To avoid static analyzer warnings due to non-literal format strings being
used, wrap asprintf in TPMLIB_asprintf and call vasprintf from there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement TPMLIB_WasManufactured API call for a TPM 2 so that callers can
detect whether a TPM 2 instance was newly created and therefore the
profile that was set was also applied.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a new API call TPMLIB_SetProfile that enables a user to set a profile.
The user gets control over the name of the profile to apply and may supply
the algoritms to enable. The user does not get control over the individual
commands to enable.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Address a false positive issue detect by Coverity (CID 1517797)
about *buflen.
Per this assignment of buflen
cached_blobs[st].buflen = buffer ? buflen : BUFLEN_EMPTY_BUFFER;
the following is true:
If cached_blobs[].buffer is NULL then *buflen = BUFLEN_EMPTY_BUFFER
If cached_blobs[].buffer is not NULL then *buflen != BUFLEN_EMPTY_BUFFER
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older gcc versions are unhappy that some types declared by TPM 1.2
headers are re-declared by TPM 2 headers. All of these types have
the same UINT32 datatype and we can avoid having the re-declared
by introducing TPM_HAVE_TPM2_DECLARATIONS and inlcuding the TPM2
headers first and then the TPM 1.2 headers where we then do not re-
declare those datatypes that are clashing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce --with-tpm2 for ./configure to enable building with
TPM 2 functionality. Delay the building of TPM 2 code until more
patches are applied and the vTPM state that's created has a chance
of being backwards compatible.
Extend the libtpms API to allow user to choose version of TPM.
Missing functionality at this point:
- TPM 2 needs to be extended to serialize and deserialize its volatile state
- Handling of the establishment bit
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Clear all the cached states blobs set using TPMLIB_SetState if one
of them cannot be accepted.
Signed-off-by: Stfean Berger <stefanb@linux.vnet.ibm.com>
Expose the two new API calls TPMLIB_GetState() and TPMLIB_SetState().
Fix one parameter in the TPMLIB_GetState() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds APIs for getting and setting all types of state
blobs. We cache these blobs and allow them to be picked up when
the TPM starts. It will get any of these state blobs, if they
were set, before we go out and try to read the state blob from
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The EK certificates need information about the TPM specification that was
implemented. The best place to get the information from seems the TPM itself.
So we implement a function TPMLIB_GetInfo() to allow to query for the TPM
specification information and possibly other information in the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_ValidateState(), which is supposed to be used
for checking usability of state blobs before TPMLIB_MainInit()
is called or TPM_Startup has been sent to the TPM.
This function is useful to be called once TPM state blobs
have been migrated to a destination and we need to check
whether libtpms can use these state blobs and if not
we have a chance to fall back to the migration source host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also allow to get the minimum and maximum supported buffer size
with the TPMLIB_SetBufferSize() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_SetBufferSize() for setting the size of the I/O buffer
that the TPM may advertise. For TPM 1.2 the size remains fixed since the
TIS interface can handle the current 4096 bytes.
This function will be important for TPM 2 with a CRB interface that cannot
handle 4096 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the dprintf call to use a format parameter that otherwise causes
errors with gcc on certain platforms.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix compilation problems like the following:
/usr/local/lib/libtpms.so: undefined reference to `va_start'
/usr/local/lib/libtpms.so: undefined reference to `va_end'
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
vdprintf with a NULL parameter on the 3rd position crashes
on Linux. Replace it with dprintf.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add API calls TPMLIB_SetDebugFD(), TPMLIB_SetDebugLevel(),
TPMLIB_SetDebugPrefix().
Convert the internal printing of debugging strings to
correspond to the log level. Print the prefix in front
of every line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce an internal interface that allows us to reach TPM functionality
from the libary's API layer. This prepares the code for the addition
of a new API function that lets us choose which TPM to use, TPM 1.2 or
TPM2. Currently only TPM 1.2 functionality is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all TPM1.2 code to src/tpm12 directory. Adapt the Makefile.am
to point to tpm12 directory for the TPM1.2 sources.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement missing base64 decoder support when using OpenSSL library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This is the initial import of the libtpms library. The libtpms library
provides software emulation of a Trusted Platform Module (TPM). It is
intended to be used by applications when a hardware TPM is not adequate.
For example, a hypervisor can use libtpms to emulate an independent TPM
for each of it's virtual machine guests. The library provides a high-
level API for developers to integrate the emulated TPM support into
their application.
The code was originally written by Kenneth Goldman <kgoldman@us.ibm.com>
and Stefan Berger <stefanb@us.ibm.com>.
The code is licensed under the Modified BSD License.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
