Implement a KDFa replacement using OpenSSL's KBKDF function. The resulting
implementation has a few restrictions compared to the original one.
For example, it cannot accept a counter value to be passed in to resume
the KDFa as the reference implementation could -- OSSL does not support
providing the counter in this becomes problematic with DRBG_Generate
where it seems to want to resume with a counter over the long-term.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a KDFe replacement using OpenSSL's SSKDF and add a test
case that compares the current implementation against the one based
on the OpenSSL SSKDF.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce the #define MAX_MARSHALLED_OBJECT_SIZE to be used for a size of
a byte buffer that is supposed to hold a marshalled OBJECT. The number
is not exact but provides for a 'safe' size of a buffer.
Add a test case to check that MAX_MARSHALLED_OBJECT_SIZE is sufficient.
The test case needs access to ANY_OBJECT_Marshal, which is only available
when -static can be used for linking since otherwise the function is
private to the library. Static linking the test case does not work when
test-coverage is enabled, therefore disable statically linked test cases
in when test-coverage is enabled and give control to the user to disable
statically linked test cases in other cases as well.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix erroneous gitignore entries that previously showed with the
following command line:
git ls-files -i --exclude-standard -c
Resolves#249.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the existing test case with extending PCR 10 and reading back
the result, then storing the state blobs and setting them and checking
the value of PCR 10 again.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Make sure that the NVRAM offsets and structure sizes are the same
on all architectures so that we can fill up the NVRAM on one system
and migrate the state to another architecture and it will fit into
the NVRAM space there.
We leave some space for the first few data structures in the NVRAM to
grow. We do this by rounding up the NV_INDEX_RAM_DATA location to the
next kb boundary. This moves it from offset 4356 to 5120 on x86_64 and
from offset 4332 to 5120 on i386. This now leaves us with the same
amount of space for user dynamic NVRAM, which starts beyond offset 5120.
We also pad the OBJECT structure with 4 bytes so that it is the same
size on 32 and 64 bit architectures. This is a data structure that
is used in user dynamic NVRAM and should be the same size on all
architectures so that a full NVRAM always fits.
Also test the size of the NV_INDEX structure, which already has the
same size on all tested architectures (x86_64, i386, arm32, ppc64).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Ignore *.log and *.trs files from the test suite.
Ignore compile and the 'missing' file.
Remove the depcomp file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add debian build files to enable building of Debian package using for example
debuild -b or dpkg-buildpackage -us -uc
Extend the .gitignore.
The debhelper checks show warnings and errors that will need to be addressed
some other time. For some I don't know how to solve them at the moment.
Signed-off-by: Stefan Berger <stefanb@linux.watson.ibm.com>
Add .gitignore file to ignore certain files in the repository.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
