The receiving of TPM state blob ends when the last byte has been copied
into a response to the user. No more request need to be sent afterwards.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If a blob with length 0 is set, we make sure the corresponding file
that would hold this blob is not available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support the read/write interface and POSIX API calls for transfer of
TPM state blobs.
Extend the swtpm_ioctl program to support this as well. Use the
environment variable SWTPM_IOCTL_BUFFERSIZE to set the size of the
buffer to use and enable the read/write interface in this (test)
program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For being able to test the transfer of larger state blobs, extend the existing
test case with creating a large NVRAM location that becomes part of the permanent
state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the explicit saving of volatile state before saving the volatile
state blob to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Since POSIX reserves the *_t namespace of types, remove it from
all our typedefs. While doing that, adjust the typedefs to all have
the prefix ptm_ .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move the code to get the TPM state blobs into is own function and introduce
a caching layer that retrieves the state blob from the TPM once and has
subsequent requests to copy the state work on the cached blob.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have the crypto functions use a key as a parameter rather than having them
operate on a specific fixed key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Break the key parsing function apart into a common parsing function
and one specific to the file encryption key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Prepend a header in front of all blobs retrieved from the TPM.
Write flags into this header indicating whether the blob is
encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have test_resume_volatile create a temporary dir and copy test files to it
that may be modified during the test run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Integrity protect the TPM state when it is written in entrypted form.
libtpms state (for TPM1.2) is also integrity protecting the blobs, but
we better determine the integrity of the decrypted data on the layer
above it.
Change the type of the len variable from size_t to ssize_t for
comparison against neg. values to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Change variable type of val1 and val2 from unsigned char to char for
the comparison with neg. numbers to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a test case that ensures that swtpm-localca automatically
creates a signing key and issuer cert if none is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Automatically create the signing key and a self-signed issuer
certificate if the state dir has to be created.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than only using the ioctl to reset the TPM Establishment
bit in a given locality, also use the TPM_ResetEstablishmentBit
command for it in some test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
