Stefan Berger [Fri, 29 Mar 2019 16:19:15 +0000 (12:19 -0400)]
tests: Fix some issues with TPM 1.2 test
- Clean up state files in case the test suite was interrupted
- Allow running it from the test directory by creating an absolute
path for TESTDIR so we can find the patch file; error out in
case the patching fails
- Run test case 2 and 1 as well but ignore ERROR output in case
of test 1. The errors stem from us not restarting the TPM when
the test suite asks for it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 28 Mar 2019 23:10:57 +0000 (19:10 -0400)]
tests: Add test case running TPM 1.2 test suite
Add a test case that downloads the TPM 1.2 package from sourceforge,
patches a few files for OpenSSL compatibility, and runs a few test
cases of that test suite. Look for ERROR output in the test suite.
This test suite also provides better code coverage for libtpms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 25 Mar 2019 21:04:02 +0000 (17:04 -0400)]
tests: Use an empty options file in case options file is accessed
To prevent the test case from failing when an no --prefix is used
when configuring, use an empty options file via /dev/null. Otherwise
swtpm-localca starts looking for the options file in a place where
there is none.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 21 Mar 2019 17:17:17 +0000 (13:17 -0400)]
build-sys: Avoid prefix=NONE if no prefix is passed to configure
If no prefix is passed to the configure line we get prefix=NONE
in evaluations of variables that depend on prefix at this point.
If the user provides no --prefix we assume /usr/local as the
default and override the 'NONE' value we have at this point.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 14 Mar 2019 17:46:24 +0000 (13:46 -0400)]
Travis: Add libseccomp-dev to packages to install
Do not run the 'asan' test with seccomp compiled in since the asan
libraries seem to use syscalls that we blacklist in the seccomp
profile. In particular those are:
- clone
- sigaltstack
- ptrace
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 13 Mar 2019 22:27:53 +0000 (18:27 -0400)]
build-sys: Add libbsecomp to configure.ac
Implement support for --with-seccomp and --without-seccomp for Linux
systems with --with-seccomp being the default. On all other systems
--without-seccomp is the implicit default.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm-setup: follow XDG spec more closely for default config
According to the XDG spec,
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:
"If $XDG_CONFIG_HOME is either not set or empty, a default equal to
$HOME/.config should be used."
This fixes setting up a TPM with libvirt running in a user session.
It works by checking if configuration files are readable in the
directory priority order (XDG_CONFIG_HOME, then HOME, then SYSCONFDIR).
When libvirt is running as a system instance, $HOME isn't set, so it
will fall back on @SYSCONFDIR@ (/etc usually)
Stefan Berger [Fri, 1 Feb 2019 19:29:58 +0000 (14:29 -0500)]
Travis: Get Travis to submit to Coverity again
The extension of the travis.yml with the matrix broke the Coverity
submission. This patch fixes this. We have to build libtpms in
build_command_prepend since before_script now does something different.
We only build in task .1 and exit early on all the other ones if
we are using the coverity_scan git branch.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 28 Jan 2019 19:46:35 +0000 (14:46 -0500)]
tests: Fix error handling if pkcs11 test runs on x86_64 with i386 executable
Softhsm cannot be installed as an i386 executable/library and as
a x86_64 executable/library on a Fedora host. The pkcs11 test then
fails since it cannot pick up the libsofthsm.so needed for an i386
executable (swtpm_cert) on a x86_64 host. This fixes test run errors
for run_test.sh by skipping the test in case swtpm_cert returns
a specific error message related to not being able to import the
pkcs11 URI object.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 23 Jan 2019 21:39:13 +0000 (16:39 -0500)]
tests: Use wait_process_gone rather than sleep
Use wait_process_gone with 2 seconds timeout to wait for the swtpm to
have terminated after SIGTERM or connection loss. This avoids test
failures on slow Raspberry Pi 2.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 23 Jan 2019 17:56:13 +0000 (12:56 -0500)]
Make softhsm/pkcs11 test case work on Travis on OS X
We need to run the softhsm/pkcs11 test case as root (sudo) under OS X
so that we can write the file /etc/gnutls/pkcs11.conf. However, once
we run the tests as root we cannot run the 'brew ls' command anymore
since it refuses to run with high privileges. So, if we run as root we
need to use sudo to switch to the nobody user to run the 'brew ls'
command that gives us the name of the softhsm pkcs11 module.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 22 Jan 2019 21:46:58 +0000 (16:46 -0500)]
tests: Make the test case work on OS X
On OS X we need to be able to change /etc/gnutls/pkcs11.conf for
p11tool to pick up the softhsm pkcs11 module correctly. We need
(password-less) sudo to be able to do this.
Unforutnately this test case does not run on Travis since Travis
seems to require passwords under some circumstances.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 22 Jan 2019 20:59:24 +0000 (15:59 -0500)]
tests: Add test case that uses a pkcs11 URI for signing a cert
Use SoftHSM to create a pkcs11 URI and then use the pkcs11 URI
to sign the certificate of a TPM 2.0 with this key using swtpm-localca.
This test case works with softhsm >= 2.3.0 on Fedora and should work
with a recent version of Ubuntu. If an error is encountered setting
up the softhsm2 environment, we just skip the test.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 17 Jan 2019 23:45:55 +0000 (18:45 -0500)]
tests: Gate the IBM TSS 2 related test with SWTPM_TEST_IBMTSS2
Older versions of the IBM TSS2, such as in FC26 for example, behave
slightly different than the code in the test case expects (certain
files are not generated or may have a different name). So gate this
test case with SWTPM_TEST_IBMTSS2 environment variable so we don't run
it by default if the TSS tools are found and so we do not run into
possible errors due to an older version of the stack installed on the
system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 17 Jan 2019 11:27:23 +0000 (06:27 -0500)]
swtpm_setup: Use OSX specific function to get path of executable
OS X cannot resolve the path we get from genenv("_") when running a
test script on Travis (reason unknown). So we use _NSGetExecutablePath()
instead and display the path in the error message in case realpath()
fails.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 16 Jan 2019 13:49:51 +0000 (08:49 -0500)]
build-sys: Fix hard coded /etc path and replace with @SYSCONFDIR@
When the project is configured with --prefix=/usr/local several configuration
files are installed to /usr/local/etc but not read by the programs that
need them. This patch fixes this issue by replacing @SYSCONFDIR@ in the source
code of those files with the actual used path.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 30 Oct 2018 13:32:13 +0000 (09:32 -0400)]
swtpm_cert: Support PKCS11 URIs for a CA using a PKCS11 module for signing
For PKCS11 modules (such as SoftHSM) to sign a TPM EK or platform
certificate we use 'pkcs11:' prefixed URIs like those URIs for
TPM 1.2 starting with tpmkey:.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 22 Oct 2018 22:17:00 +0000 (18:17 -0400)]
samples: Escape the GnuTLS PKCS11 URL before using in command line
GnuTLS PKCS11 URLs have ';' in the string that we need to preserve for
passing to GnuTLS. So we escape the semicolons before using them on the
command line.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 22 Nov 2018 16:16:28 +0000 (11:16 -0500)]
swtpm_setup.sh: First send SIGTERM to processes then (later) SIGKILL
Implement terminate_proc, which first tries to gracefully terminate a
process and then, if synchronization is requested, waits for 1 second
for it to disappear and then kills it with SIGKILL if it didn't go away.
Use this function for stop_tpm and stop_tcsd, which will first try
to send a SIGTERM to a process assuming it will terminate while we
do something else and then, in case the process needs to be restarted,
make sure that it's gone before it is restarted.
This addresses an issue where previously SIGTERM was sent to a process
before it was restarted but the restarting failed due to the previous
process still holding a lock on the file because it wasn't able to react
to the SIGTERM fast enough.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 22 Nov 2018 20:46:09 +0000 (15:46 -0500)]
swtpm: Uninstall signal handler before closing notication file descriptor
Uninstall the signal handler before we close the signal handler's
notification file descriptor so that signals received after the file
descriptor is closed do not cause an error.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 19 Nov 2018 18:53:38 +0000 (13:53 -0500)]
swtpm: Coverity: Check msg parameter upon return from recvmsg
Make sure that the msg parameter passed into recvmsg wasn't modified
by the library and verify that the pointers and sizes it contains are
still valid after the call. This addresses an issue raised by Coverity.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sat, 17 Nov 2018 20:29:53 +0000 (15:29 -0500)]
build-sys: Set action-if-found in AC_CHECK_LIB where missing
Prevent the LIBS variable from collecting all kinds of libraries
by setting the action-if-found parameter in AC_CHECK_LIB. This
avoid linking of executables with unnecessary libraries.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Fri, 9 Nov 2018 20:01:09 +0000 (15:01 -0500)]
samples: Enable support for well known SRK password (TPM 1.2)
If tpmtool supports --srk-well-known we also support the well known
SRK password and allow the user not to provide an SRK password on
the command line.
This patch should have been applied before the previous patch that
tests this. Luckily, only very few systems have tpmtool with
--srk-well-known so that the order would matter there (and cause test
failures).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 6 Nov 2018 21:19:13 +0000 (16:19 -0500)]
tests: Extend swtpm-create-tpmca test with 'well known' password
Extend the swtpm-create-tpmca test with test cases using the
'well known' password of 20 zero bytes if tpmtool supports the
--srk-well-known option.
Besides that, extend the existing test to actually use the TPM CA
for signing a TPM 1.2 or TPM 2 (test) EK and check the contents of the
certificate by grepping through the text info provided by certtool.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 7 Nov 2018 14:40:32 +0000 (09:40 -0500)]
swtpm_cert: use hashAlgo as parameter for signing certificates
Ceritficates for a TPM 2 have to be signed using SHA256 and those for
a TPM 1.2 have to be signed using SHA1 (following specs). We can use
either of these algorithms when using the GnuTLS TPM support since it
will create the hash and have the TPM 1.2 sign whatever it created.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Tue, 6 Nov 2018 20:03:41 +0000 (15:03 -0500)]
swtpm_setup: Leave swtpm_setup.sh ownership to root
swtpm_setup.sh does not need to be owned by tss:tss and in the
Fedora package it's not even allowed. So remove the install hook
that was changing the ownership.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 1 Nov 2018 20:35:40 +0000 (16:35 -0400)]
samples: Return result code from expect script to caller
Return the result code from the expect script to the caller.
Also, display possible log messages in case the private key file
was not written properly.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 5 Nov 2018 18:22:13 +0000 (13:22 -0500)]
tests: Add a test case for the TPM CA setup script
Run the TPM CA setup script with a local swtpm and tcsd instance.
We have to take ownership of the TPM and set its SRK passwork so
that the TPM CA setup script can create a signing key as a child
key of the SRK.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Mon, 5 Nov 2018 18:19:17 +0000 (13:19 -0500)]
swtpm_setup: Implement option to backup TCSD's system_ps_file
Implement the --tcsp-system-ps-file option to make a backup of
TCSD's system_ps_file for later use of the setup TPM with the
TCSD. We need this for a test case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 25 Oct 2018 00:21:59 +0000 (20:21 -0400)]
swtpm: Have the CUSE TPM return the original TPM start error code
Have the CUSE TPM return the TPM start error, particularly
TPM_DECRYPT_ERROR in case a wrong key was passed, rather than the plain
TPM_FAIL error code. This was a difference with the 'other' swtpm
interfaces that already returned the original error code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Wed, 17 Oct 2018 12:15:16 +0000 (08:15 -0400)]
samples: Add support for password protected root CA priv. key
Support creation and usage of the root CA with a password protected
private key. The root CA's key password can be set using the environment
variable SWTPM_ROOTCA_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 11 Oct 2018 12:44:09 +0000 (08:44 -0400)]
samples: Enable support for TPM 1.2 signing keys for cert signing via GnuTLS
GnuTLS can use TPM 1.2 keys for signing. For this we just need to support
key URLs in the GnuTLS format:
tpmkey:uuid=...
tpmkey:file=...
We don't try to read these URLs as files but pass them through as URLs to
the swtpm_cert tool that will then try to sign with the TPM 1.2 key by
passing the URL to GnuTLS API calls.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Sat, 6 Oct 2018 21:41:53 +0000 (17:41 -0400)]
swtpm: Rename crypto functions to have SWTPM prefix
The crypto functions for AES encryption and decryption clash with crypto
function names of libtpms. Avoid this by prefixing them with SWTPM_ instead
of TPM_.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 1 Oct 2018 20:42:51 +0000 (16:42 -0400)]
SELinux: A few more rules needed by libvirt 4.4 on F28 for running QEMU
This patch adds rules that are needed for running QEMU with libvirt 4.4
on F28. This allows one to test the libvirt management stack and QEMU with
swtpm and SELinux in enforcing mode.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>