The header file fs/linux.h only exists on Linux but we can also
use sys/mount.h, which also exists on Cygwin and the BSDs.
Only support block devices if BLKGETSIZE64 is defined.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Abstract away implementation specific code for handling TPM state in
swtpm_setup. The current code for handling directories is moved to
'swtpm_backend_dir.c'.
Where possible, the input argument is simply passed verbatim as
'backend-uri' to swtpm.
No functional change intended, aside from supporting 'dir://' as
optional prefix. The checks for lock-file accessibility are moved to
check_access(), but that shouldn't affect anything AFAICT.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
This avoids issues with state backends where we don't have a convenient
directory for a pidfile available.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
...and use delete_swtpm_statefiles instead. This function iterates the
folder instead of just deleting one file, but since it is already called
before the init call guarded here, it can only affect files created by
this run anyway.
Note that delete_state had slightly different return semantics, but it
doesn't matter, as the return value is ignored here anyway (best effort
cleanup).
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
Adapt save_load_state tests to include coverage of the "linear file"
backend mode. "tpm2" is save/load is tested with both a regular file and
a loop device to excercise the blockdev mmap code.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
Implements a second abstraction layer as an NVRAM storage backend: The
"linear" backend stores data in a simple format that can contain
multiple files (multiple TPM states and numbers) in one linear address
space. This can then be mapped to files or other "block-device-like"
interfaces using nvram_linear_file_ops implementations.
A simple one using mmap is provided with the URI type "file://".
Does not support any locking at the moment, users must ensure exclusive
access themselves.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
The key is freed using 'gnutls_privkey_deinit(pkcs11key)', yet the
following memory leaks show up that are most likely in the pkcs11 module.
Skip the test if ASAN is being used to avoid the test failure.
Direct leak of 55080 byte(s) in 1 object(s) allocated from:
#0 0x7fdabb152af7 in calloc (/lib64/libasan.so.6+0xaeaf7)
#1 0x7fdab6b737c6 in C_Initialize (/usr/lib64/pkcs11/libtpm2_pkcs11.so+0x147c6)
#2 0x7fdab9a5f8a9 in initialize_module_inlock_reentrant (/lib64/libp11-kit.so.0+0x2b8a9)
#3 0x7fdab9a5fc88 in managed_C_Initialize (/lib64/libp11-kit.so.0+0x2bc88)
#4 0x7fdab9a66018 in p11_kit_modules_initialize (/lib64/libp11-kit.so.0+0x32018)
#5 0x7fdab9a66778 in p11_kit_modules_load_and_initialize (/lib64/libp11-kit.so.0+0x32778)
#6 0x7fdabab10dc5 in auto_load (/lib64/libgnutls.so.30+0x9cdc5)
#7 0x7fdabab12656 in gnutls_pkcs11_init (/lib64/libgnutls.so.30+0x9e656)
#8 0x7fdabab12779 in _gnutls_pkcs11_check_init (/lib64/libgnutls.so.30+0x9e779)
#9 0x7fdabab1af1f in gnutls_pkcs11_privkey_import_url (/lib64/libgnutls.so.30+0xa6f1f)
#10 0x7fdabaaee0e3 in gnutls_privkey_import_url (/lib64/libgnutls.so.30+0x7a0e3)
#11 0x40abee in main /home/stefanb/dev/swtpm/src/swtpm_cert/ek-cert.c:1399
#12 0x7fdab9f5ab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#13 0x40366d in _start (/home/stefanb/dev/swtpm/src/swtpm_cert/swtpm_cert+0x40366d)
Indirect leak of 8208 byte(s) in 1 object(s) allocated from:
#0 0x7fdabb152af7 in calloc (/lib64/libasan.so.6+0xaeaf7)
#1 0x7fdab6b736f9 in C_Initialize (/usr/lib64/pkcs11/libtpm2_pkcs11.so+0x146f9)
#2 0x7fdab9a5f8a9 in initialize_module_inlock_reentrant (/lib64/libp11-kit.so.0+0x2b8a9)
#3 0x7fdab9a5fc88 in managed_C_Initialize (/lib64/libp11-kit.so.0+0x2bc88)
#4 0x7fdab9a66018 in p11_kit_modules_initialize (/lib64/libp11-kit.so.0+0x32018)
#5 0x7fdab9a66778 in p11_kit_modules_load_and_initialize (/lib64/libp11-kit.so.0+0x32778)
#6 0x7fdabab10dc5 in auto_load (/lib64/libgnutls.so.30+0x9cdc5)
#7 0x7fdabab12656 in gnutls_pkcs11_init (/lib64/libgnutls.so.30+0x9e656)
#8 0x7fdabab12779 in _gnutls_pkcs11_check_init (/lib64/libgnutls.so.30+0x9e779)
#9 0x7fdabab1af1f in gnutls_pkcs11_privkey_import_url (/lib64/libgnutls.so.30+0xa6f1f)
#10 0x7fdabaaee0e3 in gnutls_privkey_import_url (/lib64/libgnutls.so.30+0x7a0e3)
#11 0x40abee in main /home/stefanb/dev/swtpm/src/swtpm_cert/ek-cert.c:1399
#12 0x7fdab9f5ab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#13 0x40366d in _start (/home/stefanb/dev/swtpm/src/swtpm_cert/swtpm_cert+0x40366d)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only recent libvirt versions have the patch for the AppArmor profile for
libvirt to allow fsync after opening a directory for reading. Rather
than failing hard on the open-directory-for-reading error, log it once
and continue and do not try it again after.
This patch addresses the problems seen on Ubuntu related to an older
version of libvirt without the AppArmor profile update.
- issue #484
- issue #549
- issue #559
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only recent libvirt versions have the patch for the AppArmor profile
for libvirt to allow fsync on dir and directory. Rather than failing
hard on this error, log it once and continue and do not try fsync
again after.
This patch addresses the problems seen on Ubuntu related to an older
version of libvirt without the AppArmor profile update.
- issue #484
- issue #549
- issue #559
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
FreeBSD may return errno EINVAL beside ENOENT once there are no more
entries in a directory to walk over. It claims that readdir() follows
the getdirentries() return codes, which do include EINVAL but not
ENOENT. But ENOENT is also being used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
clang doesn't link executables built with ASAN support to libasan, like
gcc does, so we have to use nm rather than ldd for checking for whether
the executable was built with ASAN. nm is part of the binutils package
and should be available on all systems where gcc was installed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Whenever swtpm_setup is executed with --logfile option, forward the
option to swtpm (--log file=...). This helps debugging swtpm
initialization issues.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
BSD cp does not understand the -d option, so remove it.
It's better to use "su -u nobody -c '...'" than sudo, which makes
this test also work on the BSDs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case for testing the --runas parameter and the ability to access
existing files that have restrictive access permission so that only allow
the --runas user is able to access these files. This is to ensure that
swtpm can access these files properly when the handling of options and the
changing to the --runas user is moved around within swtpm.
Skip the test case if swtpm is linked with ASAN since then we get these
types of error messages that fail tests:
==== Starting swtpm with interfaces socket+socket ====
==3303263==LeakSanitizer has encountered a fatal error.
==3303263==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==3303263==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add the size of the type state to the --print-states output and switch
back to a JSON object when enumerating the blobs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The two tests test_tpm2_samples_create_tpmca and
test_tpm2_swtpm_localca_pkcs11 cannot complete successfully if run in
parallel. To solve this issue, introduce a dependency via the log files
to prevent parallel execution of the two test. We have to append the
.test suffix to their names to be able to do this.
docs:
https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html
Resolves issue #501, though the problem with stability of the tpm2 pkcs11
module is not resolved.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Search for all the state files not just the permanent state and
when printing the JSON use the abstracted names rather than concrete
filenames that are only valid for the dir backend but will likely
not exist in other backends.
Adjust swtpm_setup to search for the abstracted name and also
adjust the error message to print out the abstracted name.
Adjust the test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a CheckState interface function for checking for the
TPM_PERMANENT_ALL_NAME blog. The dirctory backend does a simple stat on the
file without actually reading it, which otherwise may require the (correct)
key if it was encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove all interface functions from swtpm_nvstore_dir.h and make them
static in swtpm_nvstore_dir.c. This way we avoid direct calls to these
functions from elsewhere.
Move the declaration of the interface structure into swtpm_nvstore.h
to get rid of swtpm_nvstore_dir.h entirely.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If is_chardev is false, then we have a buffersize of 4096 bytes per
the following statement:
322 if (!is_chardev)
323 buffersize = 4096;
With this we end up in the following if branch:
384 if (buffersize) {
385 /* continue with the read interface */
[...]
418
419 break;
420 } else {
Per the break in line 419 we leave the loop, thus cannot reach the
statement we remove:
423 if (!is_chardev)
424 break;
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Don't set flag MAIN_LOOP_FLAG_END_ON_HUP in the handler for control
channel command CMD_SET_DATAFD, since this caused the swtpm daemon to
unconditionally terminate when the data channel connection dropped.
Removing the flag allows this behavior to be controlled by the user
via the --terminate command-line switch, as it was meant to be.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Use the EVP_CIPHER implementation for the AES CBC computations. This
API has been supported already in OpenSSL 1.1.x for sure and is also
not deprecated in OpenSSL 3.0.
This now resolves issue #538.
We can build src/swtpm without having to suppress deprecated API warnings.
Since this is the last issue related to OpenSSL deprecated APIs, we don't
need to suppress any OpenSSL 3.0 deprecated API warnings anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an implementation of SWTPM_HMAC using non-deprecated APIs when
compiling with OpenSSL 3.0.
This partially addresses issue #538.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the (undocumented) OPENSSL_SUPPRESS_DEPRECATED to suppress the
deprecated API warnings when compiling swtpm and swtpm_setup with
OpenSSL 3.0.0 replacing the global -Wno-deprecated-declarations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When there is a delay between "Sending TPM2_NV_Write with wrong
password" and "timenow=$(date +%s)", the test can fail with "Error: Did
not get expected failure from TPM2_NV_Write() with good password.
Lockout should be enabled.". This can sometimes happen on slow or busy
systems.
To stabilize the test, this patch introduces precise recovery time
measurement ($timerecovery) and check good password works after that
time. As for lockout timeout, moves starting timer just before
TPM2_NV_Write and check good password fails before that time.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
To be able to build with OpenSSL 3.0 we need to added
-Wno-deprecated-declarations to the default CFLAGS.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
