Enable SHA512. Since the TPM 2 expects to see PCR values for
the SHA512 bank in some of its structures, this breaks
compatibility with existing state files.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also write those structure related to PERSISTENT_ALL to have
a header with version 2 and a tail that allows the state to be
extended and downgraded.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Write the persistent state's EP,SP, and PPSeed values into the
volatile state and check them when reading. This way we can
prevent that arbitrary volatile and persistent state blobs are
used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Increase the NVRAM memory size to 128kb. That should be it for good.
We accept smaller NVRAM sizes from stored state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
SHA512 is currently not enabled since until a short while ago the test
data was missing. So before we enable it, we should differentiate between
writing adn reading of SHA384 and SHA512 data by using a different magic
in the header. We assign the existing value of the magic for the SHA384
that we currently use and assign SHA512 a new value.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Adapt the MIN_EVICT_OBJETCS #define value to 7 so that it meeds to
TPM Profile (PTP) Specification and TPM_PT_HR_PERSISTENT_MIN returns
the proper value.
We allow to read the state from a TPM that had a lesser value before.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the permanent state was set using SetState() write the permanent
state once we successfully read the volatile state and can use it.
This way we have the state in a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If state was set using SetState() then the cached blob needs
to be passed to the TPM 2 before trying to read the state from
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Coverity is complaining about the case of blockSize == 0. Later on in
CryptSymmetricDecrypt() this case is intercepted as well and
TPM_RC_FAILURE is returned. We just do this a little earlier.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Coverity complains that a couple of variables read from the
stream may not be initialized. It shouldn't be possible to
have them not initialized since we would otherwise have an
error value in rc. Nevertheless, initialize them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check the read datasize against an unreasonably large value and
log in case we encounter a bad value. This particular value cannot
be larger than 64k and a few bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In one case we missed to assign the return value for rc.
In another case check rc value before doing operation.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The unsigned int needs to be checked as an int against >= 0.
The bit to move needs to be a 1ULL type.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some versions of gcc complain about the loop counter being
a signed int when compared against a sizeof() results. This
patch fixes this.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enable a few more algorithm for the TPM2. We have to adapt NVMarshal.c
to allow the enablement of these algorithms without rejecting existing
state. We do this through the 'LE' comparison operator that allows us
to read state from an implementation that didn't have it enabled while
we now have it enabled.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Write comments about the comparison operators used for comparing
compile time options/switches of the state that's being read from
another implementation versus the ones used in the current
implementation.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Write version 2 headers for all versioned structures and append
a trailer that can hold future version data and that can be
skipped. The skipping allows us to downgrade state, meaning if
version 3 appended some data but we read it with version 2,
we don't need the version 3 data but can skip it. We loose data
this way, but can keep the TPM 2 running.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Prepare the header we are using for writing out the state blobs
for version 2 where we will including the minimum version necessary
to read a particular structure.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPM2_PersistentAllStore that allocates a buffer big
enough to store all the persistent state and returns that buffer
along with the number of valid bytes.
In this patch we move code from _plat__NvCommit() into this new
function and call this new function now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When storing, marshalled the NvChip memory's contents and write the byte
stream into the file rather than the NvChip directly. When reading, assume
we get a marshalled NvChip file and we now need to unmarshal the byte
stream and reconstruct the NvChip.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some variables are compile-time optional and can be skipped if they are
contained in the byte stream but the implementation does not need them.
We enable this with a few simple macros that we use to replace those parts
where the has_block variables are written into the byte stream. On the
unmarshalling side we check whether the block is in the byte stream and
whether the implementation needs the block and react appropriately
including skipping over the block in the byte stream or skipping over the
code unmarshalling the data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the NV_HEADER parameter from NV_Header_Marshal() function.
In the single case where it was needed, initialize a UINT32 with
the 'magic'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Get rid of all the changes to have the NvChip written in big
endian format. Remove test case.
Now the NvChip in memory holds data in native format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Marshal the NvChip memory into a byte stream and reconstruct the
NvChip memory from the byte stream.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Push the nvOffset parameter where either one of the 4 state blobs
found in the NVRAM file can be found. Also push the size parameter
into the functions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In one big step, marshal more variables and constants for volatilestate:
- compile-time constants related to data structures marshalled as part
of the volatile state as well as some other ones
- variables related to time that fix problems with dictionary attack
related timeouts
- 3 failure related variables
Also introduce magic and version headers when marshalling all the
internal data structures.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the comments on some of the variables we are storing
as part of storing volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have VolatileLoad return a TPM_RC so the caller can see
whether the loading of the volatiles state succeeded.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When any of the NVRAM blobs could not be handled properly we put
the TPM into failure mode. This should only happen if someone
corrupts the state or if the state blobs are more recent than
what the TPM supports.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extract the initialization of the header fom the SWAP functions
and initialize the header by the appropriat callers of the SWAP
functions.
Version and magic can be 0 when first read after NVRAM was
initialized. So we initialize it then.
Add skeleton code where the upgrade of the data structure would
have to happen later on.
Refuse to accept newer versions of structures than what is supported
at the moment. In particular, return error codes in case the blobs
that were read are not supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enforce the version of the volatile state blob. Do not accept a more
recent version than what we support at this point, so downgrading of
state is prevented this way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In case the NVRAM file cannot be decrypted we get a TPM_DECRYPT_ERROR
error which also indicates that the file exists. So do not return FALSE
in this case, which would delete the existing file and start over with
a blank file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The current TpmFail() implementation invokes longjmp() at the end
and crashes with a segmentation fault if setjmp() wasn't called before.
To avoid this we implement TpmSetFailureMode() that logs the failure and
sets the TPM into failure mode. Since NVRAM may set failure mode before
the CryptInit() is called, we need to make sure we don't reset the failure
mode variable in case CryptInit() succeeds. In this case we now call the
FAIL_NOCMD() macro.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement bitfield support for _COMMAND_FLAGS_ but comment it
out since the structure is not used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Do not use rand() for creating random numbers since this only
creates pseudo random numbers and the keys always end up being
the same since it wasn't seeded, either.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make TPM 2 code compileable on OpenBSD where we have an older version
of gcc with missing builtin swap functions and where endianes #defines
area also different.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Port the TPM 2 code to OpenSSL 1.1 by accessing the OpenSSL BIGNUM
only via its public functions. To get there it is necessary to
implement the Bn2bin() function that converts the TPM internal
representation of a bigNum to an array of unsigned chars that can
then be passed to the OpenSSL BN_bin2bn() function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For this to work increase the maximum allocatable memory chunk
supported by TPM_Malloc() to 128k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create functions ANY_OBJECT_Marshal/Unmarshal/SWAP so that
we can then handle OBJECT and HASH_OBJECT dependening on the
attribute flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some data structures need padding bytes to align the data
structures on 32bit machines to resemble the alignment on
64bit machines. Without it we wouldn't be able to resume
the state on a 32bit machine written by a 64bit machine.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
BOOL is an int and therefore we cannot just write out the
single byte at the address of the BOOL. On big endian systems
the BOOL value is at offset 3. So we implement functions for
marshalling and unmarshalling of a BOOL as a single byte and
do the conversion with the 'int' there.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Round up the sizes of the structures written into NVRAM so we
have some space in front of them.
Prepend a heaer in front of the structure written into NVRAM. Initialize
them with a version number and a magic. The version number should
theoretically allow us to read TPM 2 state of different revisions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add functions to marshal the volatile state of the TPM. We write it in
big endian format.
Add functions to write the data structure in big endian format
into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Return a failure code to the control command initiated
initialization of the TPM 2.
Reset the failure move on every INIT call so that corrections
can be done without having to restart the TPM emulator.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce --with-tpm2 for ./configure to enable building with
TPM 2 functionality. Delay the building of TPM 2 code until more
patches are applied and the vTPM state that's created has a chance
of being backwards compatible.
Extend the libtpms API to allow user to choose version of TPM.
Missing functionality at this point:
- TPM 2 needs to be extended to serialize and deserialize its volatile state
- Handling of the establishment bit
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make the #define RADIX_BITS dependent on #defines set by the
OpenSSL library: THIRTY_TWO_BIT and SIXTY_FOUR_BIT_LONG
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
clang complains:
tpm12/tpm_init.c:666:9: error: variable 'tag' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
if (rc == 0) {
^~~~~~~
tpm12/tpm_init.c:746:9: note: uninitialized use occurs here
if (tag == TPM_TAG_STCLEAR_DATA) {
^~~
tpm12/tpm_init.c:666:5: note: remove the 'if' if its condition is always true
if (rc == 0) {
^~~~~~~~~~~~~
tpm12/tpm_init.c:662:28: note: initialize the variable 'tag' to silence this warning
TPM_STRUCTURE_TAG tag;
^
= 0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The permanent state has to be loaded before the volatile or save state blobs
can be tested since they are connected to the permanenent state.
We implement TPM_PermanentAll_NVLoad_Preserve that makes a copy of any
cached permanent state blobs before we load the permanent state via
TPM_PermanentAll_NVLoad, which would consume and free any cached state blob,
if there was one (would fall back to reading from file otherwise). We then
set the copy of any cached permanent state blob back so that it can be used
when the TPM 1.2 start.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Clear all the cached states blobs set using TPMLIB_SetState if one
of them cannot be accepted.
Signed-off-by: Stfean Berger <stefanb@linux.vnet.ibm.com>
Expose the two new API calls TPMLIB_GetState() and TPMLIB_SetState().
Fix one parameter in the TPMLIB_GetState() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The permanent state has to be loaded before either the volatile
or the save state can be validated.
Also fix another bug that was testing for whether there was no
cached state. It should test whether there is a cached state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the permanent state was set using SetState() write the permanent
state once we successfully read the volatile state and can use it.
This way we have the state in a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Modify TPM_NVRAM_LoadData() to try to get the cached state blob before trying
to read the state blob from the file. We clear the state blob as part of
passing it to the TPM.
A side effect is now that if TPMLIB_ValidateState is called on a blob that
this call would not remove the cached blob. So we have to save a copy before
reading (and parsing) the state blob so we still have it when TPM_MainInit()
is called.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds APIs for getting and setting all types of state
blobs. We cache these blobs and allow them to be picked up when
the TPM starts. It will get any of these state blobs, if they
were set, before we go out and try to read the state blob from
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The EK certificates need information about the TPM specification that was
implemented. The best place to get the information from seems the TPM itself.
So we implement a function TPMLIB_GetInfo() to allow to query for the TPM
specification information and possibly other information in the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The logic for invoking the validation of the TPM 1.2 state was
broken. The validation of volatile and save state state requires
that the permanent state is available, so we always load it
first.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_ValidateState(), which is supposed to be used
for checking usability of state blobs before TPMLIB_MainInit()
is called or TPM_Startup has been sent to the TPM.
This function is useful to be called once TPM state blobs
have been migrated to a destination and we need to check
whether libtpms can use these state blobs and if not
we have a chance to fall back to the migration source host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the previous support of a fixed buffer size to work
with a minimum of 3k and a maximum of 4k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also allow to get the minimum and maximum supported buffer size
with the TPMLIB_SetBufferSize() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_SetBufferSize() for setting the size of the I/O buffer
that the TPM may advertise. For TPM 1.2 the size remains fixed since the
TIS interface can handle the current 4096 bytes.
This function will be important for TPM 2 with a CRB interface that cannot
handle 4096 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When checking for missing symbols we need to add -lc to the libraries
passed to gcc otherwise we always see lots of missing symbols even if
there aren't any.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
LibreSSL on OpenBSD seems to not support the new API of OpenSSL 1.1.
So create a new #define OPENSSL_OLD_API that is set if the old API
is to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the dprintf call to use a format parameter that otherwise causes
errors with gcc on certain platforms.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix compilation problems like the following:
/usr/local/lib/libtpms.so: undefined reference to `va_start'
/usr/local/lib/libtpms.so: undefined reference to `va_end'
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
vdprintf with a NULL parameter on the 3rd position crashes
on Linux. Replace it with dprintf.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add API calls TPMLIB_SetDebugFD(), TPMLIB_SetDebugLevel(),
TPMLIB_SetDebugPrefix().
Convert the internal printing of debugging strings to
correspond to the log level. Print the prefix in front
of every line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce an internal interface that allows us to reach TPM functionality
from the libary's API layer. This prepares the code for the addition
of a new API function that lets us choose which TPM to use, TPM 1.2 or
TPM2. Currently only TPM 1.2 functionality is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all TPM1.2 code to src/tpm12 directory. Adapt the Makefile.am
to point to tpm12 directory for the TPM1.2 sources.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix support for ARM64 by testing for whether __aarch64__ is defined.
Also see http://sourceforge.net/p/predef/wiki/Architectures for the
gcc preprocessor defines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the build process to build a dll on cygwin and remove
freebl specific shell calls when building for OpenSSL.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Remove unnecessary files in the repository and add boostrap.sh to create the
configure file and other files we are removing here. Users have to run
bootstrap.sh to have those files created in their build environment.
Update the INSTALL instructions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Implement missing base64 decoder support when using OpenSSL library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
The physical presence flag should not be used if CMD enable is false
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This is the initial import of the libtpms library. The libtpms library
provides software emulation of a Trusted Platform Module (TPM). It is
intended to be used by applications when a hardware TPM is not adequate.
For example, a hypervisor can use libtpms to emulate an independent TPM
for each of it's virtual machine guests. The library provides a high-
level API for developers to integrate the emulated TPM support into
their application.
The code was originally written by Kenneth Goldman <kgoldman@us.ibm.com>
and Stefan Berger <stefanb@us.ibm.com>.
The code is licensed under the Modified BSD License.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
