Rev 155 code defines MAX_SM4_KEY_BITS = 0 and MAX_CAMELLIA_KEY_BITS = 0
since both algorithms are not enabled. To be able to read old state
we now replace the usage of the #defines with hard coded values that
have no further meaning. If we ever activate the algoritms, we have to
extend the state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Keep the size of PRIVATE_VENDOR_SPECIFIC_BYTES. Changing its size would
change the size of an Object, which we don't want since Objects are in
NVRAM memory and now more would fit than before. Fitting more is not the
problem but the state cannot be downgraded anymore since an earlier
implementation would require more bytes per Object and would not allow
fitting them all anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Return an error code from TPM2_Shutdown in case an unknown shutdown
type code was given. Before that a failure was returned, which should
never have happened since the unmarshal function for parsing the shutdown
code would have caused an error when the command was parsed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add 2 more tests checking the size of arrays in the PERSISTENT_DATA
structure which expand with new commands.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Run some additional IBM TSS2 related tests for better code
coverage. We need to switch to Bionic to get the tss2 package.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We need to inform debhelper that it will be driving the action using autotools.
edit `debian/control` field `Build-Depends`: add `autotools-dev` and
`dh-autoreconf`
edit `debian/rules`:
* change the default target `%` to invoke `dh` with `autotools-dev` and
`autoreconf`
* remove from `override_dh_auto_configure` the invocation to `./autogen.sh`
obsoleted by `dh-autoreconf`
This patch addresses the following false positives on Ubuntu Trusty
on x86_64:
tpm12/tpm_process.c: In function ?TPM_Process_GetCapability?:
tpm12/tpm_process.c:3521:35: error: ?transportEncrypt? may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_ProcessAudit(tpm_state,
^
tpm12/tpm_counter.c: In function ?TPM_Process_IncrementCounter?:
tpm12/tpm_counter.c:421:27: error: ?counterValue? may be used uninitialized in this function [-Werror=maybe-uninitialized]
rc = TPM_Sbuffer_Append32(sbuffer, tpm_counter_value->counter);
^
tpm12/tpm_counter.c:791:24: note: ?counterValue? was declared here
TPM_COUNTER_VALUE *counterValue; /* The counter value */
^
tpm12/tpm_key.c: In function ?TPM_KeyParms_CheckProperties?:
tpm12/tpm_key.c:1959:42: error: ?tpm_rsa_key_parms? may be used uninitialized in this function [-Werror=maybe-uninitialized]
rc = TPM_KeyParams_CheckDefaultExponent(&(tpm_rsa_key_parms->exponent));
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
The above gcc on x86 with -O3 reports the following false positives:
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_nvram.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_nvram.Tpo -c tpm12/tpm_nvram.c -o tpm12/libtpms_tpm12_la-tpm_nvram.o
tpm12/tpm_nvram.c: In function ‘TPM_Process_NVReadValue’:
tpm12/tpm_nvram.c:1539:38: error: ‘isGPIO’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if ((returnCode == TPM_SUCCESS) && !isGPIO) {
^
tpm12/tpm_nvram.c: In function ‘TPM_Process_NVWriteValue’:
tpm12/tpm_nvram.c:2323:6: error: ‘isGPIO’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!isGPIO) {
^
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_process.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_process.Tpo -c tpm12/tpm_process.c -o tpm12/libtpms_tpm12_la-tpm_process.o
tpm12/tpm_process.c: In function ‘TPM_Process_GetCapabilitySigned’:
tpm12/tpm_process.c:5089:19: error: ‘transportEncrypt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_ProcessAudit(tpm_state,
^
tpm12/tpm_process.c: In function ‘TPM_Process_SetCapability’:
tpm12/tpm_process.c:5309:19: error: ‘transportEncrypt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_ProcessAudit(tpm_state,
^
tpm12/tpm_process.c: At top level:
gcc -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -O3 -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_transport.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_transport.Tpo -c tpm12/tpm_transport.c -o tpm12/libtpms_tpm12_la-tpm_transport.o
tpm12/tpm_transport.c: In function ‘TPM_Process_ReleaseTransportSigned’:
tpm12/tpm_transport.c:2810:42: error: ‘t1TpmTransportInternal’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
returnCode = TPM_TransportLogOut_Extend(t1TpmTransportInternal->transDigest,
^
This patch initializes the variables.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The -O3 passed to the ppc64el gcc-5 compiler on Ubuntu 16.04 causes
the following false positives:
gcc-5 -DHAVE_CONFIG_H -I. -I.. -include tpm_library_conf.h -I../include/libtpms -I../include/libtpms -fstack-protector-strong -DTPM_V12 -DTPM_PCCLIENT -DTPM_VOLATILE_LOAD -DTPM_ENABLE_ACTIVATE -DTPM_AES -DTPM_LIBTPMS_CALLBACKS -DTPM_NV_DISK -DTPM_POSIX -DTPM_NOMAINTENANCE_COMMANDS -g -O3 -fstack-protector-strong -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1 -DUSE_OPENSSL_FUNCTIONS_EC=1 -DUSE_OPENSSL_FUNCTIONS_ECDSA=0 -DUSE_OPENSSL_FUNCTIONS_RSA=0 -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -MT tpm12/libtpms_tpm12_la-tpm_session.lo -MD -MP -MF tpm12/.deps/libtpms_tpm12_la-tpm_session.Tpo -c tpm12/tpm_session.c -o tpm12/libtpms_tpm12_la-tpm_session.o
tpm12/tpm_session.c: In function ‘TPM_Process_SaveContext’:
tpm12/tpm_session.c:3056:16: error: ‘contextIndex’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
uint32_t contextIndex; /* free index in context list */
^
tpm12/tpm_session.c: In function ‘TPM_Process_SaveAuthContext’:
tpm12/tpm_session.c:4934:16: error: ‘contextIndex’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
uint32_t contextIndex; /* free index in context list */
^
This patch initializes these variables to 0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
gcc (Ubuntu 9.2.1-21ubuntu1) 9.2.1 20191130
The gcc compiler on Ubuntu Focal reports several false positives for
potentially uninitialized variables:
tpm12/tpm_session.c: In function ‘TPM_Process_SaveContext’:
tpm12/tpm_session.c:3229:19: error: ‘tpm_auth_session_data’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
3229 | returnCode = TPM_AuthSessionData_Store(&r1ContextSensitive, tpm_auth_session_data);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tpm12/tpm_delegate.c: In function ‘TPM_Process_DelegateManage’:
tpm12/tpm_delegate.c:1787:49: error: ‘familyRow’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
1787 | if ((opCode != TPM_FAMILY_CREATE) && (familyRow->flags & TPM_DELEGATE_ADMIN_LOCK)) {
| ~~~~~~~~~^~~~~~~
tpm12/tpm_delegate.c: In function ‘TPM_Process_DelegateUpdateVerification’:
tpm12/tpm_delegate.c:3575:48: error: ‘d1DelegateTableRow’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
3575 | d1DelegateTableRow->pub.verificationCount = familyRow->verificationCount;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All of the variables are initialize under the same condition as they are
accessed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses the following valgrind issue detetcted by swtpm test suite:
== Syscall param write(buf) points to uninitialised byte(s)
==3515669== at 0x4DC14B7: write (in /usr/lib64/libc-2.30.so)
==3515669== by 0x48547FB: write_full (utils.c:242)
==3515669== by 0x48548F3: writev_full (utils.c:301)
==3515669== by 0x48520A6: SWTPM_IO_Write (swtpm_io.c:229)
==3515669== by 0x4850662: mainLoop (mainloop.c:282)
==3515669== by 0x402BE7: swtpm_main (swtpm.c:497)
==3515669== by 0x4CF61A2: (below main) (in /usr/lib64/libc-2.30.so)
==3515669== Address 0x52413a2 is 34 bytes inside a block of size 2,006 alloc'd
==3515669== at 0x483980B: malloc (vg_replace_malloc.c:309)
==3515669== by 0x48548A1: writev_full (utils.c:287)
==3515669== by 0x48520A6: SWTPM_IO_Write (swtpm_io.c:229)
==3515669== by 0x4850662: mainLoop (mainloop.c:282)
==3515669== by 0x402BE7: swtpm_main (swtpm.c:497)
==3515669== by 0x4CF61A2: (below main) (in /usr/lib64/libc-2.30.so)
==3515669== Uninitialised value was created by a stack allocation
==3515669== at 0x4953993: TPM2_Load (ObjectCommands.c:132)
==3515669==
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Revert the changes trying to use strncpy to now use strcpy again.
Recent compilers complain like this:
tpm12/tpm_nvfile.c: In function ‘TPM_NVRAM_Init’:
tpm12/tpm_nvfile.c:138:9: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
138 | strncpy(state_directory, tpm_state_path, length + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tpm12/tpm_nvfile.c:130:18: note: length computed here
130 | length = strlen(tpm_state_path);
| ^~~~~~~~~~~~~~~~~~~~~~
tpm12/tpm_nvfile.c: At top level:
cc1: error: unrecognized command line option ‘-Wno-self-assign’ [-Werror]
cc1: all warnings being treated as errors
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some TDES related marshalling and unmarshalling functions were
missing, so add them. Now TDES keys can be created.
Signed-off-by: stefan Berger <stefanb@linux.ibm.com>
This patch fixes a bug described in the following TCG Document
ERRATA; Errata Version 1.9, August 23, 2019; For TCG Trusted Platform
Module Library; Family "2.0", Level 00, Revision 1.38, Sept 29, 2016
section 2.34: NV PIN Indices
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We define USE_SPEC_COMPLIANT_PROOFS which overrides PRIMARY_SEED_SIZE in
Implentation.h and cause PRIMARY_SEED_SIZE to be set to 64. Nevertheless,
adjust the value in Implementation.h.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not go by the toTest vector when it comes to testing symmetric
crypto modes since those bits may have been cleared elsewhere.
Check the implemented algorithm vector instead for whether the
mode is implemented.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a missing break statement to the EVP function selectors
based on algorithm. So far this missing break statement had
not negative effect since no other algoritms are in use in
case statements below the TDES.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use TPM_PrintFourLimit in those cases where less than 4 bytes of
valid data may exist. Hashes, nonces, encrypted data, and others
typically have more than 4 bytes but data read from NVRAM or
to be encrypted data may have less.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Avoid the accumulation of -lcrypto while testing for symbols in the -lcrypto
library by saving the LIBS variable before doing the series of tests.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
