Implement TPMLIB_RecreateSvnBaseSecret() to allow the user to recreate
the SVN base secret. Trigger the storage of the persistent state. Add
a man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement support for a profile attribute svn-limited-hierarchy that must
be set for SVN-limited hiearchy support to be enabled. Bump up the
StateFormatLevel to 8 and store the SVN base secret starting with
StateFormatLevel 8.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
In several locations where #if SVN_LIMITED_SUPPORT is used to deactivate
SVN hierarchy related code, add a profile attribute check for whether the
svn-limited-hierarchy attribute's flag is set. If it is not set, handle it
in the same way is if SVN hierarchy support was disabled.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the TPM's unique 16 byte SVN base secret to deterministically calculate
the TpmFirmwareSvnSecret from it by first hashing this 16 byte number and
then adding the 16bit SVN to the hash.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce a per-TPM SVN base secret of 16 bytes that is to be used for the
SVN-limited hierarchy to derive its secrets from when the 16bit SVN
number is mixed in. Create it at first manufacturing time.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Set the currentSvn number to a number derived from the library version.
Start out with currentSvn '0'. The number would then follow the
following numbering scheme relative to possible future libtpms versions:
v0.10 : 0x0000
v0.10.1 : 0x0001
v0.10.2 : 0x0002
v0.11 : 0x0010
v0.11.1 : 0x0011
v1.0 : 0x0020
v1.0.1 : 0x0021
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Avoid the following error message due to potentially
uninitialized variable:
base64decode.c:64:20: warning: The right operand of '!=' is a garbage \
value [core.UndefinedBinaryOperatorResult] <--[clang]
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When --disable-static is used statically linked tests cannot be run.
Therefore, put the evaluation of --enable-static-tests after
--disable-static has been tested for and only set ENABLE_STATIC_TESTS
if both are 'yes'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the following gcc warning on Fedora rawhide:
tpm2_cve-2023-1017.c: In function ‘main’:
tpm2_cve-2023-1017.c:169:5: warning: ‘cmd’ may be used uninitialized [-Wmaybe-uninitialized]
169 | free(cmd);
| ^~~~~~~~~
tpm2_cve-2023-1017.c:125:20: note: ‘cmd’ was declared here
125 | unsigned char *cmd = malloc(maxcmdsize);
| ^~~
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If the user provides no Attributes field in the profile then do not copy
the attributes from the internal profile if that profile may be modified.
In this case assume that the the user wanted no attributes. It now is
also unnecessary that any Attributes be set in a modifyable profile ever,
since they will not be copied.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Adjust the regex checking the JSON input to allow for empty string values,
which will be only used by 'Attributes' since they are all optional.
Then, allow the user to provide an empty string with the Attributes in the
JSON like this: {...,"Attributes":"", ...}
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Per "TCG FIPS 140-3 guidance for TPM 2.0" document the following functions
must prevent an asymmetric ECC key derivation:
- Table 14: TPM2_CreateLoaded
- Table 18: TPM2_ZGen_2Phase
- Table 26: TPM2_Commit
- Table 26: TPM2_EC_Ephemeral
Return TPM_RC_TYPE as a return code to indicate failure of deriving a key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Restrict profile names to 32 characters to avoid having to carry
excessively long names in the TPM's state file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow setting the minimum HMAC key size and add enforcement gates.
Check that the value of hmac=min-key-size given in the profile is not
larger than 1024. This value is taken from the maximum size of
TPM2B_SENSITIVE, which is MAX_SYM_DATA (=128), which can be provided as
key to an HMAC.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some function parameters are unused due to OpenSSL usage and other changes
by libtpms. Mark those as unused to avoid static analyzer warnings.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid static analyzer warnings due to non-literal format strings being
used, wrap asprintf in TPMLIB_asprintf and call vasprintf from there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implemewnt a pairwise consistency test for RSA keys that is to be enabled
with FIPS_COMPLIANT #define temporarily. Test encryption+decryption and
sign+verify with the created key on random input data.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
drbg-continous-test enables an existing code block that was previously
only enabled when FIPS_COMPLIANT #define was set. This code block
ensures that previous 4 consecutive random numbers do not appear again
at the beginning of a 16-byte block.
Extend an existing test case with this new attribute.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only constant strings will be assigned to the static array, so make the
name field also a const char *.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When a non-modifyable profile is chosen then copy the StateFormatLevel
(SFL) from the internal profile as before. A reason for copying the SFL
is also because the user is not allowed to make modifications to this
type of profile. Otherwise, if the user chooses a modifyable profile,
then let the user choose the StateFormatLevel.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Deduplicate verbs in Commands, Algorithms, and Attributes strings in a
profile and when a verb with an '=' sign is found, such as
ecc-min-size=224, and there is a duplicate later in the string, such as
ecc-min-size=256, then keep the last one.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove the test case and renaming of the reference implementation of
CryptKDFe. Reverting this patch would bring the test case back in case
it was necessary.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To still be able to run the KDFe test case when the OpenSSL replacement
for the KDFe is to be used, rename the reference implemention to
ReferenceCryptKDFe that coexists with the CryptKDFe function that then
calls OSSLCryptKDFe.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a KDFe replacement using OpenSSL's SSKDF and add a test
case that compares the current implementation against the one based
on the OpenSSL SSKDF.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
