Allow passing signing key and parent key via files and file descriptors
and environment variables. Adapt a test case to exercise this new
functionality.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the existing key derivation test case for TPM 2 with test cases
that use a newer TPM 2 state where we now exercise the new
CryptAdjustPrimeCandidate algorithm that produces the same results on
big and little enidan 32 bit and 64 bit machines. This newer algorithm
is available in libtpms with revision 155 of the TPM 2 code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Test that a key written to volatile state is properly loaded again
and produces the same signature as before.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check the TPM2 state using the TPM2 utilities, if available.
Create persistent state and check it, then shut down the TPM 2 and
restart it, and check the persistent state again.
Use previously created state and have the TPM 2 start with it
and check the persistent state. The persistent state must be
readable on little and big endian machines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Provide support for creating certificates for TPM2 ECC type of keys.
Extend the test cases and the man pages.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the test case test_swtpm_cert to have its issuercert signed
by a created root CA so that we have the Authority Key Id in the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For being able to test the transfer of larger state blobs, extend the existing
test case with creating a large NVRAM location that becomes part of the permanent
state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Integrity protect the TPM state when it is written in entrypted form.
libtpms state (for TPM1.2) is also integrity protecting the blobs, but
we better determine the integrity of the decrypted data on the layer
above it.
