Re: [TrouSerS-users] tpm-tools hex and env-var options

[Richard]

Jonathan,

xxd has the -r switch, which does exactly what you described. I suggest 
you take a look at it and see if it fits your needs.

Em 11-02-2014 22:26, Buhacoff, Jonathan escreveu:

Richard,

Thanks for the quick reply!

The -x option is the opposite of hexdump/xxd, it decodes the hex input 
and uses the decoded bytes as the password.

I'll submit the patches separately as you suggested and I will look at 
surrounding the -o and -s with an ifdef and adding a corresponding 
switch to the configure script to enable it.

Jonathan

*From:*Richard [mailto:rmac...@linux.vnet.ibm.com]
*Sent:* Tuesday, February 11, 2014 10:16 AM
*To:* trousers-users@lists.sourceforge.net
*Subject:* Re: [TrouSerS-users] tpm-tools hex and env-var options

Jonathan,

O like the idea of fetching the password from an environment variable. 
To me it looks safer than the one through command-line, which I would 
only add if there was a really good reason for (since it gets stored 
in history database - under Linux -  and all). Note I didn't have 
enough time to think about the attack surface it opens, though.

The -x looks interesting. However, couldn't that be made by using a 
shell command tool, like hexdump and xxd?

Now I'm really opposed against putting passwords in the command line, 
specially for something as sensitive as the owner password. Maybe if 
we could put a configure switch to disable it and let it on by default...

Anyway, feel free to submit patches. Just make sure you send different 
patchsets for different features.

And thank you in advance for helping,

Richard

Em 11-02-2014 07:27, Buhacoff, Jonathan escreveu:

    Hi,

    In my project which scripts some uses of tpm-tools, I found it
    useful to add a couple of options to tpm_takeownership,
    tpm_nvdefine, tpm_nvread, tpm_nvwrite, and tpm_nvrelease:

    -x   to interpret the passwords on the command line as hex
    representations and hex-decode the passwords before using

    -t  to interpret the password arguments on the command line as
    environment variable names and read the passwords from those variables

    They can be used together to interpret a hex password from an
    environment variable.

    Also for tpm_takeownership I added two options to allow setting
    the password non-interactively:

    -o   sets the owner password

    -s   sets the SRK password

    For example, if you run tpm_takeownership it looks like this:

    # tpm_takeownership

    Enter owner password:

    Confirm password:

    Enter SRK password:

    Confirm password:

    But with the options it can look like this:

    # export TPM_PASSWORD=ffffffffffffffffffffffffffffffffffffffff

    # tpm_takeownership -x -t -oTPM_PASSWORD -z

    Which doesn't prompt, doesn't expose the password on the process
    list, and allows you to use any arbitrary 20-byte sequence as the
    password.

    So I would like to submit a patch for this.

    Is it ok to just create a feature request ticket and attach my
    patch to it for the 5 tools I mentioned?

    If it's accepted I can add the --x and --t options to other
    commands and submit those as well.

    Jonathan




    
------------------------------------------------------------------------------

    Android apps run on BlackBerry 10

    Introducing the new BlackBerry 10.2.1 Runtime for Android apps.

    Now with support for Jelly Bean, Bluetooth, Mapview and more.

    Get your Android app in front of a whole new audience.  Start now.

    http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk




    _______________________________________________

    TrouSerS-users mailing list

    TrouSerS-users@lists.sourceforge.net  
<mailto:TrouSerS-users@lists.sourceforge.net>

    https://lists.sourceforge.net/lists/listinfo/trousers-users



------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk


_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users