Whenever swtpm_setup is executed with --logfile option, forward the
option to swtpm (--log file=...). This helps debugging swtpm
initialization issues.
Stefan Berger [Tue, 28 Sep 2021 14:08:29 +0000 (10:08 -0400)]
test: Fix test_tpm2_file_permissions for BSD
BSD cp does not understand the -d option, so remove it.
It's better to use "su -u nobody -c '...'" than sudo, which makes
this test also work on the BSDs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sun, 26 Sep 2021 02:26:40 +0000 (22:26 -0400)]
tests: Add a test case for testing --runas and ability to access files
Add a test case for testing the --runas parameter and the ability to access
existing files that have restrictive access permission so that only allow
the --runas user is able to access these files. This is to ensure that
swtpm can access these files properly when the handling of options and the
changing to the --runas user is moved around within swtpm.
Skip the test case if swtpm is linked with ASAN since then we get these
types of error messages that fail tests:
==== Starting swtpm with interfaces socket+socket ====
==3303263==LeakSanitizer has encountered a fatal error.
==3303263==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==3303263==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 27 Sep 2021 02:38:50 +0000 (22:38 -0400)]
tests: Fix tests using tpm2-abrmd by preventing concurrency
The two tests test_tpm2_samples_create_tpmca and
test_tpm2_swtpm_localca_pkcs11 cannot complete successfully if run in
parallel. To solve this issue, introduce a dependency via the log files
to prevent parallel execution of the two test. We have to append the
.test suffix to their names to be able to do this.
Stefan Berger [Sat, 25 Sep 2021 00:23:22 +0000 (20:23 -0400)]
swtpm: Search for all state files and use abstracted names in JSON
Search for all the state files not just the permanent state and
when printing the JSON use the abstracted names rather than concrete
filenames that are only valid for the dir backend but will likely
not exist in other backends.
Adjust swtpm_setup to search for the abstracted name and also
adjust the error message to print out the abstracted name.
Adjust the test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sat, 25 Sep 2021 00:24:52 +0000 (20:24 -0400)]
swtpm: Implement CheckState interface function for checking for stateblob
Implement a CheckState interface function for checking for the
TPM_PERMANENT_ALL_NAME blog. The dirctory backend does a simple stat on the
file without actually reading it, which otherwise may require the (correct)
key if it was encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sat, 25 Sep 2021 00:24:32 +0000 (20:24 -0400)]
swtpm: Remove all interface functions from swtpm_nvstore_dir.h
Remove all interface functions from swtpm_nvstore_dir.h and make them
static in swtpm_nvstore_dir.c. This way we avoid direct calls to these
functions from elsewhere.
Move the declaration of the interface structure into swtpm_nvstore.h
to get rid of swtpm_nvstore_dir.h entirely.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Nick Chevsky [Sat, 18 Sep 2021 21:23:55 +0000 (16:23 -0500)]
swtpm: Don't set END_ON_HUP flag in CMD_SET_DATAFD handler
Don't set flag MAIN_LOOP_FLAG_END_ON_HUP in the handler for control
channel command CMD_SET_DATAFD, since this caused the swtpm daemon to
unconditionally terminate when the data channel connection dropped.
Removing the flag allows this behavior to be controlled by the user
via the --terminate command-line switch, as it was meant to be.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Stefan Berger [Mon, 20 Sep 2021 01:49:02 +0000 (21:49 -0400)]
swtpm: Use EVP_CIPHER in SWTPM_SymmetricKeyData_Encrypt/Decrypt
Use the EVP_CIPHER implementation for the AES CBC computations. This
API has been supported already in OpenSSL 1.1.x for sure and is also
not deprecated in OpenSSL 3.0.
This now resolves issue #538.
We can build src/swtpm without having to suppress deprecated API warnings.
Since this is the last issue related to OpenSSL deprecated APIs, we don't
need to suppress any OpenSSL 3.0 deprecated API warnings anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sat, 18 Sep 2021 19:04:29 +0000 (15:04 -0400)]
build-sys: Use -DOPENSSL_SUPPRESS_DEPRECATED (OSSL 3)
Use the (undocumented) OPENSSL_SUPPRESS_DEPRECATED to suppress the
deprecated API warnings when compiling swtpm and swtpm_setup with
OpenSSL 3.0.0 replacing the global -Wno-deprecated-declarations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When there is a delay between "Sending TPM2_NV_Write with wrong
password" and "timenow=$(date +%s)", the test can fail with "Error: Did
not get expected failure from TPM2_NV_Write() with good password.
Lockout should be enabled.". This can sometimes happen on slow or busy
systems.
To stabilize the test, this patch introduces precise recovery time
measurement ($timerecovery) and check good password works after that
time. As for lockout timeout, moves starting timer just before
TPM2_NV_Write and check good password fails before that time.
Eiichi Tsukata [Fri, 27 Aug 2021 00:24:41 +0000 (09:24 +0900)]
swtpm_setup: Use --print-states in check_state_overwrite()
Instead of directly accessing TPM state store file, use --print-states
to check if there is existing state file or not. This can reduce TPM
state directory dependencies of swtpm_setup.
Eiichi Tsukata [Mon, 23 Aug 2021 07:34:14 +0000 (16:34 +0900)]
swtpm: Add GetFilepathForName()
Introduce GetFilepathForName() and use it to get a rooted state file
path instead of existing GetFilenameForName().
Move GetFilenameForName() to swtpm_nvstore.c so that other TPM state
store backend can use it.
Eiichi Tsukata [Thu, 12 Aug 2021 06:19:40 +0000 (15:19 +0900)]
swtpm_setup: Use temp dir for certs instead of TPM state dir
Currently swtpm_setup saves ek.cert and platform.cert to TPM state
directory and removes them later. As the usage of these files are
temporary, temp directory can be used for this purpose. This reduces
dependencies on TPM state dir, which is convenient for pluggable state
store (https://github.com/stefanberger/swtpm/issues/461).
Stefan Berger [Sat, 14 Aug 2021 18:18:37 +0000 (14:18 -0400)]
tests: Skip chardev related tests after checking for chardev support
Skip tests that require the chardev after checking for the chardev
interface support in swtpm. Remove the conditional addition of chardev
related tests from the Makefile.am.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Fri, 13 Aug 2021 19:52:15 +0000 (15:52 -0400)]
swtpm: Add missing braces around TPM_DEBUG after if statement
Fix the following compilation issue:
swtpm_nvstore_dir.c: In function 'SWTPM_NVRAM_Validate_Dir':
swtpm_nvstore_dir.c:149:86: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
TPM_DEBUG("SWTPM_NVRAM_Validate_Dir: Rooted state path %s\n", tpm_state_path);
^ Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Eiichi Tsukata [Thu, 12 Aug 2021 07:27:27 +0000 (16:27 +0900)]
swtpm: Wipe out key to ensure it is not left on the stack
This change is conforming to the following SEI CERT recommendation.
MEM03-C. Clear sensitive information stored in reusable resources:
https://wiki.sei.cmu.edu/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
swtpm: Add options for pluggable backend (--tpmstate backend-uri)
Add an options to specify pluggable backend URI.
Ex:
--tpmstate backend-uri=dir://<path_to_dir>
Backend URI is specific to each backend plugin which points to the
location of the NVRAM files.
Currently, "dir" is the only one available backend. In this case
backend-uri should be a path to the directory where files are stored.
This option is designed to compatible with existing "dir" option.
If "dir" is specified, swtpm prioritize "dir" ignoring "backend-uri".
Eiichi Tsukata [Fri, 25 Jun 2021 02:29:44 +0000 (11:29 +0900)]
swtpm: Abstract NVRAM interface for pluggable state store
Related GH issue: https://github.com/stefanberger/swtpm/issues/461
This patch adds an abstraction layer to NVRAM state store implementation
for pluggable storage backends. No functional changes are intended in
this change. The default state store backend ("dir backend") keeps
current behavior.
To make swtpm ready for pluggable store, this patch moves file related
operations to the seperate file (swtpm_nvstore_dir.c) and defined the
interface for plugins (nvram_backend_ops in swtpm_nvstore.h). The
interface can be used by each plugin which will be added later.
With the interface, each plugin can access its "backend_uri" which
points to the location of the backend storage, for example S3 bucket
URL or iSCSI URL, and decide how it stores TPM state data.
Stefan Berger [Mon, 9 Aug 2021 21:09:02 +0000 (17:09 -0400)]
swtpm_setup: Add support for checking for TPM 1.2 and TPM 2 support
Implement get_supported_tpm_versions to get swtpm's support for TPM 1.2
and TPM 2 and use it error out in case user choose a TPM version that
is not supported. Also display the supported TPM versions in the
capabilites JSON.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm: ignore failure to choose version for --print-capabilities
A version was selected early for TPMLIB_GetInfo() to succeed in
--print-capabilities. TPM 1.2 is the default version, but can now be
disabled in libtpms.
Ignore the error when the version is unsupported by libtpms and skip
reporting the GetInfo related details.
Nick Chevsky [Sat, 31 Jul 2021 17:17:59 +0000 (12:17 -0500)]
swtpm: Preserve mlp->flags in CMD_SET_DATAFD handler
Fix the handler for control channel command CMD_SET_DATAFD so that
it ORs new bits onto mlp->flags instead of overwriting its value.
This was causing loss of flags previously set during command-line
argument parsing, which resulted in user-provided options (e.g.
--terminate) to be permanently ignored if command CMD_SET_DATAFD
was at any point received on the control channel.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Stefan Berger [Fri, 11 Jun 2021 00:05:05 +0000 (20:05 -0400)]
swtpm_setup: Get key description from function generating the EK key
Pass an optional key_description parameter through the APIs to be able to
get the a human readable key description, such as 'rsa2048' or 'secp384r1'
of the key that was created.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 28 Jul 2021 12:49:40 +0000 (08:49 -0400)]
tests: Replace ${SWTPM}.pid with swtpm.pid in PID filename in 2 test cases
The PID filename was generated using the ${SWTPM} environment variable,
which caused test failures if set to a URL for example. Replace it with
'swptm'.
This issue was reported in issue #454.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Nick Chevsky [Tue, 27 Jul 2021 18:54:45 +0000 (13:54 -0500)]
Change swtpm-localca to swtpm_localca in manpages
- Move content of swtpm-localca(8) manual page to swtpm_localca(8)
and make swtpm-localca(8) an alias for swtpm_localca(8), mirroring
the fact that /usr/bin/swtpm_localca is the actual program and
/usr/share/swtpm/swtpm-localca a wrapper for it.
- Change references to `swtpm-localca` in manual pages' content to
`swtpm_localca`, reflecting the actual name of the program they are
meant to document.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Stefan Berger [Mon, 26 Jul 2021 20:57:24 +0000 (16:57 -0400)]
build-sys: Add MY_CFLAGS, CFLAGS, and MY_LDFLAGS to all Makefile.am's
Add MY_CFLAGS, CFLAGS, and MY_LDFLAGS to all Makefile.am's so that they
can be defined during configure time as well as CFLAGS added during
build time. LDFLAGS were already handled correctly during build-time.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Nick Chevsky [Fri, 23 Jul 2021 20:15:22 +0000 (15:15 -0500)]
Debian packaging improvements
- debian/clean: Add files that were not being automatically cleaned
up by dh(1)'s `clean` target.
- debian/control:
- Add new recommended/required fields and bump Standards-Version.
- Remove redundant build dependencies that are implied transitively.
- Bump debhelper dependency version to match debian/compat.
- Move swtpm-libs's ${misc:Pre-Depends} dependency to `Pre-Depends`.
Resolves `depends-on-misc-pre-depends` Lintian warning.
- Sort packages and dependency lists alphabetically as per
wrap-and-sort(1).
- debian/not-installed: List deliberately non-installed files to
avoid dh_missing(1) warnings.
- debian/rules:
- Pass --no-scripts to dh_makeshlibs(1) in order to keep a
ldconfig(8) trigger from being implicitly added, which for
this package was redundant and triggered Lintian warning
`package-has-unnecessary-activation-of-ldconfig-trigger`.
- Remove redundant --parallel dh flag.
- Remove redundant dh_usrlocal override.
- debian/*.install:
- Add swtpm-create-tpmca(8) and its manpage, which were missing.
- Remove redundant `#! /usr/bin/dh-exec` lines.
- Sort entries alphabetically as per wrap-and-sort(1).
- debian/swtpm-tools.postinst.in: Add `set -e` to fail in case of
error. Fixes `maintainer-script-ignores-errors` Lintian warning.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Nick Chevsky [Sat, 24 Jul 2021 18:54:40 +0000 (13:54 -0500)]
Move swtpm_localca sources from samples/ to src/
- Move swtpm_localca's sources out of samples/ (where they no longer
belong now that swtpm_localca is a binary) to src/swtpm_localca/.
- Tests now call the swtpm_localca binary directly at the location
where it was built, as they do with all other compiled programs.
- Simplify samples/swtpm-localca.in and delete swtpm-localca.2inst,
removing the now-unnecessary logic to selectively call swtpm_localca
from different locations (samples/ when running tests vs. /usr/bin/
post-installation).
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Nick Chevsky [Wed, 21 Jul 2021 18:09:33 +0000 (13:09 -0500)]
Move swtpm_setup.conf.in from etc/ to samples/
- Makes swtpm_setup.conf.in consistent with the rest of the sample
configuration files in swtpm, whose templates ship in samples/ and
install the generated files to /etc.
- Works around dh_missing(1) erroneously reporting swtpm_setup.conf as
non-installed due to its having two copies in the build tree (one in
etc/ and another in debian/tmp/etc/).
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Nick Chevsky [Wed, 21 Jul 2021 20:30:44 +0000 (15:30 -0500)]
Remove swtpm.spec from .gitignore
Even though swtpm.spec is an auto-generated file, the author would
like to keep it in the repository for ease of installing dependencies
during development. As long as the file is meant to be versioned, it
should not be in .gitignore. Discussion for context:
https://github.com/stefanberger/swtpm/pull/496#issuecomment-884432135
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Stefan Berger [Tue, 13 Jul 2021 15:03:18 +0000 (11:03 -0400)]
samples: Replace swtpm_localca with script calling swtpm-localca (issue #482)
Replace the binary swtpm_localca with a script that now calls the binary
swtpm-localca, which is to be installed in $bindir.
So that we can use this for script for calling swtpm-localca during testing
(when it is not installed), write the script in such a way that it de-
termines whether there's swtpm-localca in the same directory and if not call
it from ${bindir}/swtpm-localca.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 14 Jul 2021 16:36:41 +0000 (12:36 -0400)]
swtpm_setup: Fix compiler errors when memcpy is a macro (Cygwin)
Since commit 502cb1129ad59 -D_FORTIFY_SOURCE=2 is passed to the gcc
command line resulting in memcpy() becoming a macro on Cygwin, which
then causes the following compiler errors due to the anonymous arrays
being used:
swtpm.c: In function ‘swtpm_tpm2_createprimary_ek_rsa’:
swtpm.c:686:26: error: macro "memcpy" passed 34 arguments, but takes just 3
686 | }, authpolicy_len);
| ^
In file included from /usr/include/string.h:180,
from swtpm.c:15:
/usr/include/ssp/string.h:97: note: macro "memcpy" defined here
97 | #define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
|
swtpm.c:682:9: error: statement with no effect [-Werror=unused-value]
682 | memcpy(authpolicy, (unsigned char []){
| ^~~~~~
swtpm.c:698:26: error: macro "memcpy" passed 50 arguments, but takes just 3
698 | }, authpolicy_len);
| ^
The solution is to surround the anonymous array definitions with '( )'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Eiichi Tsukata [Wed, 23 Jun 2021 03:50:32 +0000 (12:50 +0900)]
swtpm: Issue fsync to ensure state data reaches disk
Add fsync(2) before rename(2) for temp file to ensure data reaches disk
and for directory which containing state file to ensure directory entry
also reaches disk.
Tomasz Kłoczko [Fri, 11 Jun 2021 17:53:07 +0000 (18:53 +0100)]
build-sys: Call autoupdate and fix some resulting issues
autoreconf from autoconf 2.71 emmits a lot of warnings:
```
+ autoreconf -fiv
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
aclocal: warning: couldn't open directory 'm4': No such file or directory
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force -I m4
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
autoreconf: running: /usr/bin/autoconf --force
configure.ac:29: warning: The macro `AC_CONFIG_HEADER' is obsolete.
configure.ac:29: You should run autoupdate.
./lib/autoconf/status.m4:719: AC_CONFIG_HEADER is expanded from...
configure.ac:29: the top level
configure.ac:53: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:53: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:53: the top level
configure.ac:76: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:76: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:76: the top level
configure.ac:81: warning: The macro `AC_TYPE_SIGNAL' is obsolete.
configure.ac:81: You should run autoupdate.
./lib/autoconf/types.m4:776: AC_TYPE_SIGNAL is expanded from...
configure.ac:81: the top level
configure.ac:202: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:202: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:202: the top level
configure.ac:279: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:279: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:279: the top level
configure.ac:434: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:434: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:434: the top level
configure.ac:441: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:441: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:441: the top level
configure.ac:521: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:521: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:521: the top level
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:40: installing './compile'
configure.ac:43: installing './config.guess'
configure.ac:43: installing './config.sub'
configure.ac:41: installing './install-sh'
configure.ac:48: installing './missing'
samples/Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
autoreconf: Leaving directory '.'
```
Execute autoupdate to apply all those chenges and then cleanup that
in next commits.
Signed-off-by: Tomasz Kłoczko <kloczek@github.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 21 Jun 2021 21:01:18 +0000 (17:01 -0400)]
sample: swtpm-localca: Add missing else branch for pkcs11 and PIN
Add a missing else branch that was forgotten about when the code was trans-
lated from python. This now also gets the test case
test_tpm2_samples_create_tpmca to work again when it is run from the command
line. This test case doesn't work as part of the test suite due to
concurreny issues with other test cases using tpm2-abrmd at the same.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>