Stefan Berger [Wed, 3 Jul 2019 01:18:51 +0000 (21:18 -0400)]
swtpm_setup: Use swtpm_ioctl to re-init the TPM 1.2 for activation
Since we can only read the file descriptor for the passphrase once,
we cannot stop the TPM 1.2 and then restart it but we have to use
'swtpm_ioctl -i' to re-init it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 27 Jun 2019 22:49:26 +0000 (18:49 -0400)]
test: Make sure that when key is passed state is encrypted
Make sure that when keyfile/keyfile-fd or pwdfile/pwdfile-fd are passed
to swtpm_setup that the resulting state is actually encrypted. We check
for encrypted state by making sure that 4-byte sequences of 0-bytes are
not there while they are there for un-encrypted state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Fri, 21 Jun 2019 19:46:34 +0000 (15:46 -0400)]
swtpm: Use len as parameter to SHA512
filelen is the length of the file as it was stat'ed. len is
the number of bytes read. They should be the same. So, use
len as a parameter to SHA512() rather than filelen.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Stefan Berger [Thu, 20 Jun 2019 14:32:05 +0000 (10:32 -0400)]
tests: Do not run key derivation test on ppc64
The old prime number generation algorithm also does not return
the same numbers on ppc64 (big endian) as on x86_64 or ppc64le,
so do not run the test there.
Signed-off-by: Stefan Berger <stefanb@linu.ibm.com>
Stefan Berger [Wed, 17 Apr 2019 22:25:05 +0000 (18:25 -0400)]
Travis: Set LIBTPMS_CFLAGS when sanitizing swtpm
Set the LIBTPMS_CFLAGS for libtpms to sanitize the same as we sanitize
in swtpm. Also set UBSAN_OPTIONS and ASAN_OPTIONS for directing runtime
behavior to halt_on_error=1.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 17 Apr 2019 22:08:03 +0000 (18:08 -0400)]
swtpm: Fix illegal heap access while parsing options
Fix an illegal heap access while parsing the options by making
sure that we do not access the tok variable beyond its size
when comparing a character to '=' and later on when accessing
the value after the '='.
This bug was discovered by configuring as follows on Fedora 28:
CFLAGS="-fsanitize=address -g -ggdb" LIBS="-lasan" \
./configure --prefix=/usr
and running tests like this:
sudo bash -c "SWTPM_TEST_EXPENSIVE=1 make -j32 check"
The test case test_tpm2_ctrlchannel2 indicated the error.
It looks like gcc on Ubuntu Xenial on Travis did not detect this
error.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 8 Apr 2019 11:27:47 +0000 (07:27 -0400)]
tests: wait for file content in wait_for_file
When the PID_FILE is passed to swtpm as a file descriptor in one test,
we already create a file without content when running
'exec 100<>$PID_FILE'. So we have to extend wait_for_file to also
wait for file content since the 0.2 seconds delay are sometimes not
enough for content to have been written. Otherwise we do not get the
PID of the process. We can extend the function in this way since all
its usages imply that some content should become available.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 2 Apr 2019 14:28:06 +0000 (10:28 -0400)]
tests: Pass --runas parameter to swtpm
Pass the --runas parameter to swtpm so we can test switching it
to a given user 'nobody'.
We also have to change ownership of files and directories so that
the nobody user can write the coverage files when swtpm ends.
In the test case we then use the trick of changing file ownership
just before we terminate swtpm, which will trigger the writing
of the .gcda files. We need to have nobody own these files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Fri, 29 Mar 2019 16:19:15 +0000 (12:19 -0400)]
tests: Fix some issues with TPM 1.2 test
- Clean up state files in case the test suite was interrupted
- Allow running it from the test directory by creating an absolute
path for TESTDIR so we can find the patch file; error out in
case the patching fails
- Run test case 2 and 1 as well but ignore ERROR output in case
of test 1. The errors stem from us not restarting the TPM when
the test suite asks for it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 28 Mar 2019 23:10:57 +0000 (19:10 -0400)]
tests: Add test case running TPM 1.2 test suite
Add a test case that downloads the TPM 1.2 package from sourceforge,
patches a few files for OpenSSL compatibility, and runs a few test
cases of that test suite. Look for ERROR output in the test suite.
This test suite also provides better code coverage for libtpms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 25 Mar 2019 21:04:02 +0000 (17:04 -0400)]
tests: Use an empty options file in case options file is accessed
To prevent the test case from failing when an no --prefix is used
when configuring, use an empty options file via /dev/null. Otherwise
swtpm-localca starts looking for the options file in a place where
there is none.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 21 Mar 2019 17:17:17 +0000 (13:17 -0400)]
build-sys: Avoid prefix=NONE if no prefix is passed to configure
If no prefix is passed to the configure line we get prefix=NONE
in evaluations of variables that depend on prefix at this point.
If the user provides no --prefix we assume /usr/local as the
default and override the 'NONE' value we have at this point.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 14 Mar 2019 17:46:24 +0000 (13:46 -0400)]
Travis: Add libseccomp-dev to packages to install
Do not run the 'asan' test with seccomp compiled in since the asan
libraries seem to use syscalls that we blacklist in the seccomp
profile. In particular those are:
- clone
- sigaltstack
- ptrace
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 13 Mar 2019 22:27:53 +0000 (18:27 -0400)]
build-sys: Add libbsecomp to configure.ac
Implement support for --with-seccomp and --without-seccomp for Linux
systems with --with-seccomp being the default. On all other systems
--without-seccomp is the implicit default.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm-setup: follow XDG spec more closely for default config
According to the XDG spec,
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:
"If $XDG_CONFIG_HOME is either not set or empty, a default equal to
$HOME/.config should be used."
This fixes setting up a TPM with libvirt running in a user session.
It works by checking if configuration files are readable in the
directory priority order (XDG_CONFIG_HOME, then HOME, then SYSCONFDIR).
When libvirt is running as a system instance, $HOME isn't set, so it
will fall back on @SYSCONFDIR@ (/etc usually)
Stefan Berger [Fri, 1 Feb 2019 19:29:58 +0000 (14:29 -0500)]
Travis: Get Travis to submit to Coverity again
The extension of the travis.yml with the matrix broke the Coverity
submission. This patch fixes this. We have to build libtpms in
build_command_prepend since before_script now does something different.
We only build in task .1 and exit early on all the other ones if
we are using the coverity_scan git branch.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 28 Jan 2019 19:46:35 +0000 (14:46 -0500)]
tests: Fix error handling if pkcs11 test runs on x86_64 with i386 executable
Softhsm cannot be installed as an i386 executable/library and as
a x86_64 executable/library on a Fedora host. The pkcs11 test then
fails since it cannot pick up the libsofthsm.so needed for an i386
executable (swtpm_cert) on a x86_64 host. This fixes test run errors
for run_test.sh by skipping the test in case swtpm_cert returns
a specific error message related to not being able to import the
pkcs11 URI object.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 23 Jan 2019 21:39:13 +0000 (16:39 -0500)]
tests: Use wait_process_gone rather than sleep
Use wait_process_gone with 2 seconds timeout to wait for the swtpm to
have terminated after SIGTERM or connection loss. This avoids test
failures on slow Raspberry Pi 2.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 23 Jan 2019 17:56:13 +0000 (12:56 -0500)]
Make softhsm/pkcs11 test case work on Travis on OS X
We need to run the softhsm/pkcs11 test case as root (sudo) under OS X
so that we can write the file /etc/gnutls/pkcs11.conf. However, once
we run the tests as root we cannot run the 'brew ls' command anymore
since it refuses to run with high privileges. So, if we run as root we
need to use sudo to switch to the nobody user to run the 'brew ls'
command that gives us the name of the softhsm pkcs11 module.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 22 Jan 2019 21:46:58 +0000 (16:46 -0500)]
tests: Make the test case work on OS X
On OS X we need to be able to change /etc/gnutls/pkcs11.conf for
p11tool to pick up the softhsm pkcs11 module correctly. We need
(password-less) sudo to be able to do this.
Unforutnately this test case does not run on Travis since Travis
seems to require passwords under some circumstances.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 22 Jan 2019 20:59:24 +0000 (15:59 -0500)]
tests: Add test case that uses a pkcs11 URI for signing a cert
Use SoftHSM to create a pkcs11 URI and then use the pkcs11 URI
to sign the certificate of a TPM 2.0 with this key using swtpm-localca.
This test case works with softhsm >= 2.3.0 on Fedora and should work
with a recent version of Ubuntu. If an error is encountered setting
up the softhsm2 environment, we just skip the test.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 17 Jan 2019 23:45:55 +0000 (18:45 -0500)]
tests: Gate the IBM TSS 2 related test with SWTPM_TEST_IBMTSS2
Older versions of the IBM TSS2, such as in FC26 for example, behave
slightly different than the code in the test case expects (certain
files are not generated or may have a different name). So gate this
test case with SWTPM_TEST_IBMTSS2 environment variable so we don't run
it by default if the TSS tools are found and so we do not run into
possible errors due to an older version of the stack installed on the
system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 17 Jan 2019 11:27:23 +0000 (06:27 -0500)]
swtpm_setup: Use OSX specific function to get path of executable
OS X cannot resolve the path we get from genenv("_") when running a
test script on Travis (reason unknown). So we use _NSGetExecutablePath()
instead and display the path in the error message in case realpath()
fails.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 16 Jan 2019 13:49:51 +0000 (08:49 -0500)]
build-sys: Fix hard coded /etc path and replace with @SYSCONFDIR@
When the project is configured with --prefix=/usr/local several configuration
files are installed to /usr/local/etc but not read by the programs that
need them. This patch fixes this issue by replacing @SYSCONFDIR@ in the source
code of those files with the actual used path.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 30 Oct 2018 13:32:13 +0000 (09:32 -0400)]
swtpm_cert: Support PKCS11 URIs for a CA using a PKCS11 module for signing
For PKCS11 modules (such as SoftHSM) to sign a TPM EK or platform
certificate we use 'pkcs11:' prefixed URIs like those URIs for
TPM 1.2 starting with tpmkey:.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 22 Oct 2018 22:17:00 +0000 (18:17 -0400)]
samples: Escape the GnuTLS PKCS11 URL before using in command line
GnuTLS PKCS11 URLs have ';' in the string that we need to preserve for
passing to GnuTLS. So we escape the semicolons before using them on the
command line.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 22 Nov 2018 16:16:28 +0000 (11:16 -0500)]
swtpm_setup.sh: First send SIGTERM to processes then (later) SIGKILL
Implement terminate_proc, which first tries to gracefully terminate a
process and then, if synchronization is requested, waits for 1 second
for it to disappear and then kills it with SIGKILL if it didn't go away.
Use this function for stop_tpm and stop_tcsd, which will first try
to send a SIGTERM to a process assuming it will terminate while we
do something else and then, in case the process needs to be restarted,
make sure that it's gone before it is restarted.
This addresses an issue where previously SIGTERM was sent to a process
before it was restarted but the restarting failed due to the previous
process still holding a lock on the file because it wasn't able to react
to the SIGTERM fast enough.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 22 Nov 2018 20:46:09 +0000 (15:46 -0500)]
swtpm: Uninstall signal handler before closing notication file descriptor
Uninstall the signal handler before we close the signal handler's
notification file descriptor so that signals received after the file
descriptor is closed do not cause an error.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 19 Nov 2018 18:53:38 +0000 (13:53 -0500)]
swtpm: Coverity: Check msg parameter upon return from recvmsg
Make sure that the msg parameter passed into recvmsg wasn't modified
by the library and verify that the pointers and sizes it contains are
still valid after the call. This addresses an issue raised by Coverity.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>