| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* doc updates to add new fields and clarify primary template
* test fixes for newer tpm emulators
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
until it goes on to datatracker, this keeps me from having to bump the
date periodically to prevent it from expiring.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The openssl check for unknown curve names simply looks for a specific
string. Old openssl printed this but didn't error, but new openssl
errors out. Update the check firstly to fail on error then check the
string.
Additionally some vTPMs have started supporting the SM2 curve. When
it works in openssl it has the problem that it's only allowed with the
SM3 hash, which won't work with any of the generic hash looping tests,
so disable testing the SM2 curve.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Some vTPM implementations are shipping with the TCG recommendation to
disable the SHA1 bank. This will cause some PCR based policy tests
which depend on it to fail, so re-enable the sha1 bank if this is
detected.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The TCG created some confusion with primary templates over what should
be in the unique value. All implementations so far have taken the
view that it should be two zero size points. However, the L template
and earlier TCG drafts required two 32 byte zero filled points. To
clear this up entirely, specify that the P-256 key must use the H-2
template (matching what everyone currently does) and that the RSA2048
key must use the H-1 template.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
|
|
Some implementation such as pcr-oracle prefers RSA 2048 to ECC NIST-P256
for the primary key. This commit introduces a new option, rsaParent, to
make it flexible to choose the assymetric algorithm for the primary key.
Signed-off-by: Gary Lin <glin@suse.com>
[jejb: update option to number 5]
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Useful for application that displays a user visible string to go along
with the key.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
TPM2_Sign is actually used for ECC keys.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The blocks are not aligned properly making the output less readable.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fix 32 bit build
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
On 32 bits strtol can't be used to convert a hex number with the high
bit set (as happens for persistent handles) because it will overflow
and return LONG_MAX, strtoul must be used instead.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* implement tpm2_PolicySecret
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Also update the recommendations for Authorization to make it clear
that more than one password per key would cause issues for most crypto
systems and should be avoided.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Adds the option --secret <handle> to insert a reliance on the
authorization of the object named by <handle> in the policy. This has
implications for emptyAuth because if the PolicySecret statement
appears in the policy, it must be set (meaning we can no longer
condition this on auth being NULL).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This uses the consumable authorization scheme where if PolicySecret is
specified, it consumes the password in app_data->auth and no password
is passed in to the main command. Although TPM2_PolicySecret has many
options, the only ones that really matter to the policy hash are the
name of the object and the policyRef. We also add a possibly zero
handle hint at the beginning to identify persistent objects easily,
since finding by name is hard.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
In theory, TPM2_PolicySecret allows multiple different passwords to be
specified to use an object. However, this is incompatible with the
single password model of openssl (and all other crypto systems), so we
make the rule that if a policy contains TPM2_PolicySecret, meaning the
auth has to be passed in to the policy session, then it can't also be
required to authorize the main command as well (i.e. only a single
authorization string per policy). We implement this by making the
authorization string a return from tpm2_init_session. If
authorization hasn't been consumed by policy sessions, it will be the
value of app_data->auth otherwise if it has been consumed, it will be
NULL.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a cut down version of PolicySecret (with no nonceTPM, cpHashA or
expiry and thus no returned timeout or ticket) for use with a
PolicySecret statement in the encoded policy statements.
For simplicity the authorization string is passed in and the internal
routine constructs the necessary HMAC session for encoding it in the
command (this saves the calling code from having to worry about
multiple sessions).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This is a precursor to supporting TPM2_PolicySecret. The essential
component of this policy is the name of the object being used for
authorization. The most common elements for names are persistent and
NV objects. In each case the hash is that of the public area, but the
NV object also has to have a special call to retrieve the public area
(TPM2_NV_ReadPublic instead of TPM2_ReadPublic). Add a name option to
tpm2_ReadPublic to allow it to retrieve the name and add
tpm2_NV_ReadPublic to retrieve the name of and NV index.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Fairly simple since the emulator only runs at locality zero.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This allows the tools to bind to a locality using the policy flag
--locality. The locality is a bitmap. The usual localities are 0-4.
On kernels which support executing the kernel at a different locality
from userspace, this allows things like the creation of sealed data
that can only be unsealed in the kernel (or never unsealed in the
kernel).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Update both TSSs to add the ability to do locality policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
When the same policy signing key is used for different TPM objects
with signed policy, the policyRef must be unique to prevent policy
swapping, so document this in the implementation considerations for
signed policies.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fixes for openssl 3.2
* fix for encrypted secret size
* fix for swtpm and swtpm2 simultaneous install
* gcc-13 fix
* make signed_tpm2_policy match man page
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The provider originally didn't take references in the context to the
peer and standard key for EC derivation. Openssl 3.2 broke this
assumption by freeing the peer key early. Fix this by taking the
correct references.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Openssl 3.2 has two problems with this test. The first is that it
will no longer use a CA certificate unless it has the CA constraint
set and the second is that it seems the pkcs12 required parameters are
incompatible with the local openssl.cnf. Fix both by not using the
local openssl.cnf when generating non-TPM openssl files and use the
v3_ca section of the global openssl.cnf to add the CA constraint.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Apparently openssl 3.2 no longer accepts the OPENSSL_ENGINE
environment variable for the location of the engines directory. This
breaks the dynamic engine test, so work around this by adding the
engine location to LD_LIBRARY_PATH.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
It's been reported that the ASN.1 representation of the encrypted
secret is always two bytes too big and zero padded at the end. This
is because the written parameter isn't reset to zero when the secret
was Marshalled and is in fact left at 2 from a previous use. Fix by
initializing to zero before marshalling.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The man page says we implement three commands: add, ls and rm; but we
don't, we only implement add. So fix signed_tpm2_policy to match its
man page.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
These helpers will be used to implement the ls and rm functions
of signed_tpm2_policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
gcc-13 started giving an uninitialized variable error in
unseal_tpm2_data.c even though reason would be initialized in every
error leg. Fix it by initializing to NULL.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
If both are installed, we will prefer the IBM swtpm2 (tpm_server), so
we are still able to run the nonopenssl_ecc test that swtpm fails.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fixes for intel-tss and openssl < 3
* Fix support for the non-reference swtpm (although you should use the
reference implementation for testing)
* Doc updates to the draft RFC to make it ready for ietf submission
* Fix openssl BOOLEAN issues
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Update incorrect use of macro to OPENSSL_VERSION_NUMBER
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The ASN.1 standard strictly requires a Boolean to be 0xff for true or
0 for false. Apparently openssl simply writes the value it was given
without checking (which is usually a C value true or false), so a lot
of our BOOLEANS are ending up with the illegal value 1. Redo the
setting of this variable to be either 0xff for true or absent for
false (as the standard recommends).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The current formulation of the if clause would use swtpm first if
found and then the ibmswtpm2. Since the latter is the reference
implementation and the former has deviated from it to the extent that
some tests have to be skipped to prevent spurious failures, always
prefer testing with the reference implementation.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
David Woodhouse suggested converting from <artwork> to <sourcecode>
for the ASN.1 code and Russ Housley suggested adding an ASN.1 module.
The ASN.1 module now passes the syntax checker at
https://osystest.site/webtools2/asn1SyntaxCheck.php
Which necessitated quite a few changes like the addition of commas and
the changing of value names to start with lower case
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
And add a pointer to the actual provisioning document where the
template is specified.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Apparently swtpm has deviated from the TPM2 reference implementation
and one consequence of this is that it no longer handles parametrised
EC curves correctly. Skip the non openssl curve tests to prevent this
causing spurious test failures.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Apparently the Intel TSS insists on sending a command to the control
socket for the mssim tcti backend. This fails for swtpm (because it
isn't listening), so set the swtpm backend for this case.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
No shipping TPM actually supports these curves and OpenSSL doesn't
produce the correct certificate signatures for them (pads to key
length, so signature length check can't determine hash type). Rather
than work around this, simply remove the curves.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The correct format of an else if in CPP is #elif not #elsif (not sure
why the CPP didn't error).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Fix "auth{olicy" ==> "authPolicy"
Signed-off-by: Gary Lin <glin@suse.com>
|
|
* New openssl-3 provider
* update intel-tss for openssl-3
* gcc-13 fix for enum/int confusion in prototypes
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Normally providers are selected in order, so specifying
--provider default --provider tpm2
is enough to ensure that the default provider is used for all routines
the tpm2 provider doesn't actually provide. However, there is an
exception to this ordering in that openssl will search the cache first
before going in provider order, so when the implementation beneath
this provider also needs to use openssl (as all tss's do) then you get
into a situation where the first use of a tpm2 routine will populate
the cache for tpm2 only and then all subsequent uses will find tpm2
before default. This is a serious recursion problem in the tss
because it uses elliptic curve derivation to obtain the encrypted salt
for sessions but it can't go back around and use this providers
routines for EC because they'll eventually need to derive the
encrypted salt ...
The fix is to artificially populate the cache with the default
provider before the tpm2 also gets added.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Gate tests on openssl3, but re-run all the engine tests (except the
dynamic engine one) using the provider.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
These take different forms: RSA is a simple RSA padded decryption but
for EC it's an ECDH key derivation.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add all the signature functions for EC and RSA keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Basic provider with decoders, keymanagement and signatures
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
OpenSSL-3 apparently has never really tried to build an external
provider. There are large swathes of functionality which exists
within the openssl internals, but which isn't exposed but which
providers actually have to use. Most providers roll their own, but
here we provide a MIT licensed library of openssl missing functions
that any provider can use.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The missing routines in the intel-tss over the IBM one need to be
updated to use openssl-3 primitives.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fix uninitialized variable in tpm2_try_policy()
* fix importable key creation with Intel TSS
* restructure directory layout to prepare for OpenSSL-3 provider
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
tpm2_try_policy() can be handed a zero length policy to check if a
signed policy consists of just one element. For this case it returns
the initial value of RC, which is uninitialized. Fix by setting it to
TPM_RC_SUCCESS.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The intel TSS has an internal handle representation which is
habitually used for everything. However, when the data is created off
TPM, such as for importable keys, the external handle representation
must be used to get the correct handle value. Fix the import case so
the default handle is external not internal and add a missing parent
string parser.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Gary Lin noticed that the OID in the RFC is missing a digit compared
to what's already in use. This appears to be an oversight from when
the negotiations with the TCG were onging and the code got updated but
not the RFC. Update the OID base to 2.23.133.10.1 to reflect what
everyone is actually using.
Cc: Gary Lin <glin@suse.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
We'll need to use this inside both the provider and the engine.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
During the construction of the prior elliptic curve refactor patch a
mistake was made whereby the parent authority wasn't passed in. This
wasn't picked up by any of the current tests, so add a test
specifically using parent authority for elliptic curve keys to prevent
any regressions in this area.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
There's no reason to restrict EC signatures to the TPM allowed hashes
since we know how hashes have to be signed with the EC algorithm.
Simply use a hash corresponding to the width of the EC key and pad or
truncate appropriately.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Since these will have to be shared between the engine and the provider.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Separate out bio loading (openssl3 uses bios not file names) of TPM
keys and export tpm2_curve_get_order(). Use TPM2B_PUBLIC for the public
key (saves multiple unmarshals in the provider). Also allows the
elimination of the name_alg field which can now be picked out of the
TPM2B_PUBLIC.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Essentially this means modifying the engine tests to specify a
provider or an engine.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Also move tests to be the last item in the Makefile.am SUBDIRS as
recommended by the automake documentation. Eventually this will allow
for the addition of provider tests which can be run independently from
the engine tests.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Eventually we're going to need to build engine and provider objects
with the same name, so they'll need to be built in different directories
and thus the project needs restructuring to allow this.
engine is now in src/engine
tpm2-common.c is now built as a library and in src/libcommon
common includes are in src/include
All the key creation and manipulation tools are in src/tools
The tests have been rejigged to change where they look for the engine
and consolidate bindir (which is now the src/tools) to a central
location in the Makefile.am
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fix memory leak of key authorization
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The engine never actually frees the memory allocated by the password
input routines. This is not only a memory leak, but also a potential
sensitive data leak, so fix this by doing a clear_free in the teardown
routines if app_data->auth was set.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fix intermittent EC TPM_RC_KEY return
* add import section to man pages
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
seal_tpm2_key was missing a description of the --policy <file> option.
Also add a section to create_tpm2_key nor seal_tpm2_key describing how
to create importable keys/sealed data blobs.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Some tests with EC keys occasionally fail with TPM_RC_KEY. This has
been traced to the x or y points of the public key being representable
in fewer bytes than the order of the curve. Apparently the MS TPM
emulator contains a check that the size of the points is always the
order of the curve. Fix this by always padding EC points up to the
curve order.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Add importable sealed data
* Fix name hash for importable keys and data
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The reason we didn't notice non-sha256 name algorithms didn't work on
import is because we didn't test them, so loop all the import tests
over different name algorithms to make sure we never regress here.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The import options don't work with a non-sha256 name algorithm,
primarily because they make the wrong assumptions about which hash
they're supposed to be using for the encryption and hmac key
derivations (it's always the name algorithm of the parent, never the
one of the actual key). Also fix a missing argument to -n on
seal_tpm2_data and set the name algorithm from the key file on
unseal_tpm2_data.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Under simple conditions: a key with authorization and a key with pcr
policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
In the same way we do with keys, you should be able to use the
--import key.pub option to seal data to a known SRK. The SRK should
be created with a P-256 elliptic curve template to match the key we
usually create as the parent.
tsscreateprimary -hi o -ecc nistp256 -st -opem srk.pub
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The original scheme had a different OID for loadable and importable
keys. However, this turned out to be unnecessary since we can use the
presence of the optional secret to determine whether the object is
loadable or importable. For sealed data, we'll use the same OID
(2.23.133.10.1.5) and the presence or absence of secret. This means
the common routines need to be updated to expect this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
So it can be reused in seal_tpm2_key by adding an --import option
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fix double free
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The routine tpm2_new_signed_policy() frees the key, which contains the
policy, on success or failure meaning the TSSAUTHPOLICY has been freed
after exit from this function and we trigger an error if we try to
free it again. There's also a double free of the EVP_PKEY in
tpm2_new_signed_policy().
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
New Features:
* Signed policies for keys and sealed data
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Document the use of option [3] in the key for sequences of signed
policies which must be tried sequentially.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Run through a sequence of checks to make sure keys with multiple signed
policies work in all cases.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This adds the new command signed_tpm2_policy which can add, show and
remove policies from a key. The key must first have been created with
a --signed-policy <key> option, and you must possess the private part
of <key> to add a new policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This changes the way policies are stored in the key and processed.
Since signed policies are chains of policies which may or may not
work, an additional pols[] array is added to the app_data of the key,
with pols[0] being what the prior policy would be and pols[1+] being
where additional signed policy may be added or removed. Since a
successful TPM2_PolicyAuthorize() invocation replaces the current
policy hash with one derived from the key and the nonce, it makes no
sense for TPM2_PolicyAuthorize() to be anywhere other than at the
beginning of the standard policy or at the end of each of the signed
policies.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
TPM2_PolicyAuthorize() requires quite a few additional TPM functions:
TPM2_LoadExternal()
TPM2_VerifySignature()
TPM2_PolicyRestart()
TPM2_PolicyGetDigest()
So add them all. In addition it requires marshalling TPMT_HA and
TPMT_SIGNATURE.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a --signed-policy option to both which takes a public key and then
uses tpm2_add_signed_policy() to create a key policy which requires
additional signed policies.
Note that keys/blobs so created cannot be used until at least one
signed policy is added.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a mechanism to keys for using a set of signed policies (only one
of which has to pass to use the key). The option [4] of the
TSSPRIVKEY ASN is used to store the signed policies and a new type
TSSAUTHPOLICY is added as the container for signed policies.
TSSAUTHPOLICY has a name field, so any policy may be named for easier
location. Any policy may be added at a later date providing it is
signed by the private <key>. This addition doesn't have to be done on
the machine where the TPM is. Although passing the new TSSAUTHPOLICY
is added, no processing is done, the code merely recognizes such a key
but mostly can't use it. A new function tpm2_add_signed_policy() is
added for key creation routines to use.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Preparatory to adding signed policies, we need access to the routines
that convert openssl public keys to TPM ones and generate names so
they can be used in the signed policy handling routines. Moving this
across also necessitates moving the name algorithm (and openssl error
printing) to common code. Also abstract tpm2_md() for converting between
EVP hash algorithms and TPM_ALG_... names.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fix segfault in unseal_tpm2_key
* Fix pcr sealing error in create_tpm2_key caused by uncleared stack
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
In some circumstances, key unsealing leads to a segmentation fault on
failure. The problem is that unseal_tpm2_key passes a NULL ppkey
value into tpm2_load_engine_file() because it doesn't want an EVP_PKEY
returned. However, there's an error leg in this function that tries
to set this to NULL even if no ppkey was passed in (and thus
segfaults).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
pcr_lock is created as an on stack variable and then updated
additively. On some platforms, the stack isn't zero, so it contains
bogus PCR settings that are never cleared which show up as additional
PCRs in the range the user hadn't requested. Fix this by zeroing the
entire on-stack structure before using it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fix use after free in dynamic engines
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Apparently openssl doesn't do this for engine keys meaning that the
openssl described way of obtaining and engine key
if (ENGINE_init(e)) {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
ENGINE_finish(e);
}
results in a dynamic engine being torn down immediately after the key
is obtained. Fix this by taking a reference in the binding and
releasing it when the key app_data is freed. This requires adding a
pointer to the engine to the app_data.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a test to make sure that the engine isn't torn down while keys are
currently active (this is succeeding for statically configured engines
but failing for dynamic engines).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This allows an error to be thrown if the engine gets torn down while
keys are active. This condition is unrecoverable because the key
methods (and potentially the engine code) would be freed after this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Bandaid openssl-3 support
* direct pcr policy creation options
* TPM key RFC
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Openssl 3 deprecated rsautil which we use for testing. This wouldn't
be a problem except they also broke it as well for good measure: it no
longer returns an error code when something fails with the key. The
test infrastructure relies on this return code, so we have to update
all of the rsautl tests to use pkeyutl instead.
Also the return error for unknown curve changed from "unknown curve"
to "invalid curve" so now we have to look for both.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The engine keys we produce have replaced key methods. However
openssl-3 by default looks for provider methods and won't use the key
methods unless the keys are "legacy". The input pkey definitely won't
be legacy so we have to convert it to a legacy key buy assigning the
RSA/EC key back into the pkey.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This is just a bandaid at the moment to prevent -Werror from breaking
the compile on deprecated API warnings. Since the APIs will be
removed in the next release, this buys some time. The final solution
will likely have to be a conversion to the new provider interface.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
gcc-11 noticed parentHandle may be uninitialized if the first error
branch is taken, so fix it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Adds the xml file for the draft RFC and builds text and html versions
if the xml2rfc program is found.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Just as with create_tpm2_key add the --pcr-lock policy to specify the
PCRs to seal to at their current values.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The only current way to add policy to a key is to use policymaker to
create it. This is actually a bit beyond most people, so this is a
patch to simplify that: since most people only want very simple
policies like PCR locking. This patch allows PCR policy to be
specified as --pcr-lock [hash:]<pcr list>. This option may be
repeated multiple times to add new banks. The option will collect the
*current* values of the selected PCRs and lock the key to them (this
means it can't be used for importable keys which are usually created
away from the platform containing the TPM).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The written parameter should be set incrementally not absolutely.
Fortunately, this bug doesn't manifest in the current engine, because
there's no sequence of marshal commands, but it will manifest in
future updates.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fix various memory leaks
* add fix for privilege reduction of application
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Albeit unlikely to occur in practice, according to OpenSSL
documentation, NULL or -1 can be returned in case of allocation
errors, so these errors must be handled for correctness.
Signed-off-by: Jonathan Wernberg <jonathaw@axis.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Currently, some memory and indices were allocated by the engine
during the binding, but this means the resources would leak if
the engine is unloaded again. Instead, refactor the initialization
code to use the bound init() and finish() functions, so resources
are allocated in init() and can be freed again in finish().
This makes valgrind happy.
Signed-off-by: Jonathan Wernberg <jonathaw@axis.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Before reading the TPM key, tpm2_set_unique_tssdir() creates a temporary
working directory for IBM TSS-generated files. By default permissions are
0700, which means that only the owner is able to access that directory.
Unfortunately there is a case, the Apache web server, where the temporary
directory is created when the process user is still root, as the process
must be able to read the TPM key. Then, the process switches to the apache
user and TPM operations cannot be performed because the apache user cannot
access the temporary directory. This can be seen in the output of strace:
3030 openat(AT_FDCWD, "/etc/attest-tools/tls_key.pem", O_RDONLY) = 11
3030 openat(AT_FDCWD, "/etc/attest-tools/tls_key_cert.pem", O_RDONLY) = 11
...
3030 setuid(48) = 0
...
3087 openat(AT_FDCWD, "/dev/tpmrm0", O_RDWR) = 16
3087 openat(AT_FDCWD, "/run/user/0/tss2.fHbi2k/h81000001.bin",
O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EACCES (Permission denied)
3087 openat(AT_FDCWD, "/run/user/0/tss2.fHbi2k/hp81000001.bin",
O_RDONLY) = -1 EACCES (Permission denied)
This patch introduces two new environment variables, XDG_RUNTIME_DIR_OWNER
and XDG_RUNTIME_DIR_GROUP, to explicitly set the owner and the group of the
temporary directory.
XDG_RUNTIME_DIR should also be set if also the parent directory is not
accessible (for example, if it is /run/user/0).
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Build time support for Intel TSS
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Without it handle abstraction can't be done properly, so it is fairly
essential to the operation of the TSS. The check is done as a library
functional check instead of a version in case this rather essential
API gets backported.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The Intel TSS doesn't seem to be able to use the NULL seed correctly
as a key parent. NULL seed parents are useful for secret keys that
can't live beyond a reboot, but the number of consumers for this
functionality is tiny, so while the issue is outstanding, simply
disable the tests that use the NULL seed to hide the problem.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Using the previously created abstrations, insert wrappers for the
Intel TSS. There are significant annoyances like the IBM constants
are taken from the TCG TPM guides, which all begin TPM_ and the Intel
constants are all taken from the TCG ESAPI guide, which all begin
TPM2_ additionally all the ESAPI commands insist on allocating the
return structures whereas the IBM TSS, following the command guides,
uses on-stack structures. However, the only real results of this are
a huge set of definitions in the intel-tss.h and pointless allocation
and freeing of structures.
Note that the Intel TSS doesn't export enough of the supporting
routines to build some required capabilites (even though it actually
has them internally), so code providing those are directly copied into
intel-tss.h from the IBM TSS and indicated in comments in the header
file. Since the IBM TSS is BSD licensed, the resulting code is still
under the project Licence LGPL.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Apparently no-one at the TCG read the memo on pointless abstractions,
so they have an internal and an external representation for the TPM
handles. The really annoying thing is that the two are represented by
the same type in the Intel TSS, so there's no way for the compiler to
check if you've kept everything straight. The other significant
problem is that the internal representation is only valid for as long
as the context lives, so everything that has a longer lifetime than
the context must be in the external representation. Finally, just to
trip you up, a small number of commands use the external
representation in the API but no-one will tell you which ones.
Fix this by introducing APIs for transforming handles from internal to
external and back, which are nops on the IBM TSS and add a host of
transforms to the code. Proof that this is correct is simply that the
Intel TSS works.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The IBM TSS uses a single execute primitive whereas the Intel one uses
a functional primitive. Neither can be exactly mapped, so create a
new functional primitive which can fill the gap between them. Since
the Intel TSS has no in/out structures, unwrap all the IBM in/out
structures into their respective components.
Finally, make tpm2_create used everywhere to become a wrapper for the
different context mechanisms.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The eventual goal is to support either the Intel or the IBM TSS. One
of the many differences between them is the TPM2B structures are
mostly unions in the IBM TSS and straight definitions in the Intel
TSS. The IBM TSS often has the straight definitions of TPM2B_XXX
structures as XXX_2B, so substitute those where possible and introduce
VAL conversion macros to hide other differences.
This patch also abstracts all the tss includes and places them via
tpm2-tss.h and its IBM specific counterpart ibm-tss.h
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Add every TPM supported curve (as defined by the TCG)
* Fix a bug with explicitly parametrised curve handling (needed for BN)
* Update the tests to be able to use swtpm
* Allow loading public key without password
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The openssl rsa and pkey commands will import a public engine key with
the -pubin option, so add this and remove the password to exercise the
new public key option.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Users are slightly perplexed when we ask for a password to read the
public part of the key, since there's no password protected
information in there. This is because we implement only the private
key load, which always asks for a password if one is required. This
can be fixed by implementing the engine load public key method.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
In addition to tpm_server there's another tpm emulator called
swtpm. Avoid forcing distributions to support both by adjusting the
test suite to run with either emulator and detecting in configure
which can be used.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Most TPMs support curves that openssl doesn't know. However, openssl
can explicitly parametrise them, so add a create_nonopenssl_ecc test
to create explicitly parametrised public keys and check they can
derive the same secret.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Over the years openssl seems to have changed its handling of elliptic
curves to automatically assume the curve is named unless told
otherwise. When the engine produces an explicit parametrisation, it
now has to reset the asn1_flag of the key to remove the named curve
setting otherwise the public key ends up being empty.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Openssl can deal with elliptic curves in two ways: named curve for the
ones it knows about and explicitly parametrised for ones it doesn't.
Expand the wrap_ecc.sh test to add a set of tests for wrapping
explicitly parametrised keys. This actually checks the curve numbers
hard coded into tpm2-common.c
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The missing curve parametrisations are NIST_P192, NIST_P224,
NIST_P521, BN_P638 and SM2.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* fixes for older OpenSSL and gcc
* variable tpm_server location for testing
James Bottomley (3):
configure.ac: make location of software TPM configurable
seal_tpm2_data: fix compile problem on older gcc
Fix OpenSSL 1.0.2 build
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Older versions of OpenSSL are giving the error
tpm2-common.h:82:10: error: 'struct stack_st_TSSOPTPOLICY' declared inside parameter list [-Werror]
Fix this by adding a DECLARE_STACK_OF to tpm2-asn.1 and including it
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
gcc 4.8.5 is giving a spurious uninitialized variable warning for
reason. Shut this up by initializing it to the empty string.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
openSUSE has chosen to put the tpm_server binary in /usr/lib/ibmtss
which means the current test programmes can't find it. Fix this by
creating a new configuration variable TPMSERVER corresponding to the
absolute path of the software TPM. Make failing to find the software
TPM a non-fatal but significantly warned about problem because it only
affects the running of the tests, not the building of the engine.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* data seal/unseal handling
* PKCS12 wrapping support
James Bottomley (6):
tpm2-common.c: move several routines into common code
tpm2-common: export tpm key type from file to app_data
Add TPM data sealing and unsealing functions
Add test for seal/unseal
Add ability to import PKCS12 keys
add mailing list in README and bug reporting
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
PKCS12 is a fairly common key wrapping protocol, particularly used by
Microsoft, so add the ability to wrap PKCS12 keys. The wrap merely
searches the PKCS12 bag for the private key, ignores all the
certificates and produces a TPM wrapped version of the private key it
finds. We can discriminate easily between PKCS12 and PEM private keys
because the PKCS12 DER is a very specific ASN.1 format, so we don't
need to know what type of keyfile we have, we just try both formats to
see if it will import.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a simple test to make sure a key is recognized as not sealed data
and to seal and unseal data with a password.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This adds two commands and their manpages: seal_tpm2_data and
unseal_tpm2_data plus a new OID 2.23.133.10.1.5 to identify sealed
data. The object is to be interoperable with the new kernel sealed
data format.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This will be useful for sealed keys to know they were the correct type
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
These routines will be used by the seal/unseal command, so make them
common to facilitate this.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* bug fixes
* add DER handling to key input forms
James Bottomley (7):
e_tpm2: simplify tpm2_load_key_core
tpm2-common: extract file and TPM loading functions
load_tpm2_key: use common file parsing and load routines
load_tpm2_key: add a test for loading importable keys
tpm2-common: make empty auth optional
tpm2-common: allow loading of DER keys
tests: add a test for DER keys
Jonathan Wernberg (1):
Fix compile warning on older GCC
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Now that we're supposed to support DER based keys, check that we can
use them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
One of the reasons for putting an OID at the beginning of the
structure was to make the binary DER form uniquely recognizable. This
should mean we're safe to try loading the binary form if the PEM form
fails. Activate that feature (for the new structure only).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The ASN.1 spec lists it as optional and if it's not present it should
be treated as boolean false (meaning the key needs authorization).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Now that the file and key loading is done in common code, test that
loading of importable keys actually works.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This allows load_tpm2_key to use every format currently allowed for
the tpm keys. For load_tpm2_key this means it can now load importable
keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The functions needed to load the key file and load a key into the TPM
are extracted from create_tpm2_key in preparation for re-used in
load_tpm2_key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The original was designed for a switchable UI and a passed in bio.
Since we do neither of these things now, strip out the superfluous
coding.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
GCC cannot, for each possible value of one variable such as "tssl",
keep track of which of all other variables such as "pubkey" and
"privkey" are uninitialized or not. Some GCC versions just assumes
the variable may be uninitialized if it cannot know. Some more recent
GCC versions seem to take the opposite approach.
Either way, a simple refactoring of the error handling eliminates
the uncertainity by making both the if and else clause definitely
set the variables "pubkey" and "privkey" to an initialized value,
so it now compiles fine.
Signed-off-by: Jonathan Wernberg <jonathaw@axis.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* add the ability to produce restricted (storage) keys with defined
symmetric seeds
* new load_tpm2_key command to load a key file at a NV index
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add general tests of the new command plus a specific test of the
ability to create a key to a wrapped parent, clear the TPM (thus
effectively creating a new tpm), re-wrapping the key and demonstrating
that the old parented key can still be used.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
In order to use restricted keys as parents, they have to be loaded
into the TPMs NV handle area, so introduce a new command to do that.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
We've been obscuring a bug in tpm2_rm_tssdir() for a while in that we
create a key file for the parent non volatile key but don't remove it
again. We fixed it up in tpm2_rm_tssdir() by hard coding the removal
of the key file belonging to 81000001. However, this won't work if we
can have an arbitrary NV parent, so make the key file removal
explicit.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Right at the moment we create unrestricted signing and decryption
keys. These keys are the most useful for cryptographic operations,
but they cannot be used as parents for any other key. The addition of
the --restricted option allows the creation of restricted decryption
keys (aka storage keys) which can be used as parents for other keys.
One of the requirements of storage keys is that they must have a
symmetric seed that can be used to protect the sensitive parts of
child keys. For wrapped keys, we derive the symmetric seed from the
public and private parts of the wrapped key, meaning the same wrapped
key always has the same symmetric seed. This allows child keys of a
wrapped parent to be transported between TPMs.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
So git status now shows the correct status without all the temporary
and test files interfering.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Add support for non-PKCS1 padding
* Fixups for engines and cross builds
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The variables might contain quotes, so don't re-quote them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Up to now we've only handled PKCS1 padding, but since this is being
deprecated by NIST, we need to handle all the others. It turns out
that the RSA layer of openssl can only really handle OAEP with
mgf1(sha1) or unpadded, so add both of those to the engine. All other
sophisticated padding in openssl is handled at the pmeth layer and
thus only requires an unpadded key operation at the RSA layer, which
we've now added, so the tpm2 engine should now work for any padding
type supported by openssl.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add an additional --with-enginesdir parameter to allow for specifying
the engine directory instad of probing for it. In addition install both
engine.so and libengine.so because we don't know which one openssl
will be looking for since it depends on the openssl version.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
certain steps in the build, like help2man to generate the man pages
assume the built binary can be executed on the platform. This is
untrue for a cross build, so detect native builds and only take the
execution steps for them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
* Fix segfault in importable keys
* Fix spurious error on old format keys
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The written parameter on the import unmarshal isn't set meaning it
contains a bogus value. Occasionally this value causes a segfault, so
fix by setting the value to 0.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
When the engine successfully performs an operation with an older key,
we still end up with an apparent error (which can be displayed to the
user) about a failed load. This comes from the initial failed attempt
to load the new key format and can be fixed by clearing all openssl
errors if the old key format load succeeds.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Engine is named tpm2 and not tpm.
Signed-off-by: Fredrik Ternerot <fredrikt@axis.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add importable keys
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add two simple tests: creating an importable EC key with auth and
creating an importable RSA key with policy. Verify a self signed
certificate created with each key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Importable keys are a new type of key that can be created without
access to the receiving TPM. The design of importable keys is that
you "wrap" the key (encrypt with a derived key) in such a way that it
can only be unwrapped by the TPM local parent key. To do this
wrapping you only need to know the public key of the parent, which can
be shipped in an ordinary openssl public key file.
The key format of importable keys requires an additional encrypted
secret parameter, which basically encodes the wrapping key using ECDH
so it can be decrypted by the parent on import.
Importable keys are designed to be used everywhere the current
loadable keys are used, the only difference being that the TPM engine
converts the importable key to loadable on first load and thereafter
uses it identically to a loadable key.
The new command line option of importable keys is
create_tpm2_key --import <pubparent> --wrap <private key> tmp.key
Where <pubparent> is the parent public key and <private key> is the
key you are wrapping (obviously since you have no access to the TPM,
this option can only be used to wrap existing private keys).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The sensitive to duplicate interface is really only used for key
wrapping, and this is only done at key creation time, not on key
processing, so it has no place in the common code.
When moving to create_tpm2_key.c we change the calling convention to
make it more clear that we're not doing full conversion, merely inner
wrapping the key.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Point conversion from openssl to TPM format is now used in a couple of
places in the current code, so move it into the common routines.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Fix bugs with secrets hiding, name algorithm and policy
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This test checks for two things, firstly that we get the policy right
with different name algorithms and secondly that we actually get the
name algorithm correctly specified. This all works because with
policyPCR the hash of the expected policy registers has to be done
with the name algorithm hash, so we'll get a mismatch here if either
the name algorithm is wrong (or the policy parsing fails).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
For all keys, policy must use the same algorithm as the name
algorithm, so fix that and add checks for different algorithms.
This also fixes a bug in the PCR policy where we were accidentally
getting 32 from the size of the PCR unmarshal selection rather than
setting the correct PCR hash algorithm size
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The response payload could be sensitive, so protect with encryption
like the RSA case.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Enable TPM parameter encryption for RSA private encrypt/decrypt to
protect sensitive data sent to and received from the TPM.
Signed-off-by: Fredrik Ternerot <fredrikt@axis.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
we use pointers to the public and private areas of the TPM
import/create commands to fill out the OpenSSL TPM key, but these
areas go out of scope and are thus freed before we actually use them.
So fix this by declaring the in/out parameters for these commands in
global instead of local scope.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The results from strcasecmp are zero if it matches, so you need a not
in front of strcasecmp() for the condition to be "it matches". The
current strncasecmp() in the name algorithm selection were missing the
not's resulting in the wrong algorithm being selected if you specified
it on the command line.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
With the updated licence, changed key format and new OIDs, it's time
for a major version bump. The other minor addition is time limited
keys based on policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
To check that old format keys still work, we add a --deprecated option
to create_tpm2_key that allows us to create them still. The test is
to create an old format key and prove the engine still accepts it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
We previously stole an OID in the TCG space to use to identify our
keys. With the shift to a new key format, we've also taken the
opportunity to clarify with the TCG which OIDs we can use. It turns
out the ones we initially chose were non-leaf nodes, so we now finally
have a couple of leaf nodes allocated and thus we take advantage of
the new key format to switch to using them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
... and indeed do so. Make the pubkey and parent non-optional, for
a start, but leave the type field alone for now. The explicit tag
of the policy field can change because it's harmles to do so.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
[jejb: plumb policy in correctly]
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
We can now tweak the ASN.1 definition for the PRIVATE KEY variant...
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
We have agreed that these should have the FIXEDPARENT and FIXEDTPM
flags. Firstly, add a flag which indicates that the new flags
should be used.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
After the licence switch to LGPL2.1 there were still some stray GPLv2
tags in the code, so swap these for SPDX tags identifying the chosen
LGPL licence.
Additionally, since the key format needs to be standardised, clarify
that the ASN.1 code defining the key format may be copied under fair
use criteria.
Reported-by: Fredrik Ternerot <fredrik.trot@gmail.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
There are two problems being solved here: the first is integration with the
OpenSSL licence, which usually requires an exception and also a request from
gnutls to reuse some of the engine code. The solution to both of these is to
relicense to LGPLv2.1 and then move pieces which might be re-used to a proper
library instead of a loadable object. This commit is the precursor licence
change. The signoffs below represent all the authors of copyrightable code as
required by a licence change.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Now we have the ability to produce identifying error prints for
failing policy, we can make the PolicyPCR fail at policy check time
rather than waiting to find a policy hash mismatch. We do that by
adding the expected value of the PCR hash to the policy statement,
meaning the policy command fails if the current PCR values don't match
the expected ones. We can then check for this failure and print out a
more detailed message. There is a slight wrinkle in this scheme in
that TPM2_PolicyCounterTimer() returns TPM_RC_POLICY when the policy
fails, but TPM2_PolicyPRC() returns TPM_RC_VALUE if the hash is
mismatched, so the code must be updated to check for the correct
return indicating a policy failure.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Implement TPM2_PolicyCounterTimer which allows comparison of the
current counter and timer values. There is a problem with the policy
file in that traditionally the policy file is simply hashed to make
the final policy, but CounterTimer is different: the necessary
information has to be hashed and then that hash is hashed into the
policy meaning that we have to special case the
TPM_CC_PolicyCounterTimer in the computation of the hash.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Minor update with bug fixes
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
If the policy command of the key fails for any reason, we exit the
engine without flushing the policy session, which leads to a build up
of policy sessions leading to eventual failure. Fix this by flushing
the policy session in tpm2_init_session() if there's any policy
failure.
Also add a test for this and fix up check_enhanced_auth.sh so that any
failed test exits the script.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Remove unused policy_pcr_unmarshal().
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
- Now looks for variable locations for the tss library
- Includes updates to support key policy (PCR and password)
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a files secton to describe the policy file format (copied from the
README file) and lose the bit about us taking 50s to generate the
parent if unspecified: now we generate the ECC version which is much
faster.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The current order goes collect auth first before parsing the policy
file which leads to the unfortunate consequence that we'll make you
type in a verified password before we error out and tell you you don't
have the correct PolicyAuthValue command in your policy file. Reorder
this so we only collect the password after we've verified the policy
correctly supports it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Right at the moment, if we fail, we print the reason via the tpm error
formatting routines which doesn't work so well if the failure isn't a
tpm error. Fix this by having a TPM_RC NOT_TPM_ERROR which we set
when we just want to print the reason message rather than pass it
through tpm error handling. Additionally, don't set a default value
for reason to ensure all the error legs have a valid reason (gcc will
fail with an error that reason may be uninitialized if an error leg is
added but reason isn't correctly set).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
There's no check that we actually have a last argument and the check
to see if we have too many is wrong. All of this needs to be relative
to optind, so if optind != argc-1 we don't have the final file name.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add tests for enhanced authorization:
1) PolicyAuthValue
2) PolicyPCR
3) PolicyAuthValue + PolicyPCR
4) PolicyPCR + PolicyAuthValue
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Introduce the --key-policy option to enforce additional restrictions on the
new TPM key.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Retrieve the policy commands from the key and store in the app_data
structure.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Initialize the policy session with the policy command included in the key.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Determine the type of session required to use a key from USERWITHAUTH flag.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Rename the function and add the additional parameter sessionType, so that
it can return a handle of a hmac or a policy session.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The tss2 includes are moving from /usr/include/tss2 to
/usr/include/ibmtss, so add an AC_CHECK_HEADER for both locations and
add a variable path include to each file so the whole system still
compiles no matter which style of header path is installed.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
As of version 1234, the ibmtss2 is now in libibmtss not in libtss and
also requires -DTPM_POSIX or -DTPM_WINDOWS to be provided on the
command line. Fix for this by adding libibmtss to the path check for
the TSS library and unconditionally adding -DTPM_POSIX.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
