Remove the valid field from the symmtric key structure and
user userKeyLength > 0 instead, which is the same.
Also remove the tag and fill fields, which were originally used in
TPM 1.2.
Use function calls to test whether the file or migration key is
available where possible.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To get rid of the hard coded AES key size of 128, we add a filed
userKeyLength that describes the length of the key being used.
We replace TPM_AES_BLOCK_SIZE with userKeyLength where possible.
Rename TPM_AES_BLOCK_SIZE to SWTPM_AES_BLOCK_SIZE.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use pbkdf2 as the default kdf and sha512 for the existing
test case. Do away with file limit of 32 bytes. This may
break backwards compatibility for some but better to do this
before a release...
Switch the existing test cases to use kdf=sha512 on the command
line where necessary to that the state for these test cases
does not need to be recreated.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Point the source URL in the rpm spec to github.com where in the future
the tar should be located.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On some systems /bin/bash does not exists but the bash is somewhere
else and can be invoked with /usr/bin/env bash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The building of rpm files fails due to some issues with the rules. To make
this work we explicily list the policy packages' dependencies and use them
in the rules. This now make 'make distcheck' work and lets us build an RPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To test the creation of the tar and out-of-tree builds all the time, do
'distcheck' rather than a simple 'check'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some test cases that root has to run did not pass the out-of-tree
builds. We need to pass the top level source dir to these test cases
and change some variable accessing config files to the right directory
for the out-of-tree build to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For sys_dependencies.h to be found during out-of-tree builds we
need to include -I$(top_srcdir)/include.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the file descriptor 100 is open prior to trying to open
it, it must be closed first on OS/X, otherwise we get test
case failures due to interrupted connections.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS/X has a flock (v0.2.3) implementation using
brew tap discoteq/discoteq
brew install flock
The current version doesn't support -x as a parameter for
an exclusive lock but uses an exclusive lock when no parameter
is passed at all.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS/X also does not have a proc filesystem, so we use the '_'
environment variable to determine the path of the program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The daemon() call is deprecated on OS X. This patch works around it so
that we can compiled with -Wall -Werror and still can use the daemon()
call while avoiding compiler errors due to this function's deprecation
marking in stdlib.h.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The -cs parameter to swtpm_bios is like -c -s and therefore ambiguous.
Use the unambiguous long version --cs. This makes the test case work
on NetBSD, which does not support getopt_long_only().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make swtpm_setup.sh work on FreeBSD.
A common fix for the problem related to echo stopping to write
data into a socket after the first occurrence of \x0a sees to
write it into a pipe and cat the data from there.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
A (draft) specification indicates the ECC key NVRAM indices to use.
Adapt the code to use them in case of EK ECC key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To avoid clashes with the lock files created by swtpm, have
swtpm-localca creata a lock file with the name .lock.swtpm-localca
so they can share directories if necessary.
This patch makes tests/test_tpm2_swtpm_setup_create_cert run on
OpenBSD since the swtpm and swtpm-localca then do not interfere
with the file locks. This doesn't seem to be an issue on Linux
or Cygwin, though, where probably the file locking is implemented
differently.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.om>
When using --prefix=/usr never install into /etc/usr.
When using --prefix=/ never install into //share/.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On OpenBSD the gnutls library is in /usr/local/lib and AC_CHECK_LIB does
find it there without explicitly adding GNUTLS_CFLAGS and GNUTLS_LDFLAGS to
CFLAGS.
Also add the GNUTLS_CFLAGS to CFLAGS at the end.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The OpenBSD stat tool uses -f%z to return the file size in bytes.
So we wrap stat in get_filesize and call it with different parameters
depending on the system.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On OpenBSD 6.2 we have an older version of od that does not support the
-w parameter. Also we have to use the bash echo there since /bin/echo
does not support the -e parameter. We are using /bin/echo on the other
systems since there was (once) a bug when \x0a had to be converted to a
hex number.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OpenBSD does not have a proc file system from which we could
determine the path that swtpm_setup was run from and where we
expect swtpm_setup.sh to be located in as well. Using getenv("_")
seems to work as a replacement in the OpenBSD case.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Replace usage of shuf with a get_random function that produces
a random number between an upper and lower bound.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OpenBSD uses an older sed implementation that doesn't understand the
meaning of the '+' for getting one or multiple occurrences of a letter.
Work around this by not using it and trimming white spaces at the end
of a variable using bash.
Use 100 as file descriptor rather than 200 to accomodate OpenBSD,
which only support file descriptors <= 127.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Older distros may not have PKG_CHECK_VAR due to usage of pkg-config
older than v0.28. So, replace the call to PKG_CHECK_VAR with a direct
call to $PKG_CONFIG. Also use PKG_PROG_PKG_CONFIG to determine the
location of pkg-config.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
test_tpm2_ctrlchannel2 was not active and was not complete. This
patch fixes the test case and activates it. It uses chardev, so
it needs to be gated by WITH_CHARDEV.
Signed-off-by: Stefran Berger <stefanb@linux.vnet.ibm.com>
Fix the number of bytes passed into the control channel for commands
and expected for responses. The pointer to the memory is ok.
This fixes uninitialized memory errors reported by valgrind.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
