Add a test case that tests the TPM 2 volatile state. This test
requires the latest TPM2 version of libtpms that also writes the
TPM Established bit into the volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check the TPM2 state using the TPM2 utilities, if available.
Create persistent state and check it, then shut down the TPM 2 and
restart it, and check the persistent state again.
Use previously created state and have the TPM 2 start with it
and check the persistent state. The persistent state must be
readable on little and big endian machines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
libtpms preview branch tpm2-preview.rev142 enables volatile state
marshalling and unmarshalling which in turn enables the suspending
and resumption of the TPM state. This patch enables the capabilty
bits and adds test cases for testing the TPM state suspending and
resumption.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Provide support for creating certificates for TPM2 ECC type of keys.
Extend the test cases and the man pages.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support TPM 2 in swtpm_setup and swtpm_setup.sh.
Implement support for all command line options except for:
o --take-ownership and anything related to ownership passwords
o --lock-nvram
o --display
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
TPM2 allows the primary key to also be a signing key, so in case
--tpm2 is provided, --allow-signing can be provided as well in
case the primary can also be used for signing operations.
We use SHA256 for the signing algorithm when TPM 2 is being used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the swtpm_bios tool with a --tpm2 command line parameter
to support TPM 2 initialization.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have the test cases wait for the process to be gone after 1s using
wait_process_gone rather than trying use kill -0 once after 0.5s.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Whenever we encrypt the data we generate a new random IV and append a
tlv block with the IV to the byte stream. We mark the IV with different
tags depending on whether they are for the migration data or the (TPM)
data directly. All IVs are part of the HMAC and are added to it after
the data blob.
Adjust test cases that now return larger sizes of data. A constant
checksum over the data cannot be expected anymore, thus we have to remove
the verification of the checksum over the returned state (IV changes
every time).
The size of the blobs grow by 22 bytes, 6 for the tlv header, 16 bytes
for the IV (128 bit AES key).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Prepend tag-length-value (tlv) headers in front of all data being stored in
the byte stream following the header. This lets us uniquely identify plain
data (= TPM state), encrypted data (= encrytped TPM state), migration data
(which is wrapped plain or encrytped TPM state), and an HMAC block to
validate the plain data.
We keep support for version 1 for reading the data but convert them to
version 2 when writing them out. This way we loose backwards compatibility
(downgrading of swtpm is not possible), but it allows us to extend the state
in the future by adding addition blocks with tlv headers.
Version 1 of the encryption was prepending the hash on the plaintext data
then encrypting all of it. This method is not so good. In version 2 we now
use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an
HMAC on the encrypted data.
Files written by the swtpm didn't have a header before. Now they also get a
header. This means that the state written into files and the state retrieved
using the API (swtpm_ioctl --save) have the same format, but still differ
in so far as the API wraps the data in a tlv header for migration, which the
files written out as state would never get.
Adapt a couple of test cases show file sizes and hashes have changed now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check for a '#define WITH_CUSE 1' line in config.h to determine whether
the swtpm was compiled with the CUSE interface and skip the tests with
the CUSE interface if no such line can be found.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Poll for process to be gone for 1 seconds after a shutdown was requested
and it was found that the PID file had been removed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than writing to files directly and having to validate the state in
those files using TPMLIB_ValidatetState(), we now use the new
TPMLIB_SetState() call to set the TPM's state blobs. The advantage of this
call is that it doesn't overwrite state files and ends up leaving state in
files that the TPM cannot use. Instead, it validates the state immediately
when the blob is set and returns an error in case the state cannot be
accepted.
We need to adapt one test case that now gets a failure earlier than before.
Before the TPM_INIT failed, now setting the encrypted blob fails because it
cannot be decrypted and thus cannot be accepted by the TPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To avoid test failures in test_ctrchannel2 due to the swtpm process
still running after it has removed the PID file, give it 0.5 seconds
to actually terminate.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the new --info parameter for swtpm_ioctl to get TPM specification
info from the swtpm and use this as a parameter for creating the EK
certificate.
Extend the man page.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
We quetry the swtpm for TPM specification info that goes into the
certificate for the EK.
Update the test cases that now see more capabilties being returned
by the swtpm.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the test case test_swtpm_cert to have its issuercert signed
by a created root CA so that we have the Authority Key Id in the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create the TPMSpecification SEQUENCE and add it to the subject
directory attributes of an EK cert.
The code generates the same ASN.1 for the Subject Directory Attributes
as the example in the EK spec has.
> openssl asn1parse -in ${cert} -strparse 603
0:d=0 hl=2 l= 30 cons: SEQUENCE
2:d=1 hl=2 l= 28 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :2.23.133.2.16
11:d=2 hl=2 l= 19 cons: SET
13:d=3 hl=2 l= 17 cons: SEQUENCE
15:d=4 hl=2 l= 3 prim: UTF8STRING :1.2
20:d=4 hl=2 l= 4 prim: INTEGER :41010000
26:d=4 hl=2 l= 4 prim: INTEGER :7B000000
Extend existing test case so they create the ASN.1 as well.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Loading an invalid state blobs now fails ealier since libtpms is
called to check whether it can accept the blob.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the encrypted state test with a test case using a wrong key
for decrypting the state and make sure that the init fails and the
state files remain unmodified.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a command for setting and querying the buffer size the
TPM implementation (libtpms) is using. The setting of the
buffersize allows to reduce the size of the buffer to a size
that the interface can support so that these two sizes match
and the TPM will not produce larger responses than what the
interface can support.
Extend swtpm_ioctl with an option to set the buffersize.
Adapt the existing tests to reflect the newly supported command.
Implement a new test for getting/setting of the buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether /dev/ptmx or /dev/ptm exists and use it to open a file
descriptor on it, raise an error otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OpenBSD uses different tools for sha1 and file size calculations,
so we wrap them in functions and check which one to call by using
uname -s.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use uname -s to check for Linux rather than uname -o, which doesn't
seem to be supported on OpenBSD.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than using the non-bash echo tool, which doesn't seem to
support -e on OpenBSD, use the bash echo tool to write the binary
code into a file and cat the file into the device. This also works
around a problem when a sequence contains \x0a, which then seems
to be the last character written to the device if bash's echo is
used. It does this correctly when writing to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The control channel of a UnixIO socket is not supported
on Cygwin, so do not present this flag. Return an error
if this command is run.
Adapt the test case.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Copy the test case that use 'swtpm chardev' to test_ctrlchannel4
and convert this test in test_ctrlchannel to use a socket. Make
test_ctrlchannel run on all platforms. test_ctrlchannel4 only
runs when WITH_CHARDEV is set in the Makefile.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Split off the CMD_SET_DATAFD into its own file. This test only works on
Linux, so we skip it on Cygwin for example. Otherwise it should be able
to run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To enable the test suite to for example run a mixture of 32- and
64bit executables, allow users to specify the executables to use by
setting the variables SWTPM_EXE, SWTPM_IOCTL, and SWTPM_BIOS via
command line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the send1msg() ot the twisted sendmsg package since sendmsg()
is only supported in more recent versions of twisted.
Following this we also don't need to install a recent version of twisted
via pip on Travis, which runs Ubuntu 14.04.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than sending two separate messages with the bare python 2
API, use the python twisted package to send the control and data
in one sendmsg() call. This avoids occasional test failures in
the ctrlchannel test case that is currently sending the data and
control part of the message in 2 steps, which can lead to the
recpient not seeing the whole message.
Add python-twisted as a build dependency to the rpm and Debian
builds and the .travis.yml.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Add the missing PTM_CAP_GET_CONFIG to the returned flags.
Fix the order of the flags on the way.
Fix the test cases that test for the flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Refactor the tests so that they all run on socket interfaces as well.
Use socket ports in the range of 65400-65499 for TPM 1.2 tests.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To be able to run tests with either one of the interfaces, add function
for running swtpm and swtpm_ioctl commands and form the command line
parameters dependent on the type of interface being passed. We rely on
environment variables to provide the specific parameters that are needed
to run the program with the appropriate parameters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Change the startup behavior with respect to requiring an INIT command
via control channel. We change this for the socket and chardev
interfaces so that the behavior now is the same as that of the CUSE
interface.
Introduce the --flag not-need-init command line option for the socket
and chardev interfaces to allow the old behavior using this option.
Adapt some of the test cases and swtpm_setup.sh.in that now need this
command line flag.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement allow-set-locality for CUSE TPM and extend the existing
locality test case with commands that try to write the SetLocality
comamnd to the device.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Skip the CUSE TPM related tests if the CUSE kernel module is not
available. Return similar error messages for both CUSE and VTPM proxy
module if they are not available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Wait for the chardev the VTPM proxy device creates to actually appear.
In some cases the exec statement opening the file would otherwise
create a file /dev/tpm0 for example and subsequently tests then ended
up failing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Detect whether to build with the chardev interface and only run tests that
need the chardev if it is supported on a particular platform.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce wait_for_file function to wait for a file for a max. amount of
time and have that function poll for the file to appear.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for UnixIO and TCP control channels. Both types of
transport require that packets are sent in big endian format
and therefore some code needs to be adjusted for that. The
ioctl interface is local and in that case no endianess conversion
is done.
Add a new test case that uses the extended swtpm_ioctl tool to
test the control channel.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix a typo in two command names so that they are similar to
the command name spelling used for the ioctl's.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Deactivate the code around resetting the TPM established bit
since its implementation currently requires libtpms 0.6.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement two more control channel commands:
- CMD_STORE_VOLATILE
- CMD_HASH_DATA
Implement test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Deactivate the checking for the certificate size since different
GnuTLS versions may create certificates of different sizes by adding
additional fields or other data to the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the macros defined in endian.h for endianess conversion.
Fix the conversion of a 64bit variable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the swtpm_bios tool with an option to give up physical presence.
Have the TPM error codes reflected in the exit error of 128.
Add a test case for the tool.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a control channel for the 'chardev' swtpm that implements
a minimal set of control messages for now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the hardcodes tss user and group and to configure with
--with-tss-user=tss --with-tss-group=tss to set the tss user
and group to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for the --tpmstate dir=<dir> command line parameter.
It will be used instead of the TPM_PATH, unless it is not set.
Adapt two test cases for the new parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for --pid file=<pidfile> command line parameter support.
The swtpm_cuse and swtpm now write their process IDs (pids) into
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the extension of PATH to the local dir('.') from swtpm_setup.sh
and adapt test cases accordingly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support the read/write interface and POSIX API calls for transfer of
TPM state blobs.
Extend the swtpm_ioctl program to support this as well. Use the
environment variable SWTPM_IOCTL_BUFFERSIZE to set the size of the
buffer to use and enable the read/write interface in this (test)
program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For being able to test the transfer of larger state blobs, extend the existing
test case with creating a large NVRAM location that becomes part of the permanent
state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the explicit saving of volatile state before saving the volatile
state blob to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have test_resume_volatile create a temporary dir and copy test files to it
that may be modified during the test run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Integrity protect the TPM state when it is written in entrypted form.
libtpms state (for TPM1.2) is also integrity protecting the blobs, but
we better determine the integrity of the decrypted data on the layer
above it.
Add a test case that ensures that swtpm-localca automatically
creates a signing key and issuer cert if none is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than only using the ioctl to reset the TPM Establishment
bit in a given locality, also use the TPM_ResetEstablishmentBit
command for it in some test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add new ioctls to get and set the 3 different types of state blobs
from and to the CUSE TPM. Add test cases for testing the new ioctl's
on a CUSE TPM that stores the state encrypted and on a CUSE TPM that
stores it non-encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create uniqe names for the /dev/vtpm* so that tests can run in parallel.
Also separate the state directories of the TPMs into individual temporary
dirs.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
