证明身份密钥 (AIK)工具_C语言_代码_下载

aiktools ======== This is a clone of the Attestation Identity Key (AIK) tools _previously found_ at "privacyca.com/code.html", which was a website operated by Hal Finney (the domain appears to have been purchased by a completely unrelated entity as of May 2017) This requires: * A TPM * apt-get install trousers tpm-tools libtspi-dev # Documentation The following documentation was previously found at "privacyca.com/code.html" (grabbed from a 2013 Wayback Machine snapshot); it may be helpful in understanding the code in this repository: ## Sample Source Code The code samples here are based on the Trousers TPM Software Stack for Linux systems. The following programs are available: - Privacy CA client - EK Certificate Extractor - AIK Direct Proof Utilities - AIK Quote Utilities ### Privacy CA client `identity.c` acts as a client to commuicate with the Privacy CA server. It creates an AIK and requests an AIK certificate from the server. (Note: the UI was changed in late 2009 for identity.c to output the AIK as a blob rather than storing it in the TSS database. The previous version is available as identity10.c.) The program can run in two modes. For the default, insecure mode, compile with: ``` gcc -o identity identity.c -lcurl -ltspi ``` This will create a dummy EK certificate and request a Level 0 AIK certificate from the server. Privacy CA will not attempt to check that the EK is valid and will issue a certificate using its insecure key. This mode is suitable for testing but does not offer verifiers any reason to assume that the AIK is a valid TPM key. For the secure mode, the TPM must have come with an EK certificate from the manufacturer. At the time of writing, only Infineon TPMs come with such certificates. See the getcert program below for how to extract the EK certificate from the TPM's nonvolatile memory storage, and how to configure Trousers to use the EK certificate. Once this is set up, compile with: ``` gcc -DREALEK -o identity identity.c -lcurl -ltspi ``` This will create a version of the client software that sends the actual EK certificate to the Privacy CA server, and receives a level 1 secure AIK certificate back. This provides verifiers with assurance that the AIK is a valid TPM key and that signatures and Quote operations performed by the AIK represent the actual state of the TPM system. Run the program as: ``` ./identity [-p password] label outkeyblobfile outcertfile ``` Optionally specify "-p password" to create the new AIK using that password for authorization; otherwise it will be a no-auth key. label is a string of the user's choice which is placed into the issued AIK certificate. Two files are output. outkeyblobfile stores the resulting AIK in TCG key blob format. outcertfile holds the AIK certificate issued by Privacy CA. To use the Quote utilities below, the following OpenSSL command will create a file holding the AIK extracted from the certificate as an RSA public key file: ``` openssl x509 -in certfile -noout -pubkey > rsakeyfile ``` The resulting rsakeyfile holds the AIK public key and can be used to verify issued Quotes. ### EK Certificate Extractor getcert.c reads the Endorsement Key Certificate from the TPM, if present, and stores it in a file. Compile with: ``` gcc -o getcert getcert.c -ltspi ``` Run it as: ``` ./getcert certfilename ``` This will read the certificate from the TPM NV memory and output it to the specified file. Usually it will need TPM owner authentication to read the data. As written, the program uses the Trousers "popup" functionality to read the TPM owner auth, which assumes that the TPM owner password is specified in Unicode. It should be trivial to alter the program to specify the owner auth in the source code, or read it from a environment variable, if that is preferred. Once the EK certificate is successfully read, it would be a good idea to inspect the cert using a command like: ``` openssl x509 -text -inform DER -in certfilename ``` Note that OpenSSL slightly chokes on EK certificates because TCG specifies an unusual format for the key data, but for the most part this should output some readable data. To configure Trousers to use the EK certificate, edit its tcsd.conf file (usually in /usr/local/etc) and change the line reading: ``` endorsement_cred = ``` to: ``` endorsement_cred = certfilename ``` where certfilename is the permanent home of the EK cert file. A good location would be in /usr/local/etc alongside tcsd.conf. Setting up Trousers like this should allow the Privacy CA client software to communicate with the server in secure mode and receive AIK certificates which validate that an AIK is managed by a valid TPM. ### AIK Direct Proof Utilities aikutils.tgz is a package of files designed to allow systems to directly prove to one another that they possess valid AIKs, without the use of Privacy CA. This may be suitable for applications where client anonymity is not important (such as where systems know each others' IP addresses) and the use of an intermediary like Privacy CA is undesirable. It is hard to anticipate all the different use cases and security requirements which may be useful in implementing Trusted Computing. These tools represent one possible set of functions. Developers may wish to pursue different directions for their applications but these programs may offer a useful starting point. These utilities provide a challenge-and-response mechanism allowing a system to prove that it has a valid (TPM-controlled) AIK. First that system creates the AIK and a "proof" file which includes the AIK and the EK certificate. This may be published and made available to other systems which may wish to verify that the claimed AIK is TPM controlled. A system which wants to challenge that claim uses the proof file to encrypt some secret message. This encrypted message gets sent to the system with the AIK. That system runs a third program to decrypt the message, and returns the decrypted data to the challenger. The fact that the decryption was successful proves to the challenger that the AIK is controlled by a valid TPM. The programs assume that the system wishing to prove it has a valid AIK also has an EK certificate, and that there exists a certificate chain validating that EK certificate which terminates ultimately in a special root certification key. This root certification key is issued and controlled by Verisign, the widely used and trusted CA for much internet commerce. At present, Verisign has certified keys controlled by Infineon. Infineon uses these keys to issue the EK certificates in their TPMs. Hence these utilities are only useful with Infineon TPMs, at the time of writing. Before using the software, the system which will create the AIK must assemble the necessary collection of certificates for proving its validity. One of these is the EK certificate itself, which may be extracted using the getcert utility on this page. The other certificates must be found on the Infineon web site. Inspect the EK certificate using OpenSSL or similar tools, to determine the Issuer of that certificate. Then examine the certs available from Infineon and find one whose Subject name matches the Issuer of the EK cert. Continue this process recursively, looking for an Infineon cert whose Subject matches the Issuer of the previously found cert, until you find an Infineon certificate whose Issuer is Verisign. This is the certificate chain which will validate the EK certificate and ultimately therefore the AIK. Extract the files and then compile with: ``` gcc -o aikpublish aikpublish.c -ltspi gcc -o aikrespond aikrespond.c -ltspi gcc -o aikchallenge aikchallenge.c vcc_ossl.c -lcrypto ``` On the system which will create the AIK, run: ``` ./aikpublish [-p password] ekcertfile [certfiles ...] outprooffile outaikblobfile ``` This program generates a new AIK and associated data. The "-p password" is optional and if specified will use the specified password as the auth va