Runtime-disabling any hash algorithm also means that the corresponding
hash bank must be disabled as well. In case the SHA-1 bank is disabled,
the output of TPM2_GetCapability must therefore filter-out the SHA-1 bank
that is still compiled-in but otherwise cannot be used.
$ tssgetcapability -cap 5
3 PCR selections
hash TPM_ALG_SHA256
TPMS_PCR_SELECTION length 3
ff ff ff
hash TPM_ALG_SHA384
TPMS_PCR_SELECTION length 3
ff ff ff
hash TPM_ALG_SHA512
TPMS_PCR_SELECTION length 3
ff ff ff
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Rather than returning the hardcoded number of commands for the
TPM_CAP_TPM_PROPERTIES capability return the number of commands
that are currently enabled due to the active profile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x40 --tcp :2322 | jq
{
"AvailableProfiles": [
{
"Name": "default-v1",
"StateFormatLevel": 4,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "This profile enables all currenly supported commands and algorithms. It is applied when the user chooses no profile."
},
{
"Name": "null",
"StateFormatLevel": 1,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "The profile enables the commands and algorithms that were enabled in libtpms v0.9. This profile is automatically used when the state does not have a profile, for example when it was created by libtpms v0.9 or before."
},
...
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x20 --tcp :2322 | jq
{
"ActiveProfile": {
"Name": "null",
"StateFormatLevel": 1,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "The profile enables the commands and algorithms that were enabled in libtpms v0.9. This profile is automatically used when the state does not have a profile, for example when it was created by libtpms v0.9 or before."
}
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x10 --tcp :2322 | jq
{
"RuntimeCommands": {
"Implemented": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"CanBeDisabled": "0x11f,0x121-0x122,0x124-0x128,0x12a-0x12e,0x130,0x132-0x13b,0x13d-0x140,0x142,0x146-0x147,0x149-0x14d,0x14f-0x152,0x154-0x155,0x159,0x15b,0x15d-0x15e,0x160-0x164,0x167-0x168,0x16a-0x172,0x174,0x177-0x178,0x17b,0x17f-0x181,0x183-0x184,0x187-0x193,0x197,0x199-0x19a",
"Enabled": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"Disabled": ""
}
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend TPM2_GetInfo() to return information about runtime-enabled
algorithms like this:
$ swtpm_ioctl --info 8 --tcp :2322 | jq
{
"RuntimeAlgorithms": {
"Implemented": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"CanBeDisabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,camellia,cmac,ctr,ofb,cbc,ecb",
"Enabled": "rsa,rsa-min-size=1024,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,null,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Disabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist"
}
}
Also describe the JSON object in the TPMLIB_GetInfo man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Filter-out disabled commands so that the GetCapability() command does not
return them in the list of implemented/supported commands. Also prevent
them from being executable. Typically the check for whether a command
is enabled/disabled needs to be added around checks for whether the
IS_IMPLEMENTED flag is set on a command.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Enable all algorithms while unmarshalling state. Some state may contain
algorithms that are runtime-disabled and we need to allow those state
blobs to be readable.
While reading the volatile state save the currently enabled profile,
then set the default profile before unmarshalling the data, and then
restore the original profile.
When reading the permanent state enable the default profile first. At the
end the algorithms read from the state file will be applied.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Write the profile as part of PERMANENT_ALL state v4 and also read it from
the byte stream if the PERMANENT_ALL state has v4 or later.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Filter-out runtime-disabled algorithms from being reported in
TPM2_GetCapability and also don't run tests with runtime-disabled
algorithms during self-test.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement functions to set and check runtime-disabled algorithms. Use
these functions when the algorithm capabilities of the TPM 2 are
advertised via the TPM2_GetCapability command. However, it is not
sufficient to just suppress runtime-disabled algorithms in the return
value of this command but also certain code paths have to be instrumented
to check for disabled algorithms since they could otherwise lead to their
usage. Users are not required nor will they always look at the returned
values of TPM2_GetCapability but should still be prevented from using
runtime-disabled algorithms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Address the following Coverity complaint (1550494) by filtering out bad
input values:
"Expression i--, which is equal to 65535, where i is known to be equal
to 0, underflows the type that receives it, an unsigned integer 16 bits
wide."
aSize is typcially 2048 and n is always >= 1 per the input parameter.
Therefore no side-effects are expected from this filter.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Expression command->sessionNum - 1U, which is equal to 4294967295,
where command->sessionNum is known to be equal to 0, underflows the
type that receives it, an unsigned integer 32 bits wide."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint by removing assignment to offset:
"Assigning value from offset + 148UL to offset here, but that stored
value is overwritten before it can be used."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value rsa3072_object. Field rsa3072_object._pad is
uninitialized when calling MemoryCopy."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value eccPublic when calling TPMS_ECC_POINT_Unmarshal."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fedora Rawhide and CentOS 10 do not support OpenSSL engine anymore.
Therefore, replace include of engine.h with err.h since the engine is not
needed anyway but we only need the prototype of ERR_get_error_line_data.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace the check for several session attributes flags with a call
to IsCpHashUnionOccupied.
Note that the existing check for
session->u1.cpHash.b.size != 0 || session->attributes.isCpHashDefined
can be replaced with just session->attributes.isCpHashDefined since
isCpHashDefined is always assigned '1' (SET) when session.u1.cpHash
is given a value. isCpHashDefined is reset in SessionResetPolicyData()
as part of resetting all attribute flags and cpHash size is set to 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This fixes the build with LibreSSL 3.9.0 where many implicit
declarations for BN_, EVP_ and RSA_ functions occur which were
implicitly included before.
Signed-off-by: orbea <orbea@riseup.net>
Convert an OBJECT to a byte buffer suitable for writing into NVRAM
by calling NvObjectToBuffer and then copy the buffer into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Instead of copying an OBJECT directly from memory into NVRAM memory
determine the type of OBJECT (RSA vs. ECC etc.) and marshal the OBJECT
as ANY_OBJECT into a buffer and copy the buffer into NVRAM. To maintain
backwards compatibility copy RSA keys with size 3072 and smaller
directly into NVRAM (OBJECT is copied as before).
When reading an OBJECT out of NVRAM try to unmarshal it as an
ANY_OBJECT first and if this does not work it is with great likelyhood
an RSA3072_OBJECT that needs to be copied from NVRAM and than
transformed into an OBJECT.
The new marshalling of OBJECTS will only be used once RSA 4096 keys
are enabled or other changes to the code are made.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
