2 * capabilities.c -- capabilities
4 * (c) Copyright IBM Corporation 2019.
6 * Author: Stefan Berger <stefanb@us.ibm.com>
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions are
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
17 * Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
21 * Neither the names of the IBM Corporation nor the names of its
22 * contributors may be used to endorse or promote products derived from
23 * this software without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45 #include <libtpms/tpm_library.h>
46 #include <libtpms/tpm_error.h>
48 #include "capabilities.h"
50 #include "swtpm_nvstore.h"
52 /* Convert the RSA key size indicators supported by libtpms into capability
54 * libtpms may return us something like this here:
55 * "TPMAttributes":{"manufacturer":"id:00001014",\
56 * "version":"id:20191023","model":"swtpm","RSAKeySizes":[1024,2048,3072]}}
58 * or an older version may not report RSA keysizes:
59 * "TPMAttributes":{"manufacturer":"id:00001014",\
60 * "version":"id:20191023","model":"swtpm"}}
62 static int get_rsa_keysize_caps(char **keysizecaps
)
66 const char *needle
= "\"RSAKeySizes\":[";
67 char *info_data
= TPMLIB_GetInfo(4 /*TPMLIB_INFO_TPMFEATURES*/);
75 start
= strstr(info_data
, needle
);
77 start
+= strlen(needle
);
79 unsigned long int keysize
= strtoul(start
, &endptr
, 10);
81 if (*endptr
!= ',' && *endptr
!= ']') {
82 logprintf(STDERR_FILENO
, "Malformed TPMLIB_GetInfo() string\n");
87 n
= snprintf(buffer
+ offset
, sizeof(buffer
) - offset
,
88 ", \"rsa-keysize-%lu\"",
90 if (n
< 0 || (unsigned)n
>= sizeof(buffer
) - offset
) {
91 logprintf(STDERR_FILENO
, "%s: buffer is too small\n", __func__
);
102 *keysizecaps
= strndup(buffer
, sizeof(buffer
) - 1);
103 if (*keysizecaps
== NULL
)
112 logprintf(STDERR_FILENO
, "Out of memory\n");
117 int capabilities_print_json(bool cusetpm
, TPMLIB_TPMVersion tpmversion
)
123 const char *cmdarg_seccomp
= "\"cmdarg-seccomp\", ";
125 const char *cmdarg_seccomp
= "";
127 const char *with_tpm1
= "";
128 const char *with_tpm2
= "";
129 char *keysizecaps
= NULL
;
130 const char *nvram_backend_dir
= "\"nvram-backend-dir\", ";
131 const char *nvram_backend_file
= "\"nvram-backend-file\"";
134 TPMLIB_ChooseTPMVersion(tpmversion
);
136 ret
= get_rsa_keysize_caps(&keysizecaps
);
140 if (TPMLIB_ChooseTPMVersion(TPMLIB_TPM_VERSION_1_2
) == TPM_SUCCESS
)
141 with_tpm1
= "\"tpm-1.2\", ";
142 if (TPMLIB_ChooseTPMVersion(TPMLIB_TPM_VERSION_2
) == TPM_SUCCESS
)
143 with_tpm2
= "\"tpm-2.0\", ";
145 n
= asprintf(&string
,
147 "\"type\": \"swtpm\", "
149 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
151 "\"version\": \"" VERSION
"\" "
155 !cusetpm
? "\"tpm-send-command-header\", ": "",
156 true ? "\"flags-opt-startup\", " : "",
157 true ? "\"flags-opt-disable-auto-shutdown\", ": "",
158 true ? "\"ctrl-opt-terminate\", " : "",
160 true ? "\"cmdarg-key-fd\", " : "",
161 true ? "\"cmdarg-pwd-fd\", " : "",
162 true ? "\"cmdarg-print-states\", " : "",
163 true ? "\"cmdarg-chroot\", " : "",
164 true ? "\"cmdarg-migration\", " : "",
167 keysizecaps
? keysizecaps
: ""
171 logprintf(STDERR_FILENO
, "Out of memory\n");
177 fprintf(stdout
, "%s\n", string
);