Rather than returning the hardcoded number of commands for the
TPM_CAP_TPM_PROPERTIES capability return the number of commands
that are currently enabled due to the active profile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x40 --tcp :2322 | jq
{
"AvailableProfiles": [
{
"Name": "default-v1",
"StateFormatLevel": 4,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "This profile enables all currenly supported commands and algorithms. It is applied when the user chooses no profile."
},
{
"Name": "null",
"StateFormatLevel": 1,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "The profile enables the commands and algorithms that were enabled in libtpms v0.9. This profile is automatically used when the state does not have a profile, for example when it was created by libtpms v0.9 or before."
},
...
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x20 --tcp :2322 | jq
{
"ActiveProfile": {
"Name": "null",
"StateFormatLevel": 1,
"Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
"Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Description": "The profile enables the commands and algorithms that were enabled in libtpms v0.9. This profile is automatically used when the state does not have a profile, for example when it was created by libtpms v0.9 or before."
}
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also extend the man page to describe the new output.
swtpm_ioctl --info 0x10 --tcp :2322 | jq
{
"RuntimeCommands": {
"Implemented": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"CanBeDisabled": "0x11f,0x121-0x122,0x124-0x128,0x12a-0x12e,0x130,0x132-0x13b,0x13d-0x140,0x142,0x146-0x147,0x149-0x14d,0x14f-0x152,0x154-0x155,0x159,0x15b,0x15d-0x15e,0x160-0x164,0x167-0x168,0x16a-0x172,0x174,0x177-0x178,0x17b,0x17f-0x181,0x183-0x184,0x187-0x193,0x197,0x199-0x19a",
"Enabled": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
"Disabled": ""
}
}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend TPM2_GetInfo() to return information about runtime-enabled
algorithms like this:
$ swtpm_ioctl --info 8 --tcp :2322 | jq
{
"RuntimeAlgorithms": {
"Implemented": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"CanBeDisabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,camellia,cmac,ctr,ofb,cbc,ecb",
"Enabled": "rsa,rsa-min-size=1024,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,null,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
"Disabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist"
}
}
Also describe the JSON object in the TPMLIB_GetInfo man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Filter-out disabled commands so that the GetCapability() command does not
return them in the list of implemented/supported commands. Also prevent
them from being executable. Typically the check for whether a command
is enabled/disabled needs to be added around checks for whether the
IS_IMPLEMENTED flag is set on a command.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Enable all algorithms while unmarshalling state. Some state may contain
algorithms that are runtime-disabled and we need to allow those state
blobs to be readable.
While reading the volatile state save the currently enabled profile,
then set the default profile before unmarshalling the data, and then
restore the original profile.
When reading the permanent state enable the default profile first. At the
end the algorithms read from the state file will be applied.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Write the profile as part of PERMANENT_ALL state v4 and also read it from
the byte stream if the PERMANENT_ALL state has v4 or later.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Filter-out runtime-disabled algorithms from being reported in
TPM2_GetCapability and also don't run tests with runtime-disabled
algorithms during self-test.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement functions to set and check runtime-disabled algorithms. Use
these functions when the algorithm capabilities of the TPM 2 are
advertised via the TPM2_GetCapability command. However, it is not
sufficient to just suppress runtime-disabled algorithms in the return
value of this command but also certain code paths have to be instrumented
to check for disabled algorithms since they could otherwise lead to their
usage. Users are not required nor will they always look at the returned
values of TPM2_GetCapability but should still be prevented from using
runtime-disabled algorithms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Address the following Coverity complaint (1550494) by filtering out bad
input values:
"Expression i--, which is equal to 65535, where i is known to be equal
to 0, underflows the type that receives it, an unsigned integer 16 bits
wide."
aSize is typcially 2048 and n is always >= 1 per the input parameter.
Therefore no side-effects are expected from this filter.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Expression command->sessionNum - 1U, which is equal to 4294967295,
where command->sessionNum is known to be equal to 0, underflows the
type that receives it, an unsigned integer 32 bits wide."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint by removing assignment to offset:
"Assigning value from offset + 148UL to offset here, but that stored
value is overwritten before it can be used."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value rsa3072_object. Field rsa3072_object._pad is
uninitialized when calling MemoryCopy."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value eccPublic when calling TPMS_ECC_POINT_Unmarshal."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fedora Rawhide and CentOS 10 do not support OpenSSL engine anymore.
Therefore, replace include of engine.h with err.h since the engine is not
needed anyway but we only need the prototype of ERR_get_error_line_data.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace the check for several session attributes flags with a call
to IsCpHashUnionOccupied.
Note that the existing check for
session->u1.cpHash.b.size != 0 || session->attributes.isCpHashDefined
can be replaced with just session->attributes.isCpHashDefined since
isCpHashDefined is always assigned '1' (SET) when session.u1.cpHash
is given a value. isCpHashDefined is reset in SessionResetPolicyData()
as part of resetting all attribute flags and cpHash size is set to 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This fixes the build with LibreSSL 3.9.0 where many implicit
declarations for BN_, EVP_ and RSA_ functions occur which were
implicitly included before.
Signed-off-by: orbea <orbea@riseup.net>
Convert an OBJECT to a byte buffer suitable for writing into NVRAM
by calling NvObjectToBuffer and then copy the buffer into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Instead of copying an OBJECT directly from memory into NVRAM memory
determine the type of OBJECT (RSA vs. ECC etc.) and marshal the OBJECT
as ANY_OBJECT into a buffer and copy the buffer into NVRAM. To maintain
backwards compatibility copy RSA keys with size 3072 and smaller
directly into NVRAM (OBJECT is copied as before).
When reading an OBJECT out of NVRAM try to unmarshal it as an
ANY_OBJECT first and if this does not work it is with great likelyhood
an RSA3072_OBJECT that needs to be copied from NVRAM and than
transformed into an OBJECT.
The new marshalling of OBJECTS will only be used once RSA 4096 keys
are enabled or other changes to the code are made.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce the #define MAX_MARSHALLED_OBJECT_SIZE to be used for a size of
a byte buffer that is supposed to hold a marshalled OBJECT. The number
is not exact but provides for a 'safe' size of a buffer.
Add a test case to check that MAX_MARSHALLED_OBJECT_SIZE is sufficient.
The test case needs access to ANY_OBJECT_Marshal, which is only available
when -static can be used for linking since otherwise the function is
private to the library. Static linking the test case does not work when
test-coverage is enabled, therefore disable statically linked test cases
in when test-coverage is enabled and give control to the user to disable
statically linked test cases in other cases as well.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Take a snapshot of the current OBJECT and call this RSA3072_OBJECT that
gets its own set of dependent datatypes that represent the current
OBJECT's dependent datatypes and only fit an RSA 3072 object (or smaller).
This allows for extension to RSA 4096 or possibly later on to
quantum-safe crypto keys that may also be stored in an OBJECT.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only convert the private exponent for an RSA key and initialize
the privateExponent with zeros otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
After adding BOOL allowNull parameter to TPMI_ECC_CURVE_Unmarshal rearrange
the order in which this command is listed in the unmarshalArray so that the
caller passes an addtional parameter to this function now.
Also add a fuzzer test case.
Fixes: 44f0cb0535 ("rev180: Sync TPMI_ECC_CURVE_Unmarshal")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The new TPM 2 code casts bigNum's to Crypt_Int, which has an array 'd' of
type 'crypt_uword_t[2]' which then leads to the following types of errors
that we haven't found another solution for so far.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-2675de6341d4e056d04ab49179b8e5b8bd456589
/src/libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20: runtime error: index 23 out of bounds for type 'crypt_uword_t[2]' (aka 'unsigned long[2]')
#0 0x5b4196 in RsaAdjustPrimeCandidate_New libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20
#1 0x5b4196 in RsaAdjustPrimeCandidate libtpms/src/tpm2/crypto/openssl/CryptPrime.c:405:9
#2 0x5b4366 in TpmRsa_GeneratePrimeForRSA libtpms/src/tpm2/crypto/openssl/CryptPrime.c:454:6
#3 0x590953 in CryptRsaGenerateKey libtpms/src/tpm2/crypto/openssl/CryptRsa.c:1433:9
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
NvReadObject knows how to read an OBJECT from NVRAM, so use it instead
of the low-level NvRead(). This prepares the code for possibly larger
OBJECTs in NVRAM in the future that may have been marshalled before
they were written into NVRAM (such as RSA 4096 keys or possibly keys
from QC if they will be stored in OBJECTs).
The call to NvReadObject() requires that the ref in NvReadObject points
to the handle of an NV_ENTRY_HEADER. An NV_ENTRY_HEADER looks like this:
typedef struct {
UINT32 size;
TPM_HANDLE handle;
} NV_ENTRY_HEADER;
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
