Extend the SELinux policy with rules for svirt_tcg when
QEMU is not being started with KVM by libvirt.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Coverity scan shows an uninitialized access in case an error is
encountered and the cleanup path is taken before datum was initialized.
Fix the error by initializing the variable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Coverity scan discovered a buffer overrun error in case the
datum->size = 0. Fix the error.
The function with the potential error is not called if datum->size == 0.
Also make the 'size' variable larger so there cannot be a overrun in
'size = datum->size + sizeof(buffer) - i'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The swtpm man page incorrectly showed binaddress as the option parameter
for the address to bind to. It must be called bindaddr.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement command line support for choosing the cipher to use for
the TPM state encryption. Either aes-128-cbc or aes-256-cbc can be
used. The same cipher has to be passed on the swtpm command line
when using the TPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the flags in the header to check the size of the provided key(s) against
the one(s) from the user. There are the state and migration keys, each has
a different flag in the header if a 256bit key was used. We display an error
about the mismatching key size against expected size if the given key is of
the wrong size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the buffer the key is read into to hold an 256bit key.
Add support for aes-256-cbc. Also, aes-128-cbc is now a synonym for
aes-cbc.
Update the man pages to reflect the AES 128 support.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enable 256 bit AES keys in the en- and decryption functions.
Set a flag in the header to at least indicate whether 128bit
or 256bit keys were used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the valid field from the symmtric key structure and
user userKeyLength > 0 instead, which is the same.
Also remove the tag and fill fields, which were originally used in
TPM 1.2.
Use function calls to test whether the file or migration key is
available where possible.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To get rid of the hard coded AES key size of 128, we add a filed
userKeyLength that describes the length of the key being used.
We replace TPM_AES_BLOCK_SIZE with userKeyLength where possible.
Rename TPM_AES_BLOCK_SIZE to SWTPM_AES_BLOCK_SIZE.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use pbkdf2 as the default kdf and sha512 for the existing
test case. Do away with file limit of 32 bytes. This may
break backwards compatibility for some but better to do this
before a release...
Switch the existing test cases to use kdf=sha512 on the command
line where necessary to that the state for these test cases
does not need to be recreated.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Point the source URL in the rpm spec to github.com where in the future
the tar should be located.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On some systems /bin/bash does not exists but the bash is somewhere
else and can be invoked with /usr/bin/env bash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The building of rpm files fails due to some issues with the rules. To make
this work we explicily list the policy packages' dependencies and use them
in the rules. This now make 'make distcheck' work and lets us build an RPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To test the creation of the tar and out-of-tree builds all the time, do
'distcheck' rather than a simple 'check'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some test cases that root has to run did not pass the out-of-tree
builds. We need to pass the top level source dir to these test cases
and change some variable accessing config files to the right directory
for the out-of-tree build to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For sys_dependencies.h to be found during out-of-tree builds we
need to include -I$(top_srcdir)/include.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the file descriptor 100 is open prior to trying to open
it, it must be closed first on OS/X, otherwise we get test
case failures due to interrupted connections.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS/X has a flock (v0.2.3) implementation using
brew tap discoteq/discoteq
brew install flock
The current version doesn't support -x as a parameter for
an exclusive lock but uses an exclusive lock when no parameter
is passed at all.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS/X also does not have a proc filesystem, so we use the '_'
environment variable to determine the path of the program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The daemon() call is deprecated on OS X. This patch works around it so
that we can compiled with -Wall -Werror and still can use the daemon()
call while avoiding compiler errors due to this function's deprecation
marking in stdlib.h.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The -cs parameter to swtpm_bios is like -c -s and therefore ambiguous.
Use the unambiguous long version --cs. This makes the test case work
on NetBSD, which does not support getopt_long_only().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make swtpm_setup.sh work on FreeBSD.
A common fix for the problem related to echo stopping to write
data into a socket after the first occurrence of \x0a sees to
write it into a pipe and cat the data from there.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
A (draft) specification indicates the ECC key NVRAM indices to use.
Adapt the code to use them in case of EK ECC key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To avoid clashes with the lock files created by swtpm, have
swtpm-localca creata a lock file with the name .lock.swtpm-localca
so they can share directories if necessary.
This patch makes tests/test_tpm2_swtpm_setup_create_cert run on
OpenBSD since the swtpm and swtpm-localca then do not interfere
with the file locks. This doesn't seem to be an issue on Linux
or Cygwin, though, where probably the file locking is implemented
differently.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.om>
