Stefan Berger [Sat, 14 Oct 2017 20:26:28 +0000 (16:26 -0400)]
swtpm: clean up server and ctrlchannel at the end
Introduce another parameter to ctrlchannel_new and server_new
to pass the Unix socket's path. Implement ctrlchannel_free and
server_free to clean up and remove the Unix socket's path.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 16 Oct 2017 17:11:40 +0000 (13:11 -0400)]
swtpm: Implement server_set_fd()
Implement server_set_fd() function to get the current file descriptor
and set a new one on the server structure.
Use this function to transfer the server file descriptor from the
server structure to the mainloop structure and have the main loop
close the file descriptor.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 11 Oct 2017 18:13:01 +0000 (14:13 -0400)]
tests: write binary string into file and then cat into device
Rather than using the non-bash echo tool, which doesn't seem to
support -e on OpenBSD, use the bash echo tool to write the binary
code into a file and cat the file into the device. This also works
around a problem when a sequence contains \x0a, which then seems
to be the last character written to the device if bash's echo is
used. It does this correctly when writing to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 6 Oct 2017 01:10:25 +0000 (21:10 -0400)]
tests: copy 'swtpm chardev' test to test_ctrlchannel4
Copy the test case that use 'swtpm chardev' to test_ctrlchannel4
and convert this test in test_ctrlchannel to use a socket. Make
test_ctrlchannel run on all platforms. test_ctrlchannel4 only
runs when WITH_CHARDEV is set in the Makefile.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 5 Oct 2017 21:25:49 +0000 (17:25 -0400)]
tests: Split off CMD_SET_DATAFD test into own file
Split off the CMD_SET_DATAFD into its own file. This test only works on
Linux, so we skip it on Cygwin for example. Otherwise it should be able
to run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 4 Oct 2017 20:20:20 +0000 (16:20 -0400)]
tests: Allow to specify SWTPM_EXE, SWTPM_IOCTL and SWTPM_BIOS for tests
To enable the test suite to for example run a mixture of 32- and
64bit executables, allow users to specify the executables to use by
setting the variables SWTPM_EXE, SWTPM_IOCTL, and SWTPM_BIOS via
command line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 29 Sep 2017 17:53:06 +0000 (13:53 -0400)]
tests: Use python twisted for sendmsg on python 2
Rather than sending two separate messages with the bare python 2
API, use the python twisted package to send the control and data
in one sendmsg() call. This avoids occasional test failures in
the ctrlchannel test case that is currently sending the data and
control part of the message in 2 steps, which can lead to the
recpient not seeing the whole message.
Add python-twisted as a build dependency to the rpm and Debian
builds and the .travis.yml.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support added to receive data socket over control socket
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Stefan Berger [Tue, 18 Jul 2017 21:02:59 +0000 (17:02 -0400)]
Fix possible illegal buffer access
Fix possible illegal buffer access in case a character device
is used via ioctl. In this case we have to make sure we only
access the number of bytes in the ioctl structure itself.
In case of a socket, make sure we received enough bytes to
be able to access the payload.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 15 Jun 2017 17:14:17 +0000 (13:14 -0400)]
tests: add functions for running swtpm and swtpm_ioctl
To be able to run tests with either one of the interfaces, add function
for running swtpm and swtpm_ioctl commands and form the command line
parameters dependent on the type of interface being passed. We rely on
environment variables to provide the specific parameters that are needed
to run the program with the appropriate parameters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 10 Jul 2017 14:29:10 +0000 (10:29 -0400)]
Introduce '--flag not-need-init' for socket and chardev
Change the startup behavior with respect to requiring an INIT command
via control channel. We change this for the socket and chardev
interfaces so that the behavior now is the same as that of the CUSE
interface.
Introduce the --flag not-need-init command line option for the socket
and chardev interfaces to allow the old behavior using this option.
Adapt some of the test cases and swtpm_setup.sh.in that now need this
command line flag.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sun, 9 Jul 2017 15:20:16 +0000 (11:20 -0400)]
Fix return code for ResetEstablishmentBit
If the return code from the command processing function is 0,
get the error code from the command response and return that one
instead. The problem was that clients though resetting the
establishment bit worked in locality 0 for example, while it did
not.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 30 Jun 2017 19:52:32 +0000 (15:52 -0400)]
swtpm_ioctl: fix ctrlcmd return parameter and fix state recv logic
Return the number of bytes received in case ctrlcmd does not
use an ioctl because in this case we need to know how many bytes
we received in the response.
The receiving of the state blob also needs to take into account
how many bytes were received in the initial response so we write
the proper amount of bytes from that response into the file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 15 Jun 2017 22:59:25 +0000 (18:59 -0400)]
swtpm: work on a copy of argv[] variables
While parsing the options we modified the argv[] values and
the commas disappeared, which showed when checking for the
swtpm processes using 'ps'. So, work on a copy of the options
parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 6 Jun 2017 20:44:16 +0000 (16:44 -0400)]
Implement allow-set-locality for CUSE TPM and extend test case.
Implement allow-set-locality for CUSE TPM and extend the existing
locality test case with commands that try to write the SetLocality
comamnd to the device.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 6 Jun 2017 18:09:59 +0000 (14:09 -0400)]
Implement support for --locality allow-set-locality option
Implement support for --locality allow-set-locality option that
is primarily useful in cases when the VTPM proxy access is enabled
by file descriptor passing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 1 Jun 2017 20:00:15 +0000 (16:00 -0400)]
Add options for locality handling and SetLocality command
Add options for locality handling so that commands in locality
4 for example are rejected per command line parameter. This is
useful when the vTPM is used with containers.
Also implement the custom TPM/TPM2_SetLocality command to allow
the Linux vTPM proxy driver to set the locality in which subsequent
TPM commands will be executed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 31 Mar 2017 12:41:08 +0000 (08:41 -0400)]
swtpm: Use logprintf wherever possible
Use logprintf wherever possible. While the logging is not set up,
print error messages to stderr and prefix them with 'swtpm: '. After
the logging has been set up all error messages go into the log file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Amarnath Valluri [Fri, 31 Mar 2017 06:54:38 +0000 (09:54 +0300)]
swtpm: Keep client data connection alive
swtpm server is closing the client data connection after serving a single
request, which shall not happen. Hence added MAIN_LOOP_FLAG_KEEP_CONNECTION
mainloop flag to keep the client data connection alive, till client is alive.
Amarnath Valluri [Wed, 15 Mar 2017 20:10:29 +0000 (22:10 +0200)]
swtpm: Added support for passing control channel client fd.
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Stefan Berger [Thu, 2 Feb 2017 18:07:29 +0000 (13:07 -0500)]
swtpm_cert: Create sets of items
Following the example in the Appendix A.1 of the TCG EK Credential
Profile Spec Version 2.0, a ASN.1 SET is supposed to be created for
each one of the items. This patch fixes the format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 2 Feb 2017 15:49:58 +0000 (10:49 -0500)]
swtpm_cert: use GNUTLS 3.5 function to set TPM data
Use the GNUTLS 3.5 function gnutls_x509_crt_set_subject_alt_othername
to set the TP<M and platform manufacturer info since the other function
does not accept binary data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>