Check whether /dev/ptmx or /dev/ptm exists and use it to open a file
descriptor on it, raise an error otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OpenBSD uses different tools for sha1 and file size calculations,
so we wrap them in functions and check which one to call by using
uname -s.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use uname -s to check for Linux rather than uname -o, which doesn't
seem to be supported on OpenBSD.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than using the non-bash echo tool, which doesn't seem to
support -e on OpenBSD, use the bash echo tool to write the binary
code into a file and cat the file into the device. This also works
around a problem when a sequence contains \x0a, which then seems
to be the last character written to the device if bash's echo is
used. It does this correctly when writing to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On OpenBSD the socket's name would be cut short by one letter at the
end due to an off-by-one for the calculated sockaddr struct's length.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The control channel of a UnixIO socket is not supported
on Cygwin, so do not present this flag. Return an error
if this command is run.
Adapt the test case.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Copy the test case that use 'swtpm chardev' to test_ctrlchannel4
and convert this test in test_ctrlchannel to use a socket. Make
test_ctrlchannel run on all platforms. test_ctrlchannel4 only
runs when WITH_CHARDEV is set in the Makefile.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Split off the CMD_SET_DATAFD into its own file. This test only works on
Linux, so we skip it on Cygwin for example. Otherwise it should be able
to run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the description in the man page to reflect ioctl's and
control channel commands.
Update to the latest supported commands.
Fix a few text locations on the way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cast the exponent to unsigned long int to avoid a compiler
error reporting comparison of signed and unsigned integers.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To enable the test suite to for example run a mixture of 32- and
64bit executables, allow users to specify the executables to use by
setting the variables SWTPM_EXE, SWTPM_IOCTL, and SWTPM_BIOS via
command line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the send1msg() ot the twisted sendmsg package since sendmsg()
is only supported in more recent versions of twisted.
Following this we also don't need to install a recent version of twisted
via pip on Travis, which runs Ubuntu 14.04.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than sending two separate messages with the bare python 2
API, use the python twisted package to send the control and data
in one sendmsg() call. This avoids occasional test failures in
the ctrlchannel test case that is currently sending the data and
control part of the message in 2 steps, which can lead to the
recpient not seeing the whole message.
Add python-twisted as a build dependency to the rpm and Debian
builds and the .travis.yml.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Consider TPM_PORT environment at the time of parsing server options. This way we
can avoid the code duplication, hence removed obslote code.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
In preparation for receiving control messages via UnixIO sockets,
switch to recvmsg() for receiving the first chunk of data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enable receiving control commands in small chnunks. Allow 500ms
for the whole control command to be received.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add the missing PTM_CAP_GET_CONFIG to the returned flags.
Fix the order of the flags on the way.
Fix the test cases that test for the flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the check for the FUSE_IOCTL_COMPAT flag to make a 32bit
CUSE swtpm work on 64bit host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use a new and encrypted token. Fix other parameters. Build works now
and submits to coverity if coverty_scan branch is pushed to.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix possible illegal buffer access in case a character device
is used via ioctl. In this case we have to make sure we only
access the number of bytes in the ioctl structure itself.
In case of a socket, make sure we received enough bytes to
be able to access the payload.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Refactor the tests so that they all run on socket interfaces as well.
Use socket ports in the range of 65400-65499 for TPM 1.2 tests.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To be able to run tests with either one of the interfaces, add function
for running swtpm and swtpm_ioctl commands and form the command line
parameters dependent on the type of interface being passed. We rely on
environment variables to provide the specific parameters that are needed
to run the program with the appropriate parameters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Change the startup behavior with respect to requiring an INIT command
via control channel. We change this for the socket and chardev
interfaces so that the behavior now is the same as that of the CUSE
interface.
Introduce the --flag not-need-init command line option for the socket
and chardev interfaces to allow the old behavior using this option.
Adapt some of the test cases and swtpm_setup.sh.in that now need this
command line flag.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Allow running swtpm_setup directly as tss user using the following
command lines as an example for how to do it:
mkdir /tmp/test-tss
chown tss:tss /tmp/test-tss
chmod 770 /tmp/test-tss
su -c "swtpm_setup --tpm-state /tmp/test-tss" -s /bin/sh tss
This change prevents us from requiring invocation under the root
user.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Replace the show_help variable with change_user varaible with
opposite logic. The name of the variable is better for upcoming
changes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the return code from the command processing function is 0,
get the error code from the command response and return that one
instead. The problem was that clients though resetting the
establishment bit worked in locality 0 for example, while it did
not.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Return the number of bytes received in case ctrlcmd does not
use an ioctl because in this case we need to know how many bytes
we received in the response.
The receiving of the state blob also needs to take into account
how many bytes were received in the initial response so we write
the proper amount of bytes from that response into the file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
While parsing the options we modified the argv[] values and
the commas disappeared, which showed when checking for the
swtpm processes using 'ps'. So, work on a copy of the options
parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
There was an offset bug in the code getting the state blobs
from a client.
Also fix an endianess bug in a control channel command.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
