Event sequence objects were never properly marshalled and when their state
was saved and later restored their state may have been corrupted. Fix this
now by also marshalling the state of event sequence objects.
Bump up the version of the HASH_OBJECT's header to '3' so that previously
written state can be resumed if an event sequence object is encountered
and we only unmarshal an event sequence object when the version is at least
'3'.
Fixes issue #259.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The NVRAM entries in s_indexOrderlyRam array do not need to contain a
0-sized terminating node. Instead, the entries may fill up this 512
byte array so that no NV_RAM_HEADER structure fits anymore. The fact
that no more NV_RAM_HEADER structure fits is also an indicator for the
last entry. We need to account for this in the code marshalling and
unmarshalling the entries so that we stop marshalling the entries
then and similarly stop unmarshalling.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a whole OBJECT before using it. This is necessary since
an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT
union and that HASH_OBJECT can leave bad size inidicators in TPM2B
buffer in the OBJECT. To get rid of this problem we reset the whole
OBJECT to 0 before using it. This is as if the memory for the
OBJECT was just initialized.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since swtpm_setup has been rewritten in 'C' now we can drop a few
python dependencies but need libjson-glib-dev as a new dependency
for testing with swtpm's master branch.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Restore the original value of the memory location where data from
a stream was unmarshalled and the unmarshalled value was found to
be illegal. The goal is to not keep illegal values in memory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add maxSize parameter to TPM2B_Marshal and assert on it checking
the size of the data intended to be marshaled versus the maximum
buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reset the buffer size indicator in a TPM2B type of buffer after it failed
the test for the maximum buffer size it allows. This prevents having bad
buffer sizes in memory that can come to haunt us when writing the volatile
state for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Run autoupdate on configure.ac and address the following issues:
configure.ac:10: warning: 'AM_CONFIG_HEADER': this macro is obsolete.
configure.ac:10: You should use the 'AC_CONFIG_HEADERS' macro instead.
./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
aclocal.m4:1071: AM_CONFIG_HEADER is expanded from...
configure.ac:10: the top level
configure.ac:31: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:31: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:31: the top level
configure.ac:72: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:72: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:72: the top level
configure.ac:90: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:90: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:90: the top level
configure.ac:253: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:253: You should run autoupdate.
m4/libtool.m4:99: AC_PROG_LIBTOOL is expanded from...
configure.ac:253: the top level
configure.ac:258: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:258: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:258: the top level
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes a VM suspend/resume issue when externally loaded public
keys are involved.
This patch addresses the bug reported in issue #195 where the saving of
an externally loaded public key's context doesn't work due to the usage of
ANY_CONTEXT_SAVE for saving key contexts. This patch fixes the issue by
creating local versions of TPM_SENSITIVE_Marshal/_Unmarshal that deals
with the case where sensitiveType is not a type of private key but a
public key instead that basically doesn't have much information in
TPM_SENSITIVE but is all zeros instead.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use TPM_PrintFourLimit in those cases where less than 4 bytes of
valid data may exist. Hashes, nonces, encrypted data, and others
typically have more than 4 bytes but data read from NVRAM or
to be encrypted data may have less.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
UBSAN detects possibly misaligned address when reading out of the
TPM 2's NVRAM and when writing back into it. The NV_RAM_HEADER may
be unaligned like this:
tests/test_tpm2_save_load_state_3.log:tpm2/Marshal.c:117:29: \
runtime error: load of misaligned address 0x7ffcb53b3bca for type 'UINT32', which requires 4 byte alignment
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix PCRBelongsTCBGroup by adjusting the set of PCRs that belong to the TCB
Group. The effect of this is that PCR changes to PCR 16 (for example) do
not change the pcrUpdateCounter anymore. The effect *should not* have any
negative side effects when using the TPM.
We also need to update the test cases that now show a different
pcrUpdateCounter in the responses. Also 'swtpm' test cases need
to be fixed to expect the changed result.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add missing EC Curve cases in Unmarshal function.
Also, don't accept curves that are not usable during runtime because OpenSSL
may not support them.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Backported for gcc 10.
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
The above gcc on x86 with -O3 reports the following false positives:
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_nvram.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_nvram.Tpo -c tpm12/tpm_nvram.c -o tpm12/libtpms_tpm12_la-tpm_nvram.o
tpm12/tpm_nvram.c: In function ‘TPM_Process_NVReadValue’:
tpm12/tpm_nvram.c:1539:38: error: ‘isGPIO’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if ((returnCode == TPM_SUCCESS) && !isGPIO) {
^
tpm12/tpm_nvram.c: In function ‘TPM_Process_NVWriteValue’:
tpm12/tpm_nvram.c:2323:6: error: ‘isGPIO’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!isGPIO) {
^
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_process.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_process.Tpo -c tpm12/tpm_process.c -o tpm12/libtpms_tpm12_la-tpm_process.o
tpm12/tpm_process.c: In function ‘TPM_Process_GetCapabilitySigned’:
tpm12/tpm_process.c:5089:19: error: ‘transportEncrypt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_ProcessAudit(tpm_state,
^
tpm12/tpm_process.c: In function ‘TPM_Process_SetCapability’:
tpm12/tpm_process.c:5309:19: error: ‘transportEncrypt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_ProcessAudit(tpm_state,
^
tpm12/tpm_process.c: At top level:
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_transport.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_transport.Tpo -c tpm12/tpm_transport.c -o tpm12/libtpms_tpm12_la-tpm_transport.o
tpm12/tpm_transport.c: In function ‘TPM_Process_ReleaseTransportSigned’:
tpm12/tpm_transport.c:2810:42: error: ‘t1TpmTransportInternal’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_TransportLogOut_Extend(t1TpmTransportInternal->transDigest,
^
This patch initializes the variables.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Backported for gcc 10.
gcc (Ubuntu 9.2.1-21ubuntu1) 9.2.1 20191130
The gcc compiler on Ubuntu Focal reports several false positives for
potentially uninitialized variables:
tpm12/tpm_session.c: In function ‘TPM_Process_SaveContext’:
tpm12/tpm_session.c:3229:19: error: ‘tpm_auth_session_data’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
3229 | returnCode = TPM_AuthSessionData_Store(&r1ContextSensitive, tpm_auth_session_data);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tpm12/tpm_delegate.c: In function ‘TPM_Process_DelegateManage’:
tpm12/tpm_delegate.c:1787:49: error: ‘familyRow’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
1787 | if ((opCode != TPM_FAMILY_CREATE) && (familyRow->flags & TPM_DELEGATE_ADMIN_LOCK)) {
| ~~~~~~~~~^~~~~~~
tpm12/tpm_delegate.c: In function ‘TPM_Process_DelegateUpdateVerification’:
tpm12/tpm_delegate.c:3575:48: error: ‘d1DelegateTableRow’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
3575 | d1DelegateTableRow->pub.verificationCount = familyRow->verificationCount;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All of the variables are initialize under the same condition as they are
accessed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This is a backport of 2da6f27c33.
Some TDES related marshalling and unmarshalling functions were
missing, so add them. Now TDES keys can be created.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This is a backport of e58cbdd4fd.
This patch fixes a bug described in the following TCG Document
ERRATA; Errata Version 1.9, August 23, 2019; For TCG Trusted Platform
Module Library; Family "2.0", Level 00, Revision 1.38, Sept 29, 2016
section 2.34: NV PIN Indices
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix a potential buffer overflow bug in the creation of filenames
that were using sprintf() rather than snprintf(). The buffer overflow
could occurr if the buffer is longer than 4096 bytes. The state path
may alone be 4096 bytes and could possibly trigger the overflow.
Swtpm for example is not affected from this since it uses the callbacks
that are invoked before the faulty function is called.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the size of the available data before hashing them. A minimum
of 20 bytes needs to be passed into the function so that we can hash
the data 'before' it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reported-by: Yi Ren <yunye.ry@alibaba-inc.com>
Add some missing #define TPM_HAVE_TPM2_DECLARATIONS before the include
of "tpm_library_intern.h" in TPM 2 code so we don't run into compile
errors on RHEL 6 when data types are redefined in TPM 1.2 code.
Previous patch 73cad883ba seems to have missed those.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some OpenSSL EC API calls are deprecated starting in OpenSSL 1.2
and may fail the build due to the #warning they produce.
The affected functions have been renamed and consolidated with
other functions inside OpenSSL:
- EC_POINT_set_affine_coorindates_GFp
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/ec/ec_lib.c#L730
- EC_POINT_get_affine_coordinates_GFp
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/ec/ec_lib.c#L768
On both functions the suffix _GFp has been removed by the renaming.
We need to call the new functions if OPENSSL_API_COMPAT is defined
and is >= 0x10200000L.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some man pages were not installed due to a typo in the name of
the variable. This patch fixes the issue.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Set the version to 0.6.0-1 for a release. Cheat a bit on the previous
version by changing the suffix to ~dev from -dev.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
