课程实验报告.docx

等中科技火穿课程实验报告课程名称：可信计算专业班级：学号：姓名：指导教师：代炜琦报告日期：2021.6.29网络空间安全学院1 .实验目的本实验的目的是让学生将从书本中学到的可信计算相关知识应用到实践中。在IinUX中使用tmpm模拟器，通过TSS软件栈调用相关硬件来完成远程证明、密钥迁移、密钥结构、数据密封等相关功能，了解TPM的安全性，学会调用TSS的各种接口来完成应用程序。2 .实验环境 SeedUbuntu12.041.TS32位的VMWare虚拟机（下载链接：） TPMEmulator Trousers3 .实验任务本实验的任务主要是根据参考文档利用所学的的知识，填补代码中缺失的部分，主要是UnSea1.file.c的编写。4 .实验过程5 .1.编译首先进行换源。备份Ubuntu源列表：sudocpetcaptetcapt.backup修改更新源：sudogeditetcapt换源的内容如下所示：debdebdebdebdebdeb-srcdeb-srcdeb-srcdeb-srcdeb-src更新源:sudoapt-getupdateQO(7>Terminalmake:* No rule to make target update'. Stop.6282O21 05:57 SeediJbUntu八Pe-emulators sudo apt-get updateCet:1I Get :2 I Get :3 IGet:4 I Get:5 I Get :6 I Get :7 I Get :8 I Get :9 I Get:Ie Get :11 Get :12 Get :13 Get:14 Get :15 Get :16 Get :17 Get :18 Get :19 Get :28 Get：21 Get :22http:/ I , ： t 1 > , I http: I , I preciseRelease.gpg 198 B precise-security Release.gpg 181 B precise-updates Release.gpg 198 B precise-proposed Release.gpg 181 B precise-backports Release.gpg 181 B precise Release 49.6 kB precise-security Release S5.5 kB rectse-udates Release 55.4 kB precise-proposed Release 55.5 kB I precise-backports Release 55.5 kB I prectse/natn Sources 934 kB I precise/restricted Sources 5,47 B I PreCISe/universe Sources 5,019 kB I PreCtSe/multiverse Sources 155 kB I prectse/natn t386 Packages 1,274 k8 I precise/restricted 1386 Packages 8,431 B I prectseuntverse 1386 Packages 4,796 kB I PreClSe/multiverse 1386 Packages 121 kB I prectse/natn Translattonlndex 3,76 B I prectsenultlverse Translattonlndex 2,676 B I precise/restricted TranslattonIndex 2,596 B I prectseutverse Translattonlndex 2,922 B然后解压并安装cmake：输入命令：tarxvzf . gzcd tpm-emuIatorsudo apt-get install libgmp-dev cmakeQGTerminal66/28/202105:57 SeRdJbUntU:-八pnemulators sudo apt-get install Itbgmp-dev C makeReading package lists. DoneBuilding dependency treeReading state tnforRatton. DoneThe following packages were dutonattcdlly installed and are no longer required: languagepackkdee language- pack > kde - e-base kde-ll-egbUse ,apt-get autorefove' to remove then.The following extra packages will be installed:Cnakddata ltbgRpxx4ldbl ItbxRlrpc-core-c3Suggested packages:ltbnpl-doc ItbRpfr-devThe following NEW packages wtll be Installed:CRake cnake-data IIbgnp-dev IAbg内pxx4ldbl ItbxRlrpc-corec36 upgraded, S newly installed, 6 to remove and S73 not upgraded.Need to get 5,7l kB of archives.After this operation, 15.2 MB of additional disk space VdIl be used.Do you want to continue Y? yGet:1 http:/trrors.hust.edu.cubutu prectse/natn ltbgmpx×4ldbl 1386 2:5.0.2 ÷dfsg2ubuntul 8,638 BGet:2 ubuntu precise-security/natn Itbxnlrpc-core-c3 1386 1.16.33-3.IubuntuS.2 179 k8Get:3 http:/ntoubuntu precise-updtesat cnake-data all 2.8 .7-ubuntu5 754 kB输入命令：./Terminal06/28/262105:58seedQubutu:*tpm-emulators./build.sh./build.sh:5:unexpectedoperator TheCCORptlerIdentificationisCNU CheckforworkingCcompiler:usrbtgcc CheckforworkingCconptler:usrbtngccworks DetectingCcompilerAltnfo -DetectingCcompilerA8Iinfo-done Configuringdone Generatingdone-Butldfileshavebeenwrittento:honeseedtpn-emulatorbutld2X4% 6% 8% IM 12× 14% 16% 18% 2®% 22% 24× 26%ButldtngC Building C Building C Building C Building C Building C Building C Building C Butldtng C Building C Butldtng C Building C BUUdtng CobjecttpRCMakeFtlestp.dlrtpn-testtng.oobjecttpR/CHakeFtles/tpm.dlr八PQMgratton.oobjecttpn/CMakeFiles/tpR.dir/tpn_authort.zation.oobjecttpRCMakeFilestpn.dtrtpn-credentobjecttpCMakeFilestpn.dtrtpn-audtt.o1.objecttpR/CHdkeFtles/tpn.dtr/tpn_delegatton.o:objecttpRCMakeFtlestn.dtrtpm-storage.oobjecttpCMdkeFtleS八pm.dtr八P1.MndIeso”objecttpR/CHdkeFtles/tpm.dtr/tpn_nanagcRent.oobjecttpCMakeFtlestpH.dlrtm-ownerobjecttpOUkeFtles八p<n.dtr/tpm_cRd_handler.objecttpR/CMakeFtles/tpn.dir/tpn_daa.oobjecttpfCMakeFtlestpp.dtrtQflUfipbtlttyiHfa输入命令:cdbuildsudomakeinstallsudodepmod-aTerminaliee%BUdtgCobjecttpRdunt×CMkeFtlestpnd.dtrtpRd.o1.inkingCexecutabletpndee%Builttargettnd06/28/262105:58SeedUbUntu>tpnemuIatorScdbutld66/28/202166:MSeedgubuntu:*/tp«-enuldtor/butl.d$sudomakeinstall(58%Butlttargettpm8%BuilttargetRtm96%Builttargettpn-crypto92%Builttargettddl94%Builttargettddl-static96%Builttargettest-tddl98%Builttargettpmd-dev(1O%BuilttargettpndInstalltheproject. Installconfiguration: -Installing:usrlocalltbltbtddl.so.l.2,e.7 Installing:/usr/local/ltb/ltbtddl.so.1.2 Installing:usrlocalltbltbtddl.so Installing:usrlocalltbltbtddl.a Installing:usrlocaltcludetddl.h Installing:usrlocalbtntpnd Removedruntimepathfoh"usr八OCal/bin八PMd"06/28/262166:66seed0ubuntu:-/tpn*enulator/butld$sudodepnod-a06/28/202106:01seedubuntu:*tpn-enulator/butld$安装tss软件栈：sudoapt-getinstalllibtspi-devtrousersGTerminal06/28/262106:01seed¢ubuntu:/tpm-emulator/butld$sudoapt-getinstallItbtspi-devtrousersReadingpackagelists.DoneBuildingdependencytreeReadingstateinformation.DoneThefollowingpackageswereautomaticallyinstalledandarenolongerrequired:language-pack-kde-elanguage-pack-kde-e-basekde-lie-egbUse'apt-getautorenove'toremovethem.ThefollowingextrapackagesWlllbeInstalled:Itbssl-devItbssl-docItbssll.ItbtsptlZlIbIgYeVThefollowingnewpackagesWlllbeinstalled:ItbSSI-devXtbssl-docIIbtSPtYeVItbtsptltrousersZllbIg-devThefollowingpackageswillbeupgraded:Itbssll.O1upgraded, 6 newly installed, to remove and 572 not upgraded.Need to get 4,618 kB of archives.After this operation, 8,786 kB of additional disk space Wlll be used. Do you want to continue Yn? yGet:1 l.l-4ubuntu5.39 1,12 kBGet :2 http:/ubuntu dfsg-3ubuntu4 162 kBGet:3 ubuntu .0.1-4ubuntu5.39 1,436 kBprecise-securttymatIAbSSl1.6.6 1386 precise/main Zltblg-dev 1386 1:1.2.3.4.precise-securitymatn libssl-dev 13864.2.初始化将源码在WirIdoWS下解压然后拷贝到虚拟机中，编译本次实验源码:输入命令：Cd/home/seed/trusted-computing-projectvO.3makecleanmake今GTerminal62822106:63seedubuntu:/tpn-enulator/but.ld$cdhozeSeed八rusted-conputtng-projectv6.362822106:33SeediJbUntiJ“/trusted-ComPUttng-PrOjeCtVe.3$62822106:33seed¢ubuntu:"/trustedcomputing-projectv.3$makecleanmakel:Enteringdirectory'honeseedtrusted-computing-projectv.3connon'rf*.onakel:1.eavingdirectoryhoeseedtrusted-computing-projectv.3/conmon'makel:Enteringdirectory'home/seeG八rusted-cOnPUttng-ProjeCtVe.3八ntt'r-f*.o././btn/create_ntg_keyTSP1.TPXjrakeOWnerSMPel*-create_mig_keyTsP1.TPM_TakeOwnershtpei*.bbg*.bb*.damakelj:1.eavingdirectory'honeseedtrusted-conputtng-projectv.3/tntt'nakel:Enteringdirectory,hoReseedtrusted-conputtng-projectve.3KeyHterarchy'rn-f*.o././btn/create_regtster_keyIoa1.key*-create_regtster_keyload-key*.bbg.bb*.damakel:1.eavingdirectory*hoeseedtrusted-conputing-projectv.3/KeyHi.erarchy'makel:Enteringdirectory"/hone/seed/trusted-computing-projectv0.3/KeyMi.gration,r-f*.o././bin/platforn_dstPlatfor1.SrC*-platforn_dstplatforn-src*.bbj*.bb*.da*.pub*.blobmakel:1.eavingdirectoryhomeseedtrusted-coRputtng-projectv6.3KeyMxgraticn,akel:Enteringdirectory'/hone/Seed八rusted-congttng-projectve.3/ReMoteAtte然后进行初始化操作：输入命令：sudomodprobetpmddevsudotpmd-f-dclearTerminal66/28/202106:36Seedgubuntu:trusted-computing-proJectve.3$sudoRodprobetpd-devsudopasswordforseed:62822166:37seedubuntu:*/trustedcomputingprojectv.3$sudotpRdfdcleartpmd.cz39:Info:startingTPMEmulatordaemon(1.2.6.7-475)tpnd.c:93:Info:parsingoptionstpnd.c:108:Debug:debugnodeenabledtpnd.c:145:Debug:startupROde='clear'tpnd.c198:Info:installingsignalhandlerstpnd.c295:Info:staringnatlooptpHd.c:265:Info:tntttaltztgsocketvarruntpRtpnd-socket:Otpmd.c:3ee：Debug:InitializingTPMemulatortpReRulatorextern.c:ll:Info:_tpn_extern_tntt()tpn-eRulator-exter.c:104:Debug:opeetgrandomdevicedevuradomtpn-CRd-handler.c:4113:Debug:tpn-enulatorltt(1,6×060)tpn_data.c:120:Info:ttttaltztngTPMdatatodefaultvaluestpn_startup.c:29:Info:TPM-Itt()tpnetesting.c:243:Info:TPMeSelfTestFullOtp-testlg.cz39:Debug:tp«_testeprng()tp-testig.c69:Debug:Monobtt:9909tpn_testtng.c:70:Debug:Poker:11.9tpn_tcstlng.c:71:Debug:run_l:2471,2526tpn_testtng.c:72:Debug:ru-2:124%1283/另外开启一个终端，运行:sudotcsd然后进入init目录：Cd/home/seed/trusted-computing-projectvO.3/init、二在仃：./Tspi_TPM_TakeOwnershipOl-v1.2、二-a足仃：./create_mig_key-v1.2(输入Pin)OCTerminal62822106:39SeedtJbUntU:sudotcsd(sudopasswordforseed:628262106:39SeedJbUntu:5cdhoneseedtrusted-computing-projectv.3/tnit62822166:46seedubuntu:'/trusted-computing-projectv6.3/tntt$./Tsp1.TPM_Take0wershtp61-v1.2<«test_start>»TestingTspt-TPM-TakewnershtplTESTSUITE_OWNER_SECRET：(null)TESTSUITJSRKSECRET:(null)1PASS:TSPtjrPMJrakeOWnerShtPelreturned(6)TSS_SUCCESSCleaningupTspi-TPM-TakeOwnershipl«<end_test»>62822166:40seed0ubutu:-/trusted-computingprojectv.3tttS./createJnIg_key-v1.2PleaseinputMtgratablekey'smigrationsecretEnterPIN:Verifying-VerifyPIN:success62822166:41seed0ubuntu:-/trusted-computing-projectvO.3/tntt$4.3.密钥层次(KeyHierarchy)进入KeyHierarChy目录：cdhomeseedtrusted-computing-projectvO.3/KeyHierarchy完善create_register_key.C中K4的代码。完善部分的代码如下所示:create-register-key.c×ptlUVlCOVCOIIVIUydU,RJ3UUUCA3CrU:lJ9/M,ntgratable.parentkeyisK3prtntf("CreateuserK4andregistertttodtsk.w);InttFldflSTSSeKEYeTYPEeBINDTSS.KEY_SIZE.2048TSSeKEYeVO1.ATI1.ETSSeKEYeAUTHORIZATIONTSSeKEYeMICRATAB1.E；result-Ry-cretelod-key(hCotcxttInttFlags9hKey3tfthey4fK4);if(resultf=TSSSUCCESS)prtnt.error(-create_key,result);Tspt-Cotext-FreeMenory(hCotext,NU1.1.);Tspt-Cotext-Close(hContext);extt(result);)resultTspi-Context-RegisterKey(hCotextthKey4,TSSePSeTYPEeSYSTEM,UUIDK4rTSSPSTYPESYSTEM,UUID.K3)；tf(resultI=TSS.SUCCESS)PrInjerrOr("Tsp1.COnteXJRegtSterKey”,result);Tspt-,Context-FreeMenory(hContext,nu1.1.);TsptContext-Close(hContext);extt(result);)prtntf(CreateandregisterK4successed!*);/Unloadkeys,payattentiontotheorder,childkeymustunloadfirst、二在仃：make./createregisterkey-v1.2Q户Terminalverifying-VerifyPIN:CreateandregisterK2successed!CreateUserK3andregistertttodisk.InputK3'sUsagePlnEnterPIN:Verifying-VerifyPIN:MMgratableK3'sMigrationPinEnterpin：Verifying-VerifyPIN:CreateandregisterK3successed!CreateUserK4andregisterittodisk.InputK4,sUsagePinEnterpin：Verifying-VerifyPIN:AAmigratableK4'sMigrationPtnEnterPIN:Verifying-verifyPIN:CreateandregisterK4successed!1PASS:CreateKEYreturned(6)TSS.SUCCESSCleaningupCreateKEY<«end_test»>62822107:18seedubutu:-/trustedcoRputtgprojectve.3KeyHterarchy5参考KkK2、K3的加载过程，以及TSS文档，完善load_key.c中加载K4的代码。完善部分的代码如下所示：/loadk4prttf(,1.odtgK4.n");result=TSP1.ConteXjGetKeyByUUID(hcotext,TSS_PS_TYPE_SYSTEM,UUIDJ<4,fthey4);if(result!=TSS_SUCCESS)prtnt_error("T$pt_Context_1.oadKeyByUUIO",result);prtnt_error_extt(naneOfFunctton,err-strtng(result);Tspt_Context_FreeHenory(hContext,NU1.1.);Tspi_Context_Close(hContext);extt(result);)运行：make./load_key-v1.2一TerminalI_UserKKStoragekey,unntgratable)II_USerK2(Signingkey.unntgratable)II_UserK3(Storagekey,Mgratable)I_UserK4(Btndkey,migratable)1.oadSRKsucessed!1.oadingKl.1.oadUserKlsucessed!1.oadingK2.InputKi'spinEnterPIN:1.oadUserK2sucessed!1.oadingK3.1.oadUserK3sucessed!1.oadingK4.InputK3,spinEnterPIN:1.oadUserK4sucessed!1PASS:1.oadKEYreturned(6)TSS.SUCCESSCleaningup1.oadKEY<<<edtest>>>66/28/2021©7:22seed©UbUntU:八rustedcoRputtngProjeCtVe.3/KeyHterarchyS4.4.秘钥迁移Seal、Unseal和extend进入SCaIUnSCal目录：cd/home/SeeC!/trusted-COmPUting-PrOjeCtv.3/SealUnseal完成unseal_file.c文件，完成后在trusted-ConIPUting-ProjCCtv.3文件夹中Hiake0运行：./seal-V1.2(成功)SAael"* & 即 g*lK “ns 7cs 192X 88fg gM4csw g W “打分” “19”“2b"sye29«»4“2b“” “ ” e446x7c7"127M>7"1417Z 92c" 0tas9""8"l"""2d79"""M>c” Mel)c*Mt>>yls6x"AM*gcss2 3t7:M”“e26a“r$”“”6 86>d)nMlMr2bc“ 2 8 e的 2<s4e8 ” Kfsxc2sfl6h 触bbf2 I JCSMM3e 8y"8"xexxfl24cb“bMMis923f Md”17r5e,cl”&”x21esM” “I"X=lfM"s<“二不 822c6syi3sx7b“x"gxe2"”“fc”./unseal-v1.2(成功)./extend-v1.2（成功）./unseal-v1.2（失败）./seal_filetest,c（查看文件的内容）66/28/262107:36seedeubuntu:*/trusted-computing-projectv6.37SealUnsealS./seal_filetestctest.eInputKl,sPtnEnterPIN:.unseal-file（查看文件的内容）6222107:37seed¢ubuntu:-/trusted-conputingprojectv.3/SealUnseal$.unseal-ftletest.entest.deinputKl,sPinEnterPIN:UnsealedData:62822107:37SeedUbUntu:"trusted-computing-projectvO.3/SealUnseal$./extend-v1.262822107:37seed0ubutu:/trusted-computing-projectv0.3/SealUnseal$./extend-v1.2UlPcrVaI1.en:20Success628221©7:38seedubuntu:/trusted-computing-projectv0.3/SealUnseal$./unsealfile（失败）*t* G） 738AM 1 Seed OOOOOOO6O6O6000006066600606000000600660OOO6O6OO 00606000660066066000606606000O6OOO 06606060660000660000e06000 0e0e0o00e660eeee00o60oe000oe0e0o0e8e000e06eee0oeo0o9oooo0eeoeeoeM6o8eeeooeooo6oeooo<l):-/8oe8M898e88eoo8eoee0M6oMo6e8eo8npentu 8Mo888e8M088Mee8MeeM8ae8zeo8e88duubu 8Meoe8e88M88Me888e9e8eeoe8eeee8eeMOeM 8ee88eee8e888688ee0e8e0e806e8068 8(cse 8Me880e0e8ee8oeeee0eee0eee8o0eeee6e8ult38 8ee8oeo8ee8Meee66e8ee8Meegeee8fae7: oeegMeoeeegoeee8eooe6eee6ee04eeeto21 oee8eeeeeoM6egeeoeeooeee8eo8ntat82 eeooooeooogoeeoeonen28 oooooooo6ooooeoo660ooseg<>4.5.秘钥迁移(KeyMigration)进入KeyM