Add support for RSA-4096 kyes for EKs. This requires users to choose the
default-v2 profile because this is the only profile that currently enables
this type of a key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
libtpms v0.11 will support RSA-4096 keys. Adjust the test case
regex for optional output of 'tpm2-rsa-keysize-4096'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The build for RISC-V causes timeouts when running tests in parallel due
to the CPU being emulated. Avoid the timeouts by not running parallel
tests.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove the unused fsync code from the directory backend since it could not
be used due to potential reason for TPM command timeouts.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Github actions does not run ubuntu-20.04 anymore due to EOL. Update the
20.04 entries to use 24.04.
cpp-coveralls needs an older version of python3 due to pkgutil.ImpImporter
having disappeared in more recent python versions. Therefore, leave
test-coveralls at 22.04.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reverse the order of uninstallation of the ‘swtpm’ and ‘swtpm_svirt’
selinux modules. The current order fails because 'swtpm-svirt' module
has a dependency on the 'swtpm' module. This results in the ‘swtpm'
module not being cleaned up during %postun:
$ semodule -l | grep swtpm
swtpm
swtpm_svirt
$ semodule -n -X 200 -s targeted -r swtpm
libsemanage.semanage_direct_remove_key: Removing last swtpm module (no other swtpm module exists at another priority).
Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/200/swtpm_svirt/cil:4
/sbin/semodule: Failed!
$ sudo semodule -n -X 200 -s targeted -r swtpm_svirt
libsemanage.semanage_direct_remove_key: Removing last swtpm_svirt module (no other swtpm_svirt module exists at another priority).
$ semodule -l | grep swtpm
swtpm
Signed-off-by: Ajeeth Adithya <ajeeth.adithya@nutanix.com>
Add the %selinux_relabel_pre macro in the %pre section to back up the
current file contexts lists. This is required since %selinux_relabel_post
macro in the %posttrans section uses the backup to revert to the original contexts.
Signed-off-by: Ajeeth Adithya <ajeeth.adithya@nutanix.com>
Coverity complains that the assignment of connection_fd.fd = mlp->fd
leaks the value of connection_fd.fd. However, the logic is so that
this cannot happen because further down in the loop:
1) only when connection_fd.fd < 0, then pollfds[DATA_SERVER_FD] gets
a value
2) connection_fd.fd = accept() only happens if 1) happened
However, if mlp->flags & MAIN_LOOP_FLAG_USE_FD is != 0 then
connection_fd was assigned a value and 1) never happens.
=> Fix the Coverity complaint even though it is a false positive.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the custom profile's Algorithms when adjusting them for FIPS mode,
rather than the list of all implemented Algorithms. The list of implemented
Algorithms contains for example elliptic curve identifiers, such as
ecc-nist-p192, ecc-nist-p224, ecc-nist-p256, ecc-nist-p384, ecc-nist-p521,
ecc-bn-p256, ecc-bn-p638, that are not part of the custom profile but are
enabled with the ecc-min-size=192, ecc-nist, and ecc-bn shortcuts there.
Using the algorithms of the custom profile avoids confusion since otherwise
the additional ecc-nist-* and ecc-bn-* algorithm identifiers appear in the
modified custom profile even though the were not part of the original one.
Test:
swtpm_setup --tpm2 --tpmstate . --overwrite \
--profile-name custom --profile-remove-disabled fips-host
before:
...,ecc,ecc-min-size=224,ecc-nist,ecc-bn,ecc-nist-p224,ecc-nist-p256,
ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,...
now:
...,ecc,ecc-min-size=224,ecc-nist,ecc-bn,ecc-sm2-p256,...
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Enable passing the usual curve names of secp256r1 and secp384r1 instead
of ecc256 and ecc384 on the command line of swtpm-create-tpmca.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend swtpm-create-tpm to support rsa2048 (default), rsa3072, ecc256
(NIST P256), and ecc384 (NIST P384) for the created TPM 2 CA. The names
are taken from the output of:
tpm2_ptool addkey --help
ecc521 does not seem to work with the TPM 2 stack even though it is
advertised as a possible option.
Extend an existing test case to create an ecc256 key and extend man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Ensure that no profile is passed to the TPM 2 when it is to be reconfigured
by:
- Showing an error if user tries to pass a profile when also --reconfigure
is passed
- Not taking the default profile from the swtpm_setup.conf configuration
file if the user did not pass a profile
Extend an existing test case with a default profile in its swtpm_setup.conf
so that the above 2nd item is tested.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When listing profiles, then the profiles in the distro directory did not
show up since the directory formed by 'DATAROOTDIR "swtpm/profiles"' was
missing a '/' at the end of DATAROOTDIR. Use DISTRO_PROFILES_DIR instead.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm fails with a NFS mount. `setsebool virt_use_nfs on` should fix it.
Resolves: https://issues.redhat.com/browse/RHEL-73809
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fix the following build error due to missing include of config.h where
_FILE_OFFSET_BITS is defined and leads to different sizes of off_t depending
on whether it is defined and/or included:
tpmlib.h:76:7: error: type of 'tpmlib_handle_tcg_tpm2_cmd_header' does not match original declaration [-Werror=lto-type-mismatch]
76 | off_t tpmlib_handle_tcg_tpm2_cmd_header(const unsigned char *command,
| ^
tpmlib.c:576:7: note: return value type mismatch
576 | off_t tpmlib_handle_tcg_tpm2_cmd_header(const unsigned char *command,
| ^
tpmlib.c:576:7: note: 'tpmlib_handle_tcg_tpm2_cmd_header' was previously declared here
tpmlib.c:576:7: note: code may be misoptimized unless '-fno-strict-aliasing' is used
lto1: all warnings being treated as errors
lto-wrapper: fatal error: gcc returned 1 exit status
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2334600
Fixes: 599e2436d4 ("configure.ac: enable 64-bit file API on 32-bit systems")
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Improve the swtpm_setup --tpm option documentation that did not mention
that the socket option must be passed along when swtpm is being used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
There seems to be a well known error in setuptools 71.x that prevents
installation of cpp-coveralls on Travis now:
File "/usr/local/lib/python3.10/dist-packages/setuptools/_core_metadata.py", line 285, in _distribution_fullname
canonicalize_version(version, strip_trailing_zero=False),
TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
Fall back to the default version that is used in Ubuntu Jammy (59.6.0)
since later versions also lead to the same error.
Link: https://github.com/pypa/setuptools/issues/4483
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When building an rpm with swtpm.spec on Fedora 40 this type of errors
appear on variables that normally do not need to be initialized.
In file included from /usr/include/glib-2.0/glib.h:117,
from profile.c:14:
In function ‘g_autoptr_cleanup_generic_gfree’,
inlined from ‘profile_gather_local’ at profile.c:307:23,
inlined from ‘profile_printall’ at profile.c:366:10:
/usr/include/glib-2.0/glib/glib-autocleanups.h:32:3: error: ‘dir’ may be used uninitialized [-Werror=maybe-uninitialized]
32 | g_free (*pp);
| ^~~~~~~~~~~~
profile.c: In function ‘profile_printall’:
profile.c:307:23: note: ‘dir’ was declared here
307 | g_autofree gchar *dir;
| ^~~
Include string.h since in some older build environments strcmp and strlen
do not have prototypes otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check for a null pointer from parsing the string value in
json_get_submap_value(). All callers assume that the returned value is
non-NULL and therefore ensure that there is always a valid string.
However, all callers also provide trusted input from TPMLIB_GetInfo that
should never cause a NULL pointer.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The profile '{"Name": null}' will not lead to a parser error but return
NULL for the 'Name'. Therefore, check for variable name being a NULL
pointer. Since the user may provide this type of profile this could have
lead to crashes when name was accessed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Move the error message about the failure to import a signing key into the
else branch where it should be (all other branches of the if-then-else
statement have a check already). Also mention the key's filename and hint
at possibly corrupted key.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2325901
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Comment the flags used for creating the storage primary key.
Deprecate the --create-spk option since it may create an RSA-3072 key
and it creates a NIST P384 instead of NIST P256, both of which users may
not expect and know how to use.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
QEMU's functional tests need access to /var/tmp/**. To avoid the following
type of AppArmor permission failures add a rule that allows access to
/var/tmp/**.
type=AVC msg=audit(1730829888.863:260): apparmor="DENIED" \
operation="mknod" class="file" profile="swtpm" \
name="/var/tmp/qemu_3r9txw7z/swtpm-socket" pid=3925 comm="swtpm" \
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000FSUID="stefanb" \
OUID="stefanb"
[ To run the QEMU's functional tests use the following command:
make check-functional ]
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
