git: 01e03aed2f7d - main - security/tpm-quote-tools: Add new port

From: Mateusz Piotrowski <0mp_at_FreeBSD.org>
Date: Fri, 04 Nov 2022 11:05:22 UTC 
The branch main has been updated by 0mp:

URL: https://cgit.FreeBSD.org/ports/commit/?id=01e03aed2f7d021e57c72563c9113249b6ed6456

commit 01e03aed2f7d021e57c72563c9113249b6ed6456
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2022-11-03 13:26:29 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2022-11-04 11:05:08 +0000

    security/tpm-quote-tools: Add new port
    
    The TPM Quote Tools is a collection of programs that provide support
    for TPM based attestation using the TPM quote mechanism. The manual
    page for tpm_quote_tools provides a usage overview. The manangement
    tools are only used to take ownership of a TPM.
    
    The additional patches[1] in files/ come from AUR and were authored by
    Michael Niewöhner. The patches were incomplete according to grawity[2].
    I've incorporated grawity's feedback into our patches so that the -y
    flag is recognized by a call to getopt().
    
    [1]: https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools
    [2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239
    
    Sponsored by:   Klara, Inc.
---
 security/Makefile                                 |  1 +
 security/tpm-quote-tools/Makefile                 | 19 +++++++++
 security/tpm-quote-tools/distinfo                 |  5 +++
 security/tpm-quote-tools/files/patch-tpm__mkaik.8 | 24 +++++++++++
 security/tpm-quote-tools/files/patch-tpm__mkaik.c | 51 +++++++++++++++++++++++
 security/tpm-quote-tools/pkg-descr                |  5 +++
 security/tpm-quote-tools/pkg-plist                | 17 ++++++++
 7 files changed, 122 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index 581657e300b3..0ffcd131c72d 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1253,6 +1253,7 @@
     SUBDIR += tor
     SUBDIR += tor-devel
     SUBDIR += totp-cli
+    SUBDIR += tpm-quote-tools
     SUBDIR += tpm-tools
     SUBDIR += tpm2-abrmd
     SUBDIR += tpm2-tools
diff --git a/security/tpm-quote-tools/Makefile b/security/tpm-quote-tools/Makefile
new file mode 100644
index 000000000000..3abb52ca7958
--- /dev/null
+++ b/security/tpm-quote-tools/Makefile
@@ -0,0 +1,19 @@
+PORTNAME=	tpm-quote-tools
+DISTVERSION=	1.0.4
+CATEGORIES=	security
+MASTER_SITES=	SF/tpmquotetools/${PORTVERSION}
+
+MAINTAINER=	0mp@FreeBSD.org
+COMMENT=	Tools for TPM-based remote attestation using the TPM quote operation
+WWW=		https://sourceforge.net/projects/tpmquotetools/
+
+LICENSE=	BSD3CLAUSE
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libtspi.so:security/trousers
+
+USES=		iconv localbase:ldflags ssl
+
+GNU_CONFIGURE=	YES
+
+.include <bsd.port.mk>
diff --git a/security/tpm-quote-tools/distinfo b/security/tpm-quote-tools/distinfo
new file mode 100644
index 000000000000..d9ff6303af99
--- /dev/null
+++ b/security/tpm-quote-tools/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1667481591
+SHA256 (tpm-quote-tools-1.0.4.tar.gz) = 10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2
+SIZE (tpm-quote-tools-1.0.4.tar.gz) = 188806
+SHA256 (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 32f814b8d22c409d3543c34e4199f21152a30f3410162ef6c91f6a713641f19d
+SIZE (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 2803
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.8 b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
new file mode 100644
index 000000000000..15f0683bd61d
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.8
@@ -0,0 +1,24 @@
+--- tpm_mkaik.8.orig	2017-01-18 17:10:09 UTC
++++ tpm_mkaik.8
+@@ -3,7 +3,7 @@ tpm_mkaik \- make a TPM Attestation Identity Key
+ tpm_mkaik \- make a TPM Attestation Identity Key
+ .SH SYNOPSIS
+ .B tpm_mkaik
+-.RB [ \-zuhv ]
++.RB [ \-yzuhv ]
+ .RI BLOB-FILE
+ .RI PUBKEY-FILE
+ .br
+@@ -16,8 +16,11 @@ The public key is DER encoded.
+ .RI PUBKEY-FILE.
+ The public key is DER encoded.
+ .TP
+-.RB \-z
++.RB \-y
+ Use the well known secret used as the owner secret.
++.TP
++.RB \-z
++Use the well known secret used as the SRK secret.
+ .TP
+ .RB \-u
+ Use TSS UNICODE encoding for passwords.
diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.c b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
new file mode 100644
index 000000000000..2da26581ec93
--- /dev/null
+++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.c
@@ -0,0 +1,51 @@
+--- tpm_mkaik.c.orig	2017-05-26 13:25:17 UTC
++++ tpm_mkaik.c
+@@ -102,7 +102,8 @@ static int usage(const char *prog)
+   const char text[] =
+     "Usage: %s [options] blob pubkey\n"
+     "Options:\n"
+-    "\t-z   Use well known secret used as owner secret\n"
++    "\t-y   Use well known secret used as owner secret\n"
++    "\t-z   Use well known secret used as SRK secret\n"
+     "\t-u   Use TSS UNICODE encoding for passwords\n"
+     "\t-h   Display command usage info\n"
+     "\t-v   Display command version info\n"
+@@ -115,13 +116,17 @@ int main (int argc, char **argv)
+ 
+ int main (int argc, char **argv)
+ {
+-  int well_known = 0;
++  int well_known_srk = 0;
++  int well_known_owner = 0;
+   int utf16le = 0;
+   int opt;
+-  while ((opt = getopt(argc, argv, "zuhv")) != -1) {
++  while ((opt = getopt(argc, argv, "yzuhv")) != -1) {
+     switch (opt) {
++    case 'y':
++      well_known_owner = 1;
++      break;
+     case 'z':
+-      well_known = 1;
++      well_known_srk = 1;
+       break;
+     case 'u':
+       utf16le = 1;
+@@ -173,7 +178,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "getting SRK policy"));
+ 
+-  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le);
++  rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known_srk, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting SRK secret"));
+ 
+@@ -193,7 +198,7 @@ int main (int argc, char **argv)
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "assigning TPM policy"));
+ 
+-  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le);
++  rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known_owner, utf16le);
+   if (rc != TSS_SUCCESS)
+     return tidy(hContext, tss_err(rc, "setting TPM policy secret"));
+ 
diff --git a/security/tpm-quote-tools/pkg-descr b/security/tpm-quote-tools/pkg-descr
new file mode 100644
index 000000000000..affeb9e0e71e
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-descr
@@ -0,0 +1,5 @@
+The TPM Quote Tools is a collection of programs that provide support
+for TPM based attestation using the TPM quote mechanism.  The manual
+page for tpm_quote_tools provides a usage overview.
+
+The management tools are only used to take ownership of a TPM.
diff --git a/security/tpm-quote-tools/pkg-plist b/security/tpm-quote-tools/pkg-plist
new file mode 100644
index 000000000000..4243caa18d84
--- /dev/null
+++ b/security/tpm-quote-tools/pkg-plist
@@ -0,0 +1,17 @@
+bin/tpm_getpcrhash
+bin/tpm_getquote
+bin/tpm_loadkey
+bin/tpm_mkaik
+bin/tpm_mkuuid
+bin/tpm_unloadkey
+bin/tpm_updatepcrhash
+bin/tpm_verifyquote
+man/man8/tpm_getpcrhash.8.gz
+man/man8/tpm_getquote.8.gz
+man/man8/tpm_loadkey.8.gz
+man/man8/tpm_mkaik.8.gz
+man/man8/tpm_mkuuid.8.gz
+man/man8/tpm_quote_tools.8.gz
+man/man8/tpm_unloadkey.8.gz
+man/man8/tpm_updatepcrhash.8.gz
+man/man8/tpm_verifyquote.8.gz