Stefan Berger [Thu, 21 Dec 2017 00:06:40 +0000 (01:06 +0100)]
swtpm_setup: Add --decryption for enabling key encipherment
Add the --decryption option to enable key encipherment separately
from enabling signing for the EK. The key encipherment is not set
but needs to be set if --allow-signing is used and key encipherment
is also requested.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 20 Dec 2017 22:11:42 +0000 (23:11 +0100)]
samples: add support for signing and key encipherment options
To allow the creation of EKs with signing and/or key encipherment
capabilities, add the --allow-signing and --decryption options
to swtpm-localca program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 20 Dec 2017 22:04:05 +0000 (23:04 +0100)]
swtpm_cert: Add option --decryption to use for key encipherment
In case of a TPM 2 we allow the creation of a signing key by passing
--allow signing. To also enable key encipherment, we add the --decryption
option to allow key encipherment and signing at the same time.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 11 Jul 2017 16:49:20 +0000 (12:49 -0400)]
swtpm_setup: Don't require root privileges to run it for a TPM 2
Don't require root privileges to run swtpm_setup with a TPM 2 target.
For TPM 1.2 we need the high privilges due to TrouSerS wanting to be
started as root (or 'tss'), but for TPM 2 we do not use any tools
to manufacture the initial state that would require high privileges.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 14 Jun 2017 18:17:28 +0000 (14:17 -0400)]
tests: Add test case for testing TPM 2 volatile state
Add a test case that tests the TPM 2 volatile state. This test
requires the latest TPM2 version of libtpms that also writes the
TPM Established bit into the volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 22 Mar 2017 13:36:21 +0000 (09:36 -0400)]
tests: Check TPM2 state using TPM2 utilities
Check the TPM2 state using the TPM2 utilities, if available.
Create persistent state and check it, then shut down the TPM 2 and
restart it, and check the persistent state again.
Use previously created state and have the TPM 2 start with it
and check the persistent state. The persistent state must be
readable on little and big endian machines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 16 Mar 2017 19:52:40 +0000 (15:52 -0400)]
tests: Add test cases for state suspension and resumption
libtpms preview branch tpm2-preview.rev142 enables volatile state
marshalling and unmarshalling which in turn enables the suspending
and resumption of the TPM state. This patch enables the capabilty
bits and adds test cases for testing the TPM state suspending and
resumption.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 21 Dec 2016 22:05:56 +0000 (17:05 -0500)]
Support TPM 2 in swtpm_setup and swtpm_setup.sh
Support TPM 2 in swtpm_setup and swtpm_setup.sh.
Implement support for all command line options except for:
o --take-ownership and anything related to ownership passwords
o --lock-nvram
o --display
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 21 Dec 2016 22:05:40 +0000 (17:05 -0500)]
swtpm_cert: Add support for TPM2
TPM2 allows the primary key to also be a signing key, so in case
--tpm2 is provided, --allow-signing can be provided as well in
case the primary can also be used for signing operations.
We use SHA256 for the signing algorithm when TPM 2 is being used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 7 Aug 2018 16:07:38 +0000 (12:07 -0400)]
swtpm_cert: Prepend a 'special' ASN.1 byte sequence to the SAN data
The subject alternative name need to have a special sequence of
bytes prepended to them for certtool to accept the data. Also TCG's
sample certificate does show the sequence. The byte sequence is of
the form: 0x30 <subsequent length> 0xa4 <subsequent length> <data>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 7 Aug 2018 14:26:31 +0000 (10:26 -0400)]
swtpm_cert: Do set authority key id explicitly
The previous patch's reversal was partially wrong. The authority
key id needs to be set explicitly from the key id of the signing
key of the issuing CA.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 7 Aug 2018 13:24:35 +0000 (09:24 -0400)]
swtpm_cert: Remove copying of authority key id
Remove the copying of the authority key id from the given issuer
cert to the created cert since this copies the wrong key id and
besides that it will be set automatically when the certificate is
created.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 5 Jul 2018 18:17:53 +0000 (14:17 -0400)]
swtpm: Use file lock to prevent concurrent access to state files
Create a .lock file in the directory with the TPM state and get
a lock on this file and hold on to the lock until swtpm ends.
This precludes other swtpm instances to step on the same state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 30 Jun 2018 00:55:47 +0000 (20:55 -0400)]
swtpm: Encrypt the data with a random IV every time
Whenever we encrypt the data we generate a new random IV and append a
tlv block with the IV to the byte stream. We mark the IV with different
tags depending on whether they are for the migration data or the (TPM)
data directly. All IVs are part of the HMAC and are added to it after
the data blob.
Adjust test cases that now return larger sizes of data. A constant
checksum over the data cannot be expected anymore, thus we have to remove
the verification of the checksum over the returned state (IV changes
every time).
The size of the blobs grow by 22 bytes, 6 for the tlv header, 16 bytes
for the IV (128 bit AES key).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 29 Jun 2018 20:57:24 +0000 (16:57 -0400)]
swtpm: Get the IV from a tag-length-value block in the data stream
Get the IV from a tlv block in the data stream. If none is found, which
is the case when reading older state, we get a NULL pointer for the IV
and call the functions with the NULL pointer, which provides backwards
compatibility.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 13 Apr 2018 22:14:40 +0000 (18:14 -0400)]
swtpm: Use tag-length-value blocks to store data in v2 format
Prepend tag-length-value (tlv) headers in front of all data being stored in
the byte stream following the header. This lets us uniquely identify plain
data (= TPM state), encrypted data (= encrytped TPM state), migration data
(which is wrapped plain or encrytped TPM state), and an HMAC block to
validate the plain data.
We keep support for version 1 for reading the data but convert them to
version 2 when writing them out. This way we loose backwards compatibility
(downgrading of swtpm is not possible), but it allows us to extend the state
in the future by adding addition blocks with tlv headers.
Version 1 of the encryption was prepending the hash on the plaintext data
then encrypting all of it. This method is not so good. In version 2 we now
use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an
HMAC on the encrypted data.
Files written by the swtpm didn't have a header before. Now they also get a
header. This means that the state written into files and the state retrieved
using the API (swtpm_ioctl --save) have the same format, but still differ
in so far as the API wraps the data in a tlv header for migration, which the
files written out as state would never get.
Adapt a couple of test cases show file sizes and hashes have changed now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 11 Jun 2018 14:35:10 +0000 (10:35 -0400)]
tests: Skip CUSE tests if not compiled with CUSE interface
Check for a '#define WITH_CUSE 1' line in config.h to determine whether
the swtpm was compiled with the CUSE interface and skip the tests with
the CUSE interface if no such line can be found.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 4 Jun 2018 19:41:54 +0000 (15:41 -0400)]
test: Add PKG_CONFIG_PATH in front of configure for i386
More recent glib-2.0 needs a specific different include files for
32 and 64 bit x86 architectures. We get this through pkg-config but
need to set its search path accordingly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 14 May 2018 20:46:07 +0000 (16:46 -0400)]
Use memcpy rather than strncpy and leave note in code
Coverity found that the usage of strncpy may leave an unterminated
string. In this case it is ok, if the string is unterminated since
it would only be the part of a response and the client would have
to collect all the parts as indicated by the total length of the
string. So we use memcpy instead and leave a note in the code. So
far the strings would not nearly be 3k to get close to the maximum.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 14 May 2018 13:03:09 +0000 (09:03 -0400)]
Use TPMLIB_SetState to set state blobs
Rather than writing to files directly and having to validate the state in
those files using TPMLIB_ValidatetState(), we now use the new
TPMLIB_SetState() call to set the TPM's state blobs. The advantage of this
call is that it doesn't overwrite state files and ends up leaving state in
files that the TPM cannot use. Instead, it validates the state immediately
when the blob is set and returns an error in case the state cannot be
accepted.
We need to adapt one test case that now gets a failure earlier than before.
Before the TPM_INIT failed, now setting the encrypted blob fails because it
cannot be decrypted and thus cannot be accepted by the TPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 5 May 2018 05:02:28 +0000 (01:02 -0400)]
samples: remove the TPM attribute parameters from the options file
Since swtpm_setup now uses the swtpm_ioctl tool to get some of the
TPM attributes directly from the TPM, we don't need to pass these
options via the options file anymore.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Simplify the two's complement implementation by converting the number
into a big endian and writing it out into a byte array that is prefixed
with a 0-byte. This covers all unsigned ints while the previous imple-
mentation would have been wrong once the number exceeded 255.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 4 May 2018 17:41:41 +0000 (13:41 -0400)]
tests: wait for 0.5 seconds before swtpm must be gone
To avoid test failures in test_ctrchannel2 due to the swtpm process
still running after it has removed the PID file, give it 0.5 seconds
to actually terminate.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 4 May 2018 15:23:46 +0000 (11:23 -0400)]
swtpm_cert: Use certificate specific OIDs in Extended Key Usage field
Create ASN.1 for the Extended Key Usage field for the EK certificate
that has the oid 2.23.133.8.1 and for the platform certificate the
oid 2.23.133.8.2. Both are registered OIDs:
Stefan Berger [Wed, 7 Feb 2018 01:57:28 +0000 (20:57 -0500)]
sample: propagate and log error if swtpm_cert is missing
If the swtpm_cert was missing, nothing was reported in the error log. Change
this and report it in the error log rather than writing the error in the
certificate file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sun, 22 Apr 2018 01:49:03 +0000 (21:49 -0400)]
swtpm_ioctl: implement --info option to get implementation info
Implement the --info option that takes a flag as an argument
and returns information about the TPM implementation. Only the
value '1' has been defined for now, which returns a line as
the following:
Stefan Berger [Tue, 17 Apr 2018 12:58:04 +0000 (08:58 -0400)]
swtpm_cert: Error out if the Authority Key Id could not be gotten
Since the EK cert must have an Authority Key Id, we error out if
the signing certificate we are given does not have an Authority
Key Id. The typical reason why it wouldn't have it is that we are
using a self-signed (rootCA) certificate directly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 12:52:26 +0000 (08:52 -0400)]
samples: Create a root CA that signs the cert used for creating TPM certs
We are currently missing the Authority Key Id in the certificate used for
creating the EK cert. To get this, we create a root CA for our local CA
and use that root CA to sign the local CA's certificate. Our local
CA is now an intermediate CA and the Authority Key Id can now be copied
into the EK cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 14:02:14 +0000 (10:02 -0400)]
swtpm_setup: run exec in a subshell when suppressing errors
To not loose stderr we have to run the exec command in a subshell
and suppress the output of the subshell otherwise the exec command
seems to close stderr on us.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 12 Apr 2018 17:17:37 +0000 (13:17 -0400)]
swtpm_cert: Implement --add-header option for adding TPM 1.2 NVRAM header
TPM 1.2 certificates need a header when written to NVRAM. This patch
adds a --add-header option for this and prepends the header to.
Also see TCG PC Specific Inmplementation Specification section 7.4.4 and
7.4.5.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 9 Apr 2018 16:06:47 +0000 (12:06 -0400)]
selinux: replace swtpmcuse_svirt with swtpm_svirt
Replace the previously used swtpmcuse_svirt type of policy with
swtpm_svirt. This policy contains the minimum set of rules necessary
to start swtpm from within libvirt.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 5 Apr 2018 17:12:21 +0000 (13:12 -0400)]
swtpm: Also remove pidfile at end if fd was passed
Address the issue that the pidfile needs to be removed at the end if
a file descriptor was passed in. So we have to look up the file
given the file descriptor and by using /proc/self/fd/.
We also want to make sure that the given file descriptor describes
a regular file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>