 -l 16,17,18 -o outFile001
+    tpm2_quote -k 0x81010002 -g 0x4 -l 16,17,18 -o outFile001
+    tpm2_quote -c ak.context -g 0x4 -l 16,17,18 -o outFile001
+    tpm2_quote -k 0x81010002 -P 123abc -X -g 0x4 -l 16,17,18 -o outFile001 -q 11aa22bb
+
 
 * tpm2_listpersistent
 display all defined persistent objects.

src/tpm2_quote.cpp

@@ -70,6 +70,7 @@ typedef struct {
 TPMS_AUTH_COMMAND sessionData;
 bool hexPasswd = false;
 char outFilePath[PATH_MAX];
+TPM2B_DATA qualifyingData = {{0,}};
 
 void PrintBuffer( UINT8 *buffer, UINT32 size )
 {
@@ -221,8 +222,6 @@ UINT16  calcSizeofTPMT_SIGNATURE( TPMT_SIGNATURE *sig )
 int quote(TPM_HANDLE akHandle, PCR_LIST pcrList, TPMI_ALG_HASH algorithmId)
 {
     UINT32 rval;
-    TPM2B_DATA qualifyingData;
-    UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
     TPMT_SIG_SCHEME inScheme;
     TPML_PCR_SELECTION  pcrSelection;
     TPMS_AUTH_RESPONSE sessionDataOut;
@@ -258,9 +257,6 @@ int quote(TPM_HANDLE akHandle, PCR_LIST pcrList, TPMI_ALG_HASH algorithmId)
         }
     }
 
-    qualifyingData.t.size = sizeof( qualDataString );
-    memcpy( &qualifyingData.t.buffer[0], qualDataString, sizeof( qualDataString ) );
-
     inScheme.scheme = TPM_ALG_NULL;
 
     pcrSelection.count = 1;
@@ -332,6 +328,7 @@ void showHelp(const char *name)
             "-g, --algorithm <hexAlg>      The algorithm id\n"
             "-o, --outFile<filePath>       output file path, recording the two structures output by tpm2_quote function\n"
             "-X, --passwdInHex             passwords given by any options are hex format.\n"
+            "-q, --qualifyData <hexData>   Data given as a Hex string to qualify the quote, optional.\n"
             "-p, --port    <port number>   The Port number, default is %d, optional\n"
             "-d, --debugLevel <0|1|2|3>    The level of debug message, default is 0, optional\n"
             "\t0 (high level test results)\n"
@@ -345,9 +342,9 @@ void showHelp(const char *name)
             "quote the selected PCR values:\n"
             "\t %s -k 0x80000001 -P abc123 -g 0x4 -l 16,17,18 -o outFile001\n"
             "\t %s -c ak.context -P abc123 -g 0x4 -l 16,17,18 -o outFile001\n"
-            "\t %s -k 0x80000001 -g 0x4 -l 16,17,18 -o outFile001 \n\n"
-            "\t %s -c ak.context -g 0x4 -l 16,17,18 -o outFile001 \n\n"
-            "\t %s -k 0x80000001 -P 123abc -X -g 0x4 -l 16,17,18 -o outFile001\n"
+            "\t %s -k 0x80000001 -g 0x4 -l 16,17,18 -o outFile001 \n"
+            "\t %s -c ak.context -g 0x4 -l 16,17,18 -o outFile001 \n"
+            "\t %s -k 0x80000001 -P 123abc -X -g 0x4 -l 16,17,18 -o outFile001 -q 11aa22bb\n"
             , name, DEFAULT_RESMGR_TPM_PORT, name, name, name, name, name, name, name);
 }
 
@@ -430,7 +427,7 @@ int main(int argc, char *argv[])
     setvbuf (stdout, NULL, _IONBF, BUFSIZ);
 
     int opt = -1;
-    const char *optstring = "hvk:c:P:l:g:o:Xp:d:";
+    const char *optstring = "hvk:c:P:l:g:o:Xq:p:d:";
     static struct option long_options[] = {
         {"help",0,NULL,'h'},
         {"version",0,NULL,'v'},
@@ -441,6 +438,7 @@ int main(int argc, char *argv[])
         {"algorithm",1,NULL,'g'},
         {"outFile",1,NULL,'o'},
         {"passwdInHex",0,NULL,'X'},
+        {"qualifyData",1,NULL,'q'},
         {"port",1,NULL,'p'},
         {"debugLevel",1,NULL,'d'},
         {0,0,0,0}
@@ -535,6 +533,14 @@ int main(int argc, char *argv[])
         case 'X':
             hexPasswd = true;
             break;
+        case 'q':
+            qualifyingData.t.size = sizeof(qualifyingData) - 2;
+            if(hex2ByteStructure(optarg,&qualifyingData.t.size,qualifyingData.t.buffer) != 0)
+            {
+                returnVal = -14;
+                break;
+            }
+            break;
         case 'p':
             if( getPort(optarg, &port) )
             {

test/test_tpm2_quote.sh

@@ -50,9 +50,11 @@ file_quote_output=quote_"$file_quote_key_ctx"
 Handle_ak_quote=0x81010016
 Handle_ek_quote=0x81010017
 
+nonce=12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde
+
 fail()
 {
-	    echo "$1 test fail, pelase check the environment or parameters!"
+	    echo "$1 test fail, please check the environment or parameters!"
 #			    echo ""$1" fail" >>test_encryptdecrypt_error.log
  exit 1
 }
@@ -82,9 +84,9 @@ if [ $? != 0 ];then
 	fail load   
 fi
 
-tpm2_quote -c $file_quote_key_ctx  -g 0x4 -l 16,17,18 -o $file_quote_output
+tpm2_quote -c $file_quote_key_ctx  -g 0x4 -l 16,17,18 -o $file_quote_output -q $nonce
 if [ $? != 0 ];then
-	fail decrypt 
+	fail quote 
 fi
 
 #####handle testing
@@ -94,7 +96,7 @@ if [ $? != 0 ];then
 fi
 
 rm quote_handle_output_"$Handle_ak_quote" -rf
-tpm2_quote -k $Handle_ak_quote  -g $alg_quote -l 16,17,18 -o quote_handle_output_"$Handle_ak_quote"
+tpm2_quote -k $Handle_ak_quote  -g $alg_quote -l 16,17,18 -o quote_handle_output_"$Handle_ak_quote" -q $nonce
 if [ $? != 0 ];then
 	fail quote_handle 
 fi
@@ -113,7 +115,7 @@ if [ $? != 0 ];then
 fi
 
 rm quote_handle_output_"$Handle_ak_quote" -rf
-tpm2_quote -k  $Handle_ak_quote -g $alg_quote -l 16,17,18 -o quote_handle_output_"$Handle_ak_quote"
+tpm2_quote -k  $Handle_ak_quote -g $alg_quote -l 16,17,18 -o quote_handle_output_"$Handle_ak_quote" -q $nonce
 if [ $? != 0 ];then
 	fail quote_handle_ak 
 fi