Stefan Berger [Sat, 30 Jun 2018 00:55:47 +0000 (20:55 -0400)]
swtpm: Encrypt the data with a random IV every time
Whenever we encrypt the data we generate a new random IV and append a
tlv block with the IV to the byte stream. We mark the IV with different
tags depending on whether they are for the migration data or the (TPM)
data directly. All IVs are part of the HMAC and are added to it after
the data blob.
Adjust test cases that now return larger sizes of data. A constant
checksum over the data cannot be expected anymore, thus we have to remove
the verification of the checksum over the returned state (IV changes
every time).
The size of the blobs grow by 22 bytes, 6 for the tlv header, 16 bytes
for the IV (128 bit AES key).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 29 Jun 2018 20:57:24 +0000 (16:57 -0400)]
swtpm: Get the IV from a tag-length-value block in the data stream
Get the IV from a tlv block in the data stream. If none is found, which
is the case when reading older state, we get a NULL pointer for the IV
and call the functions with the NULL pointer, which provides backwards
compatibility.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 13 Apr 2018 22:14:40 +0000 (18:14 -0400)]
swtpm: Use tag-length-value blocks to store data in v2 format
Prepend tag-length-value (tlv) headers in front of all data being stored in
the byte stream following the header. This lets us uniquely identify plain
data (= TPM state), encrypted data (= encrytped TPM state), migration data
(which is wrapped plain or encrytped TPM state), and an HMAC block to
validate the plain data.
We keep support for version 1 for reading the data but convert them to
version 2 when writing them out. This way we loose backwards compatibility
(downgrading of swtpm is not possible), but it allows us to extend the state
in the future by adding addition blocks with tlv headers.
Version 1 of the encryption was prepending the hash on the plaintext data
then encrypting all of it. This method is not so good. In version 2 we now
use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an
HMAC on the encrypted data.
Files written by the swtpm didn't have a header before. Now they also get a
header. This means that the state written into files and the state retrieved
using the API (swtpm_ioctl --save) have the same format, but still differ
in so far as the API wraps the data in a tlv header for migration, which the
files written out as state would never get.
Adapt a couple of test cases show file sizes and hashes have changed now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 11 Jun 2018 14:35:10 +0000 (10:35 -0400)]
tests: Skip CUSE tests if not compiled with CUSE interface
Check for a '#define WITH_CUSE 1' line in config.h to determine whether
the swtpm was compiled with the CUSE interface and skip the tests with
the CUSE interface if no such line can be found.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 4 Jun 2018 19:41:54 +0000 (15:41 -0400)]
test: Add PKG_CONFIG_PATH in front of configure for i386
More recent glib-2.0 needs a specific different include files for
32 and 64 bit x86 architectures. We get this through pkg-config but
need to set its search path accordingly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 14 May 2018 20:46:07 +0000 (16:46 -0400)]
Use memcpy rather than strncpy and leave note in code
Coverity found that the usage of strncpy may leave an unterminated
string. In this case it is ok, if the string is unterminated since
it would only be the part of a response and the client would have
to collect all the parts as indicated by the total length of the
string. So we use memcpy instead and leave a note in the code. So
far the strings would not nearly be 3k to get close to the maximum.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 14 May 2018 13:03:09 +0000 (09:03 -0400)]
Use TPMLIB_SetState to set state blobs
Rather than writing to files directly and having to validate the state in
those files using TPMLIB_ValidatetState(), we now use the new
TPMLIB_SetState() call to set the TPM's state blobs. The advantage of this
call is that it doesn't overwrite state files and ends up leaving state in
files that the TPM cannot use. Instead, it validates the state immediately
when the blob is set and returns an error in case the state cannot be
accepted.
We need to adapt one test case that now gets a failure earlier than before.
Before the TPM_INIT failed, now setting the encrypted blob fails because it
cannot be decrypted and thus cannot be accepted by the TPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 5 May 2018 05:02:28 +0000 (01:02 -0400)]
samples: remove the TPM attribute parameters from the options file
Since swtpm_setup now uses the swtpm_ioctl tool to get some of the
TPM attributes directly from the TPM, we don't need to pass these
options via the options file anymore.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Simplify the two's complement implementation by converting the number
into a big endian and writing it out into a byte array that is prefixed
with a 0-byte. This covers all unsigned ints while the previous imple-
mentation would have been wrong once the number exceeded 255.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 4 May 2018 17:41:41 +0000 (13:41 -0400)]
tests: wait for 0.5 seconds before swtpm must be gone
To avoid test failures in test_ctrchannel2 due to the swtpm process
still running after it has removed the PID file, give it 0.5 seconds
to actually terminate.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 4 May 2018 15:23:46 +0000 (11:23 -0400)]
swtpm_cert: Use certificate specific OIDs in Extended Key Usage field
Create ASN.1 for the Extended Key Usage field for the EK certificate
that has the oid 2.23.133.8.1 and for the platform certificate the
oid 2.23.133.8.2. Both are registered OIDs:
Stefan Berger [Wed, 7 Feb 2018 01:57:28 +0000 (20:57 -0500)]
sample: propagate and log error if swtpm_cert is missing
If the swtpm_cert was missing, nothing was reported in the error log. Change
this and report it in the error log rather than writing the error in the
certificate file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sun, 22 Apr 2018 01:49:03 +0000 (21:49 -0400)]
swtpm_ioctl: implement --info option to get implementation info
Implement the --info option that takes a flag as an argument
and returns information about the TPM implementation. Only the
value '1' has been defined for now, which returns a line as
the following:
Stefan Berger [Tue, 17 Apr 2018 12:58:04 +0000 (08:58 -0400)]
swtpm_cert: Error out if the Authority Key Id could not be gotten
Since the EK cert must have an Authority Key Id, we error out if
the signing certificate we are given does not have an Authority
Key Id. The typical reason why it wouldn't have it is that we are
using a self-signed (rootCA) certificate directly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 12:52:26 +0000 (08:52 -0400)]
samples: Create a root CA that signs the cert used for creating TPM certs
We are currently missing the Authority Key Id in the certificate used for
creating the EK cert. To get this, we create a root CA for our local CA
and use that root CA to sign the local CA's certificate. Our local
CA is now an intermediate CA and the Authority Key Id can now be copied
into the EK cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 14:02:14 +0000 (10:02 -0400)]
swtpm_setup: run exec in a subshell when suppressing errors
To not loose stderr we have to run the exec command in a subshell
and suppress the output of the subshell otherwise the exec command
seems to close stderr on us.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 12 Apr 2018 17:17:37 +0000 (13:17 -0400)]
swtpm_cert: Implement --add-header option for adding TPM 1.2 NVRAM header
TPM 1.2 certificates need a header when written to NVRAM. This patch
adds a --add-header option for this and prepends the header to.
Also see TCG PC Specific Inmplementation Specification section 7.4.4 and
7.4.5.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 9 Apr 2018 16:06:47 +0000 (12:06 -0400)]
selinux: replace swtpmcuse_svirt with swtpm_svirt
Replace the previously used swtpmcuse_svirt type of policy with
swtpm_svirt. This policy contains the minimum set of rules necessary
to start swtpm from within libvirt.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 5 Apr 2018 17:12:21 +0000 (13:12 -0400)]
swtpm: Also remove pidfile at end if fd was passed
Address the issue that the pidfile needs to be removed at the end if
a file descriptor was passed in. So we have to look up the file
given the file descriptor and by using /proc/self/fd/.
We also want to make sure that the given file descriptor describes
a regular file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 28 Mar 2018 02:00:17 +0000 (22:00 -0400)]
Register libtpms callbacks a lot earlier
Create tpmlib_register_callbacks and call it to register the
libtpms callbacks a lot earlier. Before it was done in tpmlib_start,
which was invoked by CMD_INIT, which was after state blobs could
have been set already.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 17 Feb 2018 19:11:55 +0000 (14:11 -0500)]
swtpm: Validate state blobs after setting them
Validate the state blobs after they have been set (during
state migration) so that we can fall back to the migration
source in case they are not accepted by the TPM.
This patch requires the latest version of libtpms 0.6
from the master branch.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 12 Feb 2018 15:10:31 +0000 (10:10 -0500)]
swtpm_setup: Strictly use passwords as specified by user
Use the passwords as specified by the user also when only temporarily
taking ownership. Use the zero password in case nothing has been
provided by the user. This is a first step to loosen the dependency
on expect, which pulls in too many dependencies.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 14:07:42 +0000 (09:07 -0500)]
swtpm: loop in case poll sets errno EINTR
In case the poll() is interrupted by a signal handler and we
get EINTR, we loop again assuming that the signal handler will
send us a notification to end.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 13:54:30 +0000 (08:54 -0500)]
swtpm: close client file descriptor if POLLERR is indicated
POLLERR is indicated in some error cases when using the chardev with the
vtpm_proxy with runc. In case the flag is set, we terminate the client
connection rather than endlessly looping.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 13:51:27 +0000 (08:51 -0500)]
swtpm: Refuse to accept passed file descriptors < 3
File descriptors 0, 1, and 2, when used for file descriptor passing,
as is the case in some older version of runc/docker-ce (17.06), do
not work. So we refuse accepting these values and log the error message.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 21 Dec 2017 01:15:59 +0000 (20:15 -0500)]
swtpm_setup: Only pass through vmid parameter if it was set
Only pass through the vmid parameter to the tool creating the cert
if this parameter was set. The tool creating the cert may require
it or ignore it and is supposed to be able to track certificates
for which it minted certs using this parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 7 Dec 2017 22:50:14 +0000 (17:50 -0500)]
swtpm_ioctl: check for filename and input NULL pointers
Check whether filename and input pointers are NULL pointers.
Per previous code this is currently not possibly but should
resolve some issues with Coverity.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 14 Nov 2017 12:57:53 +0000 (07:57 -0500)]
tests: Extend encrypted state test to check for unmodified state
Extend the encrypted state test with a test case using a wrong key
for decrypting the state and make sure that the init fails and the
state files remain unmodified.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>