Initialize the key structure before loading the key into it. This
resolves an issue raised by Coverity, but doesn't seem to be really
necessary.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
These types have been renamed in libtasn1 version 3.0 (released 2012-10-28).
The most recent libtasn1 version 4.17.0 (released 2021-05-13) now prints
deprecation warnings that are made fatal by -Werror:
ek-cert.c:76:13: error: 'ASN1_ARRAY_TYPE' macro is deprecated, use 'asn1_static_node' instead. [-Werror]
76 | extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[...]
The new types were introduced almost ten years ago, so they should be pretty
universally available by now.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Changes to libtpms will require that the volatile state files
during this test may be larger than 9000 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Thos patch fixes the following issue when building a Debian package:
dh clean --parallel
dh: warning: Compatibility levels before 10 are deprecated (level 9 in use)
dh_auto_clean -O--parallel
dh_auto_clean: warning: Compatibility levels before 10 are deprecated (level 9 in use)
dh_clean -O--parallel
dh_clean: warning: Compatibility levels before 10 are deprecated (level 9 in use)
dpkg-source -b .
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add restoring of the volatile state after having it stored.
Since this is now taking a long time it must be explicitly enabled
by setting the environment variable SWTPM_TEST_STORE_VOLATILE=1.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If we are running the tests as a user that doesn't have a git config
setup we run into the following issue when trying to apply patches
suing 'git am':
Committer identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
This patch fixes this by setting the git config on the local checkout
before using 'git am'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
RHEL 7's gnutls 3.3.29 does not take the private key passwords like later
versions take it. We require at least 3.4.0, though I am not entirely sure
when that change occurred. We may actually require >3.4.0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Apply patches to the IBM TSS2 test suite rather than using sed on its
files and other types of file manipulations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Write a note in swtpm_setup's help screen and man page that the usage
of --allow-signing will lead to a non-standard EK. Be more precise in the
man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch adds a test case for testing the fix for libtpms
issue 195: https://github.com/stefanberger/libtpms/issues/195
This patch now requires that the latest TPM version from master or the
branches is installed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Start using timeouts when communicating with swtpm over Unix sockets so
that swtpm_ioctl does not just hang when it cannot communicate with swtpm
such as establishing a connection or reading results. This is because swtpm
listens to nlye one control channel connections.
This patch addresses an aspect of the problem reported in issue #415
but may also starting hiding bugs if certain operations are done in
the wrong order, as was the case in libvirt (6.10 & 7.0).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Upgrade to use the IBM TSS2 tests from v1.6.0.
Add a patch that eliminates all testing of 3072 bit RSA keys in case
libtpms does not support such keys. Also disable a test case related
to ACT for older revisions.
This test passes with libtpms 0.8.0 as well libtpms 0.6.0 and 0.7.0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
test_samples_create_tpmca needs to wait longer for the pid file content
to be there not just until the file is available.
test_tpm2_save_load_state_2 needs to dump the TPM log file on failure.
Failures occurred rarely because the previous instance of swtpm had
not shut down yet and released the lock file while the new instance
wanted to lock the lockfile. So we have to wait a bit until the
previous instance is gone.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We need to probe for the support socketpair() domain. On Linux only
socket.AF_UNIX is support and on Cygwin AF_INET works.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Pip 21.0.0 seems to be broken when upgraded to on Xenial. So
let's just only upgrade to 20.3.3.
$ sudo pip3 install --upgrade cryptography
Traceback (most recent call last):
File "/usr/local/bin/pip3", line 7, in <module>
from pip._internal.cli.main import main
File "/usr/local/lib/python3.5/dist-packages/pip/_internal/cli/main.py", line 60
sys.stderr.write(f"ERROR: {exc}")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following issue:
$ ./src/swtpm/swtpm chardev --print-capabilities --tpm2
swtpm: Error: Missing character device or file descriptor
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch adds support for partial reads to the CUSE swtpm.
We introduce a ptm_read_offset variable that holds the offset where to read
from next. It is reset every time a command has been processed as part of a
write() so that subsequent read()s start reading from offset 0. It is
advanced by the number of bytes that were read.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Asan reports this error for the CUSE TPM. The file_ops_lock was accidentally
duplicated in a code move of threadpool related code out of cuse_tpm.c
This patch removes the unused file_ops_lock from threadpool.c to resolve
the ASAN issue.
=================================================================
==545493==ERROR: AddressSanitizer: odr-violation (0x000000419340):
[1] size=8 'file_ops_lock' cuse_tpm.c:112:8
[2] size=8 'file_ops_lock' threadpool.c:55:8
These globals were registered at these points:
[1]:
#0 0x14f6c27f3cc8 (/lib64/libasan.so.6+0x37cc8)
#1 0x40c2c3 in _sub_I_00099_1 (/home/stefanb/tmp/swtpm/src/swtpm/.libs/lt-swtpm+0x40c2c3)
#2 0x40c31c in __libc_csu_init (/home/stefanb/tmp/swtpm/src/swtpm/.libs/lt-swtpm+0x40c31c)
[2]:
#0 0x14f6c27f3cc8 (/lib64/libasan.so.6+0x37cc8)
#1 0x14f6c27aad1a in _sub_I_00099_1 (/home/stefanb/tmp/swtpm/src/swtpm/.libs/libswtpm_libtpms.so.0+0x25d1a)
#2 0x14f6c31dc7b1 in call_init.part.0 (/lib64/ld-linux-x86-64.so.2+0x117b1)
==545493==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'file_ops_lock' at cuse_tpm.c:112:8
==545493==ABORTING
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the device can be passed using --tpm-device <device>, we now
mark the last parameter, which can also be the device, as optional.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not bother trying to keep pidfilefd open in case fd = pidfilefd,
but close it unconditionally. If writing the pidfile fails, the process
terminates anyway, besides that we only ever need to write to the
pidfile once, which is happening in this function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following compilation issue/bug:
ctrlchannel.c: In function ‘ctrlchannel_process_fd’:
ctrlchannel.c:694:13: error: array subscript ‘ptm_hdata[0]’ is partly outside array bounds of ‘struct output[1]’ [-Werror=array-bounds]
694 | data->u.resp.tpm_result = htobe32(res);
| ^~
ctrlchannel.c:486:7: note: while referencing ‘output’
486 | } output;
| ^~~~~~
Sending hashes to the TPM is not currently used in any major
application, so this bug should not affect much.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older ARM processors need more time to create the initial CA keys
and then the key for the TPM. So we increase the timeout to 30s.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when accessing
the statefile and make sure we do not follow symlinks using O_NOFOLLOW.
The modification does not allow an attacker to create a symbolic link
with the name of the temporary file (TMP2-00.permall for TPM 2) and
have this point to a valueable file and swtpm ends up overwriting the
file. The success of the attack depends on the attacker having access
to the TPM's state directory (--tpmstate dir=...).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Due to recent changes in tcsd, it doesn't accept 'tss:tss 0600' anymore
for the tcsd config file but we need to use 'root:tss 0640' for it.
So far only Fedora seems to be affected. It now depends on whether tcsd
has been patched what ownership is required. So we try first the old
configuration and then the new one.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Lift the code that sets up the vtpm proxy device out of the main
function and put it into its own function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the config files created by the swtpm-create-user-config-files
script will shadow those typically installed in /etc, we now require the
option --root if 'root' runs this script so that root is aware what he is
doing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
