mirror of
https://github.com/stefanberger/swtpm.git
synced 2026-01-10 06:46:44 +00:00
27bf9db67e
Prepend tag-length-value (tlv) headers in front of all data being stored in the byte stream following the header. This lets us uniquely identify plain data (= TPM state), encrypted data (= encrytped TPM state), migration data (which is wrapped plain or encrytped TPM state), and an HMAC block to validate the plain data. We keep support for version 1 for reading the data but convert them to version 2 when writing them out. This way we loose backwards compatibility (downgrading of swtpm is not possible), but it allows us to extend the state in the future by adding addition blocks with tlv headers. Version 1 of the encryption was prepending the hash on the plaintext data then encrypting all of it. This method is not so good. In version 2 we now use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an HMAC on the encrypted data. Files written by the swtpm didn't have a header before. Now they also get a header. This means that the state written into files and the state retrieved using the API (swtpm_ioctl --save) have the same format, but still differ in so far as the API wraps the data in a tlv header for migration, which the files written out as state would never get. Adapt a couple of test cases show file sizes and hashes have changed now. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> |
||
|---|---|---|
| .. | ||
| data | ||
| _test_encrypted_state | ||
| _test_getcap | ||
| _test_hashing | ||
| _test_hashing2 | ||
| _test_init | ||
| _test_locality | ||
| _test_migration_key | ||
| _test_migration_key_2 | ||
| _test_resume_volatile | ||
| _test_save_load_encrypted_state | ||
| _test_save_load_state | ||
| _test_setbuffersize | ||
| _test_swtpm_bios | ||
| _test_volatilestate | ||
| _test_wrongorder | ||
| common | ||
| create_certs.sh | ||
| load_vtpm_proxy | ||
| Makefile.am | ||
| swtpm_setup.conf | ||
| test_clientfds.py | ||
| test_commandline | ||
| test_common | ||
| test_config.in | ||
| test_ctrlchannel | ||
| test_ctrlchannel2 | ||
| test_ctrlchannel3 | ||
| test_ctrlchannel4 | ||
| test_cuse | ||
| test_encrypted_state | ||
| test_getcap | ||
| test_hashing | ||
| test_hashing2 | ||
| test_init | ||
| test_locality | ||
| test_migration_key | ||
| test_parameters | ||
| test_resume_volatile | ||
| test_save_load_encrypted_state | ||
| test_save_load_state | ||
| test_setbuffersize | ||
| test_setdatafd.py | ||
| test_swtpm_bios | ||
| test_swtpm_cert | ||
| test_swtpm_setup_create_cert | ||
| test_volatilestate | ||
| test_vtpm_proxy | ||
| test_wrongorder | ||