FreeBSD may return errno EINVAL beside ENOENT once there are no more
entries in a directory to walk over. It claims that readdir() follows
the getdirentries() return codes, which do include EINVAL but not
ENOENT. But ENOENT is also being used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
clang doesn't link executables built with ASAN support to libasan, like
gcc does, so we have to use nm rather than ldd for checking for whether
the executable was built with ASAN. nm is part of the binutils package
and should be available on all systems where gcc was installed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Whenever swtpm_setup is executed with --logfile option, forward the
option to swtpm (--log file=...). This helps debugging swtpm
initialization issues.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
BSD cp does not understand the -d option, so remove it.
It's better to use "su -u nobody -c '...'" than sudo, which makes
this test also work on the BSDs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case for testing the --runas parameter and the ability to access
existing files that have restrictive access permission so that only allow
the --runas user is able to access these files. This is to ensure that
swtpm can access these files properly when the handling of options and the
changing to the --runas user is moved around within swtpm.
Skip the test case if swtpm is linked with ASAN since then we get these
types of error messages that fail tests:
==== Starting swtpm with interfaces socket+socket ====
==3303263==LeakSanitizer has encountered a fatal error.
==3303263==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==3303263==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add the size of the type state to the --print-states output and switch
back to a JSON object when enumerating the blobs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The two tests test_tpm2_samples_create_tpmca and
test_tpm2_swtpm_localca_pkcs11 cannot complete successfully if run in
parallel. To solve this issue, introduce a dependency via the log files
to prevent parallel execution of the two test. We have to append the
.test suffix to their names to be able to do this.
docs:
https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html
Resolves issue #501, though the problem with stability of the tpm2 pkcs11
module is not resolved.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Search for all the state files not just the permanent state and
when printing the JSON use the abstracted names rather than concrete
filenames that are only valid for the dir backend but will likely
not exist in other backends.
Adjust swtpm_setup to search for the abstracted name and also
adjust the error message to print out the abstracted name.
Adjust the test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a CheckState interface function for checking for the
TPM_PERMANENT_ALL_NAME blog. The dirctory backend does a simple stat on the
file without actually reading it, which otherwise may require the (correct)
key if it was encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove all interface functions from swtpm_nvstore_dir.h and make them
static in swtpm_nvstore_dir.c. This way we avoid direct calls to these
functions from elsewhere.
Move the declaration of the interface structure into swtpm_nvstore.h
to get rid of swtpm_nvstore_dir.h entirely.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If is_chardev is false, then we have a buffersize of 4096 bytes per
the following statement:
322 if (!is_chardev)
323 buffersize = 4096;
With this we end up in the following if branch:
384 if (buffersize) {
385 /* continue with the read interface */
[...]
418
419 break;
420 } else {
Per the break in line 419 we leave the loop, thus cannot reach the
statement we remove:
423 if (!is_chardev)
424 break;
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Don't set flag MAIN_LOOP_FLAG_END_ON_HUP in the handler for control
channel command CMD_SET_DATAFD, since this caused the swtpm daemon to
unconditionally terminate when the data channel connection dropped.
Removing the flag allows this behavior to be controlled by the user
via the --terminate command-line switch, as it was meant to be.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Use the EVP_CIPHER implementation for the AES CBC computations. This
API has been supported already in OpenSSL 1.1.x for sure and is also
not deprecated in OpenSSL 3.0.
This now resolves issue #538.
We can build src/swtpm without having to suppress deprecated API warnings.
Since this is the last issue related to OpenSSL deprecated APIs, we don't
need to suppress any OpenSSL 3.0 deprecated API warnings anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an implementation of SWTPM_HMAC using non-deprecated APIs when
compiling with OpenSSL 3.0.
This partially addresses issue #538.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the (undocumented) OPENSSL_SUPPRESS_DEPRECATED to suppress the
deprecated API warnings when compiling swtpm and swtpm_setup with
OpenSSL 3.0.0 replacing the global -Wno-deprecated-declarations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When there is a delay between "Sending TPM2_NV_Write with wrong
password" and "timenow=$(date +%s)", the test can fail with "Error: Did
not get expected failure from TPM2_NV_Write() with good password.
Lockout should be enabled.". This can sometimes happen on slow or busy
systems.
To stabilize the test, this patch introduces precise recovery time
measurement ($timerecovery) and check good password works after that
time. As for lockout timeout, moves starting timer just before
TPM2_NV_Write and check good password fails before that time.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
To be able to build with OpenSSL 3.0 we need to added
-Wno-deprecated-declarations to the default CFLAGS.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Instead of directly accessing TPM state store file, use --print-states
to check if there is existing state file or not. This can reduce TPM
state directory dependencies of swtpm_setup.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
--print-states reports TPM states stored in --tpmstate backend.
This feature is supposed to be used by swtpm_setup for checking TPM state
existence.
Sample output is as follows:
$ swtpm socket --print-states --tpmstate dir=/tmp --tpm2 | jq .
{
"type": "swtpm",
"states": [
{
"name": "tpm2-00.permall"
}
]
}
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Introduce GetFilepathForName() and use it to get a rooted state file
path instead of existing GetFilenameForName().
Move GetFilenameForName() to swtpm_nvstore.c so that other TPM state
store backend can use it.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
The tests for the following options:
- with "--overwrite"
- with "--not-overwrite"
- without "--overwrite" nor "--not-overwrite"
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Currently swtpm_setup saves ek.cert and platform.cert to TPM state
directory and removes them later. As the usage of these files are
temporary, temp directory can be used for this purpose. This reduces
dependencies on TPM state dir, which is convenient for pluggable state
store (https://github.com/stefanberger/swtpm/issues/461).
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Skip tests that require the chardev after checking for the chardev
interface support in swtpm. Remove the conditional addition of chardev
related tests from the Makefile.am.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the following compilation issue:
swtpm_nvstore_dir.c: In function 'SWTPM_NVRAM_Validate_Dir':
swtpm_nvstore_dir.c:149:86: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
TPM_DEBUG("SWTPM_NVRAM_Validate_Dir: Rooted state path %s\n", tpm_state_path);
^
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
glib's (v2.68) g_thread_pool_new() calls the syscall sched_setattr(),
which we must allow to avoid termination of the CUSE TPM.
This patch resolves issue #520.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an options to specify pluggable backend URI.
Ex:
--tpmstate backend-uri=dir://<path_to_dir>
Backend URI is specific to each backend plugin which points to the
location of the NVRAM files.
Currently, "dir" is the only one available backend. In this case
backend-uri should be a path to the directory where files are stored.
This option is designed to compatible with existing "dir" option.
If "dir" is specified, swtpm prioritize "dir" ignoring "backend-uri".
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Related GH issue: https://github.com/stefanberger/swtpm/issues/461
This patch adds an abstraction layer to NVRAM state store implementation
for pluggable storage backends. No functional changes are intended in
this change. The default state store backend ("dir backend") keeps
current behavior.
To make swtpm ready for pluggable store, this patch moves file related
operations to the seperate file (swtpm_nvstore_dir.c) and defined the
interface for plugins (nvram_backend_ops in swtpm_nvstore.h). The
interface can be used by each plugin which will be added later.
With the interface, each plugin can access its "backend_uri" which
points to the location of the backend storage, for example S3 bucket
URL or iSCSI URL, and decide how it stores TPM state data.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
