Add a variable seedCompatLevel to the each seed in the PERSISTENT_DATA
that allows us to track the age of the seed. Whenever a new seed
is created the seedCompatLevel is also written and set to the latest
version. This seedCompatLevel then influences the crypto algorithm that
can be used for deriving keys so that previously derived keys
are now still generated in the same way. When the seed is changed
the old keys are all useless and newly derived keys can then use
the new algorithm.
This patch only sets the variables to the current compatibility
level SEED_COMPAT_LEVEL_ORIGINAL and writes it out as part of the state
file. This makes the state file not downgradeable.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
- Introduce Platform.h and replace usage of PlatformData.h and
Platform_fp.h
- Drop Implementation.h since we now use TpmProfile.h (which we
prepared previously); many #defines were moved to TpmTypes.h
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement helper for getting OpenSSL crypto functions from
crytpo algorithm IDs, encryption modes, and key sizes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove some cruft that was useful when TPM 2 code was still in the
works but now that things have settled don't need it anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce TPM_NOMAINTENANCE_COMMANDS #define to build the TPM 1.2 code
without maintenance commands support. The state for the maintenance
commands has been written out so far, so we have to leave this part
alive even though nothing can be done with the maintenance key anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This script will permit integration with Google OSS-FUZZ
https://github.com/google/oss-fuzz
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Add support for --enable-test-coverage that sets additional CFLAGS
and LDFLAGS.
gcov creates files with suffixes .gcov, .gcno, and .gcda that we
need clean up in a few directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The test code for marshalling and unmarshalling the NVRAM hasn't
been used anymore, so remove it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all handling of callback invokcations in the TPM 2 code into
their own file so that we have less mixing of TPM 2 headers and
TPM 1.2 headers from the library.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
On some systems /bin/bash does not exists but is somewhere else and can
be invoked with /usr/bin/env.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On FreeBSD we need to set the SHELL explicitly to /bin/bash since csh
is used otherwise and wouldn't allow us to run the check-local rule.
Besides that we need -shared for the check to pass. However, the FreeBSD
compiler doesn't allow us to recognize undefined symbols, which seem
to get suppressed with the -shared parameter. If the -shared is not passed
we get error messages due to undefined symbols _progname and environ from
libc.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS X needs the -shared parameter when running the undefined symbol
check.
Do not fail if a.out was not created, like on Cygwin.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The linker on FreeBSD seems to be broken and fails for other reasons
when testing for support of the --version-script flag. The error
that is reported is:
local symbol 'environ' in /usr/lib/crt1.o is referenced by DSO.
Also __progname is needed.
To work around this problem we add a test.syms file that only has
these two symbols in it, which is enough for the test in
configure.ac and gives version script support in case of the
broken linker.
On FreeBSD TPM 1.2 related tests were failing due to test case 6
failures in case no linker script was used. (Very odd.) This patch
fixes this problem.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether the linker supports the linker flag --version-script.
The OS X linkwer does not seem to support it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Get rid of all the changes to have the NvChip written in big
endian format. Remove test case.
Now the NvChip in memory holds data in native format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add functions to marshal the volatile state of the TPM. We write it in
big endian format.
Add functions to write the data structure in big endian format
into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
