[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-60-g895aadf
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-60-g895aadf |
|
Date: |
Fri, 20 Jul 2012 20:22:06 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=895aadfdb883572590189950f8aae25bf590724d
The branch, master has been updated
via 895aadfdb883572590189950f8aae25bf590724d (commit)
via 7ab33db4a5eca6fbef551ef56516caa6900851c4 (commit)
from 9ec660655aa8ff5b311489082c8482c85895f879 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 895aadfdb883572590189950f8aae25bf590724d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jul 20 22:21:33 2012 +0200
Added tpmtool manpage.
commit 7ab33db4a5eca6fbef551ef56516caa6900851c4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jul 20 22:17:23 2012 +0200
updated TPM doc
-----------------------------------------------------------------------
Summary of changes:
doc/manpages/Makefile.am | 7 ++-
doc/manpages/tpmtool.1 | 182 ++++++++++++++++++++++++++++++++++++++++++++++
src/tpmtool-args.c | 90 +++++++++++-----------
src/tpmtool-args.def | 44 ++++++++---
src/tpmtool-args.h | 14 ++--
5 files changed, 272 insertions(+), 65 deletions(-)
create mode 100644 doc/manpages/tpmtool.1
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 694bb4d..b025eae 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1 gnutls-serv.1 \
- certtool.1 psktool.1 p11tool.1 ocsptool.1
+ certtool.1 psktool.1 p11tool.1 ocsptool.1 tpmtool.1
if ENABLE_SRP
dist_man_MANS += srptool.1
@@ -67,6 +67,11 @@ p11tool.1: ../../src/p11tool-args.def
autogen -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \
rm -f "$<".tmp
+tpmtool.1: ../../src/tpmtool-args.def
+ -sed 's/@subheading \(.*\)/@address@hidden@*/' $< > "$<".tmp && \
+ autogen -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \
+ rm -f "$<".tmp
+
psktool.1: ../../src/psk-args.def
-sed 's/@subheading \(.*\)/@address@hidden@*/' $< > "$<".tmp && \
autogen -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \
diff --git a/doc/manpages/tpmtool.1 b/doc/manpages/tpmtool.1
new file mode 100644
index 0000000..771b72f
--- /dev/null
+++ b/doc/manpages/tpmtool.1
@@ -0,0 +1,182 @@
+.TH tpmtool 1 "20 Jul 2012" "@VERSION@" "User Commands"
+.\"
+.\" DO NOT EDIT THIS FILE (tpmtool-args.man)
+.\"
+.\" It has been AutoGen-ed July 20, 2012 at 10:20:00 PM by AutoGen 5.16
+.\" From the definitions ../../src/tpmtool-args.def.tmp
+.\" and the template file agman-cmd.tpl
+.\"
+.SH NAME
+tpmtool \- GnuTLS TPM tool
+.SH SYNOPSIS
+.B tpmtool
+.\" Mixture of short (flag) options and long options
+.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=|
]\fIvalue\fP]]..."
+.PP
+All arguments must be options.
+.PP
+.SH "DESCRIPTION"
+Program that allows handling cryptographic data from the TPM chip.
+.SH "OPTIONS"
+.TP
+.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
+Enable debugging..
+This option takes an integer number as its argument.
+The value of \fInumber\fP is constrained to being:
+.in +4
+.nf
+.na
+in the range 0 through 9999
+.fi
+.in -4
+.sp
+Specifies the debug level.
+.TP
+.BR \-\-infile "=\fIfile\fP"
+Input file.
+.sp
+.TP
+.BR \-\-outfile "=\fIstring\fP"
+Output file.
+.sp
+.TP
+.BR \-\-generate\-rsa
+Generate an RSA private-public key pair.
+.sp
+Generates an RSA private-public key pair in the TPM chip.
+The key may be stored in filesystem and protected by a PIN, or stored
(registered)
+in the TPM chip flash.
+.TP
+.BR \-\-register
+Any generated key will be registered in the TPM.
+This option must appear in combination with the following options:
+generate-rsa.
+.sp
+.TP
+.BR \-\-signing
+Any generated key will be a signing key.
+This option must appear in combination with the following options:
+generate-rsa.
+This option must not appear in combination with any of the following options:
+legacy.
+.sp
+.TP
+.BR \-\-legacy
+Any generated key will be a legacy key.
+This option must appear in combination with the following options:
+generate-rsa.
+This option must not appear in combination with any of the following options:
+signing.
+.sp
+.TP
+.BR \-\-user
+Any registered key will be a user key.
+This option must appear in combination with the following options:
+register.
+This option must not appear in combination with any of the following options:
+system.
+.sp
+The generated key will be stored in a user specific persistent storage.
+.TP
+.BR \-\-system
+Any registred key will be a system key.
+This option must appear in combination with the following options:
+register.
+This option must not appear in combination with any of the following options:
+user.
+.sp
+The generated key will be stored in system persistent storage.
+.TP
+.BR \-\-pubkey "=\fIurl\fP"
+Prints the public key of the provided key.
+.sp
+.TP
+.BR \-\-list
+Lists all stored keys in the TPM.
+.sp
+.TP
+.BR \-\-delete "=\fIurl\fP"
+Delete the key identified by the given URL (UUID)..
+.sp
+.TP
+.BR \-\-sec\-param "=\fIsecurity parameter\fP"
+Specify the security level [low, legacy, normal, high, ultra]..
+.sp
+This is alternative to the bits option.
+.TP
+.BR \-\-bits "=\fInumber\fP"
+Specify the number of bits for key generate.
+This option takes an integer number as its argument.
+.sp
+.TP
+.BR \-h , " \-\-help"
+Display usage information and exit.
+.TP
+.BR \-! , " \-\-more-help"
+Pass the extended usage information through a pager.
+.TP
+.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH EXAMPLES
+To generate a key that is to be stored in filesystem use:
+.br
+.in +4
+.nf
+$ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-outfile tpmkey.pem
+.in -4
+.fi
+.sp
+To generate a key that is to be stored in TPM's flash use:
+.br
+.in +4
+.nf
+$ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-register \-\-user
+.in -4
+.fi
+.sp
+To get the public key of a TPM key use:
+.br
+.in +4
+.nf
+$ tpmtool \-\-pubkey
tpmkey:uuid=58ad734b\-bde6\-45c7\-89d8\-756a55ad1891;storage=user \
+ \-\-outfile pubkey.pem
+.in -4
+.fi
+.sp
+or if the key is stored in the filesystem:
+.br
+.in +4
+.nf
+$ tpmtool \-\-pubkey tpmkey:file=tmpkey.pem \-\-outfile pubkey.pem
+.in -4
+.fi
+.sp
+To list all keys stored in TPM use:
+.br
+.in +4
+.nf
+$ tpmtool \-\-list
+.in -4
+.fi
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.SH "SEE ALSO"
+ p11tool (1), certtool (1)
+.SH "AUTHORS"
+Nikos Mavrogiannopoulos, Simon Josefsson and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.
+.SH "COPYRIGHT"
+Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
+This program is released under the terms of the GNU General Public License,
version 3 or later.
+.SH "BUGS"
+Please send bug reports to: address@hidden
+.SH "NOTES"
+This manual page was \fIAutoGen\fP-erated from the \fBtpmtool\fP
+option definitions.
diff --git a/src/tpmtool-args.c b/src/tpmtool-args.c
index a2474b1..cc50de3 100644
--- a/src/tpmtool-args.c
+++ b/src/tpmtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.c)
*
- * It has been AutoGen-ed July 14, 2012 at 10:40:19 AM by AutoGen 5.16
+ * It has been AutoGen-ed July 20, 2012 at 10:21:17 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -102,15 +102,15 @@ static char const tpmtool_opt_strs[2031] =
/* 1096 */ "Any generated key will be a signing key\0"
/* 1136 */ "SIGNING\0"
/* 1144 */ "signing\0"
-/* 1152 */ "Any registered key will be a user key\0"
-/* 1190 */ "USER\0"
-/* 1195 */ "user\0"
-/* 1200 */ "Any registred key will be a system key\0"
-/* 1239 */ "SYSTEM\0"
-/* 1246 */ "system\0"
-/* 1253 */ "Any generated key will be a legacy key\0"
-/* 1292 */ "LEGACY\0"
-/* 1299 */ "legacy\0"
+/* 1152 */ "Any generated key will be a legacy key\0"
+/* 1191 */ "LEGACY\0"
+/* 1198 */ "legacy\0"
+/* 1205 */ "Any registered key will be a user key\0"
+/* 1243 */ "USER\0"
+/* 1248 */ "user\0"
+/* 1253 */ "Any registred key will be a system key\0"
+/* 1292 */ "SYSTEM\0"
+/* 1299 */ "system\0"
/* 1306 */ "Prints the public key of the provided key\0"
/* 1348 */ "PUBKEY\0"
/* 1355 */ "pubkey\0"
@@ -203,12 +203,25 @@ static int const aSigningCantList[] = {
#define SIGNING_FLAGS (OPTST_DISABLED)
/*
+ * legacy option description with
+ * "Must also have options" and "Incompatible options":
+ */
+#define LEGACY_DESC (tpmtool_opt_strs+1152)
+#define LEGACY_NAME (tpmtool_opt_strs+1191)
+#define LEGACY_name (tpmtool_opt_strs+1198)
+static int const aLegacyMustList[] = {
+ INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
+static int const aLegacyCantList[] = {
+ INDEX_OPT_SIGNING, NO_EQUIVALENT };
+#define LEGACY_FLAGS (OPTST_DISABLED)
+
+/*
* user option description with
* "Must also have options" and "Incompatible options":
*/
-#define USER_DESC (tpmtool_opt_strs+1152)
-#define USER_NAME (tpmtool_opt_strs+1190)
-#define USER_name (tpmtool_opt_strs+1195)
+#define USER_DESC (tpmtool_opt_strs+1205)
+#define USER_NAME (tpmtool_opt_strs+1243)
+#define USER_name (tpmtool_opt_strs+1248)
static int const aUserMustList[] = {
INDEX_OPT_REGISTER, NO_EQUIVALENT };
static int const aUserCantList[] = {
@@ -219,9 +232,9 @@ static int const aUserCantList[] = {
* system option description with
* "Must also have options" and "Incompatible options":
*/
-#define SYSTEM_DESC (tpmtool_opt_strs+1200)
-#define SYSTEM_NAME (tpmtool_opt_strs+1239)
-#define SYSTEM_name (tpmtool_opt_strs+1246)
+#define SYSTEM_DESC (tpmtool_opt_strs+1253)
+#define SYSTEM_NAME (tpmtool_opt_strs+1292)
+#define SYSTEM_name (tpmtool_opt_strs+1299)
static int const aSystemMustList[] = {
INDEX_OPT_REGISTER, NO_EQUIVALENT };
static int const aSystemCantList[] = {
@@ -229,19 +242,6 @@ static int const aSystemCantList[] = {
#define SYSTEM_FLAGS (OPTST_DISABLED)
/*
- * legacy option description with
- * "Must also have options" and "Incompatible options":
- */
-#define LEGACY_DESC (tpmtool_opt_strs+1253)
-#define LEGACY_NAME (tpmtool_opt_strs+1292)
-#define LEGACY_name (tpmtool_opt_strs+1299)
-static int const aLegacyMustList[] = {
- INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
-static int const aLegacyCantList[] = {
- INDEX_OPT_SIGNING, NO_EQUIVALENT };
-#define LEGACY_FLAGS (OPTST_DISABLED)
-
-/*
* pubkey option description:
*/
#define PUBKEY_DESC (tpmtool_opt_strs+1306)
@@ -398,8 +398,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SIGNING_DESC, SIGNING_NAME, SIGNING_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_USER,
- /* equiv idx, value */ 6, VALUE_OPT_USER,
+ { /* entry idx, value */ 6, VALUE_OPT_LEGACY,
+ /* equiv idx, value */ 6, VALUE_OPT_LEGACY,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ LEGACY_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --legacy */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aLegacyMustList, aLegacyCantList,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ LEGACY_DESC, LEGACY_NAME, LEGACY_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 7, VALUE_OPT_USER,
+ /* equiv idx, value */ 7, VALUE_OPT_USER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ USER_FLAGS, 0,
@@ -410,8 +422,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ USER_DESC, USER_NAME, USER_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_SYSTEM,
- /* equiv idx, value */ 7, VALUE_OPT_SYSTEM,
+ { /* entry idx, value */ 8, VALUE_OPT_SYSTEM,
+ /* equiv idx, value */ 8, VALUE_OPT_SYSTEM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SYSTEM_FLAGS, 0,
@@ -422,18 +434,6 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SYSTEM_DESC, SYSTEM_NAME, SYSTEM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 8, VALUE_OPT_LEGACY,
- /* equiv idx, value */ 8, VALUE_OPT_LEGACY,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ LEGACY_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --legacy */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ aLegacyMustList, aLegacyCantList,
- /* option proc */ NULL,
- /* desc, NAME, name */ LEGACY_DESC, LEGACY_NAME, LEGACY_name,
- /* disablement strs */ NULL, NULL },
-
{ /* entry idx, value */ 9, VALUE_OPT_PUBKEY,
/* equiv idx, value */ 9, VALUE_OPT_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
diff --git a/src/tpmtool-args.def b/src/tpmtool-args.def
index 59bb846..5afc0fa 100644
--- a/src/tpmtool-args.def
+++ b/src/tpmtool-args.def
@@ -13,7 +13,9 @@ explain = "";
flag = {
name = generate-rsa;
descrip = "Generate an RSA private-public key pair";
- doc = "Generates an RSA private-public key pair on the specified token.";
+ doc = "Generates an RSA private-public key pair in the TPM chip.
+The key may be stored in filesystem and protected by a PIN, or stored
(registered)
+in the TPM chip flash.";
};
flag = {
@@ -32,6 +34,14 @@ flag = {
};
flag = {
+ name = legacy;
+ descrip = "Any generated key will be a legacy key";
+ flags_must = generate-rsa;
+ flags_cant = signing;
+ doc = "";
+};
+
+flag = {
name = user;
descrip = "Any registered key will be a user key";
flags_must = register;
@@ -47,13 +57,6 @@ flag = {
doc = "The generated key will be stored in system persistent storage.";
};
-flag = {
- name = legacy;
- descrip = "Any generated key will be a legacy key";
- flags_must = generate-rsa;
- flags_cant = signing;
- doc = "";
-};
flag = {
name = pubkey;
@@ -82,7 +85,8 @@ flag = {
arg-type = string;
arg-name = "Security parameter";
descrip = "Specify the security level [low, legacy, normal, high,
ultra].";
- doc = "This is alternative to the bits option.";
+ doc = "This is alternative to the bits option. Note however that the
+values allowed by the TPM chip are quantized and given values may be rounded
up.";
};
flag = {
@@ -104,14 +108,30 @@ doc-section = {
ds-type = 'EXAMPLES';
ds-format = 'texi';
ds-text = <<-_EOT_
-To generate a public key use:
+To generate a key that is to be stored in filesystem use:
address@hidden
+$ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem
address@hidden example
+
+To generate a key that is to be stored in TPM's flash use:
@example
-$ tpmtool --generate-rsa --sec-param normal --outfile tpmkey.pem
+$ tpmtool --generate-rsa --bits 2048 --register --user
@end example
To get the public key of a TPM key use:
@example
-$ tpmtool --pubkey --infile tpmkey.tpm --outfile pubkey.pem
+$ tpmtool --pubkey
tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user \
+ --outfile pubkey.pem
address@hidden example
+
+or if the key is stored in the filesystem:
address@hidden
+$ tpmtool --pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem
address@hidden example
+
+To list all keys stored in TPM use:
address@hidden
+$ tpmtool --list
@end example
_EOT_;
};
diff --git a/src/tpmtool-args.h b/src/tpmtool-args.h
index f4d98ae..d268f28 100644
--- a/src/tpmtool-args.h
+++ b/src/tpmtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (tpmtool-args.h)
*
- * It has been AutoGen-ed July 14, 2012 at 10:40:19 AM by AutoGen 5.16
+ * It has been AutoGen-ed July 20, 2012 at 10:21:17 PM by AutoGen 5.16
* From the definitions tpmtool-args.def
* and the template file options
*
@@ -73,9 +73,9 @@ typedef enum {
INDEX_OPT_GENERATE_RSA = 3,
INDEX_OPT_REGISTER = 4,
INDEX_OPT_SIGNING = 5,
- INDEX_OPT_USER = 6,
- INDEX_OPT_SYSTEM = 7,
- INDEX_OPT_LEGACY = 8,
+ INDEX_OPT_LEGACY = 6,
+ INDEX_OPT_USER = 7,
+ INDEX_OPT_SYSTEM = 8,
INDEX_OPT_PUBKEY = 9,
INDEX_OPT_LIST = 10,
INDEX_OPT_DELETE = 11,
@@ -132,9 +132,9 @@ typedef enum {
#define VALUE_OPT_GENERATE_RSA 3
#define VALUE_OPT_REGISTER 4
#define VALUE_OPT_SIGNING 5
-#define VALUE_OPT_USER 6
-#define VALUE_OPT_SYSTEM 7
-#define VALUE_OPT_LEGACY 8
+#define VALUE_OPT_LEGACY 6
+#define VALUE_OPT_USER 7
+#define VALUE_OPT_SYSTEM 8
#define VALUE_OPT_PUBKEY 9
#define VALUE_OPT_LIST 10
#define VALUE_OPT_DELETE 11
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-60-g895aadf,
Nikos Mavrogiannopoulos <=