crocs-muni / tpm2-algtest Goto Github PK

5.0 9.0 8.0 309 KB

A tool for testing and measuring TPM 2.0 crypto functionality.

License: BSD 2-Clause "Simplified" License

CMake 0.29% C 94.34% Python 5.37%

tpm2-algtest's Introduction

TPM2-AlgTest

It has been found out that implementation specifics of cryptographic smart cards can lead to serious vulnerabilities [1]. Since TPM chips are often manufactured by the same vendors, we have decided to create a tool that would help with collection of data from various TPMs that could be used for further analysis and discovery of similar bugs.

This project uses sources from the tpm2-tools project.

Running the tool

Install tpm2-tools (version 5.0 or newer), tss2-lib, openssl, dmidecode:

# On Debian-based distros
sudo apt-get install tpm2-tools libtss2-dev openssl dmidecode

Build tpm2-algtest tool:

git clone https://github.com/crocs-muni/tpm2-algtest.git
mkdir build
cd build
cmake .. && make
cd ..

Install requirements (and optionally use venv):

python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Run collect.py with root privileges:

sudo python collect.py all

Important: Please DO NOT suspend or hibernate the computer while running the algtest, it will affect the results! Locking the screen is ok.

Troubleshooting

Only one process can access /dev/tpm0 directly at the same time. Some distributions (e.g. Fedora) use daemon tpm2-abrmd as a resource manager which already takes control of the device. In order to run this script you have to temporarily stop this daemon:

sudo systemctl stop tpm2-abrmd

When the script finishes, you can start it again:

sudo systemctl start tpm2-abrmd

tpm2-algtest's People

Contributors

Stargazers

Watchers

Forkers

petrs danzatt dufkan mbroz jamie-pate xinl0 quapka

tpm2-algtest's Issues

Be more explicit in the README about the root privileges requirements

When the overall testing is invoked

$ python run_algtest.py all

it requires root privileges (asks for them twice, I think). The first prompt for root password is at the start of the execution, so the tester is likely able to spot that and fill it in. However, the second prompt is later and it is easy to not fill that in, which leads to incomplete results.

I can see two options: be more explicit about the need to babysit the execution and fill in the root password (and specify how many times it will be) or suggest running as sudo (the user is running it at some point as sudo anyway).

Add time limit for testing.

Add option to limit the number of measurements, so that the total time doesn't exceed the limit. May be useful for TPMs, where RSA key generation takes ages.

Create HMAC key reports error 0x143 command code not supported on IFX SLB9665 device

Hi, thank you for creating such a fantastic tool for testing TPM device.

I am working with a IFX SLB9665 device with the following configuration

Manufacturer; IFX              
Vendor string; SLB9665
Firmware version; 5.51.8.12800 
Image tag; v1.0

The version of the tpm2_tools is 4.1.11. When I tried to create a hmac key I got an error 0x143 command code not supported`

sudo tpm2_create -C primary.context -G hmac -c hmac.ctx
WARNING:esys:src/tss2-esys/api/Esys_CreateLoaded.c:359:Esys_CreateLoaded_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_CreateLoaded.c:129:Esys_CreateLoaded() Esys Finish ErrorCode (0x00000143) 
ERROR: Esys_CreateLoaded(0x143) - tpm:error(2.0): command code not supported
ERROR: Unable to run tpm2_create

However, running the fulltest with your tool on the same hardware device seems to suggest the test script was able to generate hmac keys and perform hmac operations.
Key Generation Test Results:

INFO: Keygen 98: ECC | curve 0010 | duration 0.070933 | rc 02d2
INFO: Keygen 99: ECC | curve 0010 | duration 0.071316 | rc 02d2
INFO: Keygen 0: KEYEDHASH | duration 0.311190 | rc 0000
INFO: Keygen 1: KEYEDHASH | duration 0.311385 | rc 0000
INFO: Keygen 2: KEYEDHASH | duration 0.311062 | rc 0000
INFO: Keygen 3: KEYEDHASH | duration 0.311757 | rc 0000
INFO: Keygen 4: KEYEDHASH | duration 0.311538 | rc 0000
INFO: Keygen 5: KEYEDHASH | duration 0.311678 | rc 0000
INFO: Keygen 6: KEYEDHASH | duration 0.311620 | rc 0000
INFO: Keygen 7: KEYEDHASH | duration 0.311575 | rc 0000

HMAC Operation Test Results:

INFO: Perf hmac: Generating HMAC key...
INFO: Perf hmac 0: duration 0.076540 | rc 0000
INFO: Perf hmac 1: duration 0.074450 | rc 0000
INFO: Perf hmac 2: duration 0.073944 | rc 0000
INFO: Perf hmac 3: duration 0.074380 | rc 0000

Questions

Could you please shed some light on how the test script is creating the hmac?
Does it use the tpm2_tools such as tpm2_create to create the hmac? If so, which version of the tpm2_tools is used?

Thank you. Much appreciated.

crocs-muni / tpm2-algtest Goto Github PK

tpm2-algtest's Introduction

TPM2-AlgTest

Running the tool

Troubleshooting

tpm2-algtest's People

Contributors

Stargazers

Watchers

Forkers

tpm2-algtest's Issues

Be more explicit in the README about the root privileges requirements

Add time limit for testing.

Create HMAC key reports error 0x143 command code not supported on IFX SLB9665 device

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent