From 4eb30badfeea274500e86a53395c8b037fe79a49 Mon Sep 17 00:00:00 2001 From: cplappert Date: Mon, 18 Feb 2019 15:51:28 +0100 Subject: [PATCH 1/3] Update tests to also run on physical TPMs TCTI for tests were hard-coded to use the simulator. Removing "-T mssim" will instruct TPM-Tools to iterate through all available TCTI interfaces instead. Signed-off-by: cplappert --- .travis.yml | 1 + test/ecdsa-emptyauth.sh | 2 +- test/ecdsa.sh | 2 +- test/failload.sh | 2 +- test/failwrite.sh | 2 +- test/rand.sh | 2 +- test/rsadecrypt.sh | 2 +- test/rsasign.sh | 2 +- test/rsasign_parent.sh | 12 ++++++------ test/rsasign_persistent.sh | 22 +++++++++++----------- test/rsasign_persistent_emptyauth.sh | 22 +++++++++++----------- 11 files changed, 36 insertions(+), 35 deletions(-) diff --git a/.travis.yml b/.travis.yml index fc6183d..df67495 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,7 @@ env: - OPENSSL_BRANCH=OpenSSL_1_0_2-stable - OPENSSL_BRANCH=OpenSSL_1_1_0-stable global: + - TPM2TOOLS_TCTI=mssim - PATH="${PWD}/installdir/usr/local/bin:${PATH}" - PKG_CONFIG_PATH="${PWD}/installdir/usr/local/lib/pkgconfig:/usr/lib/pkgconfig" - LD_LIBRARY_PATH="${PWD}/installdir/usr/local/lib:/usr/lib" diff --git a/test/ecdsa-emptyauth.sh b/test/ecdsa-emptyauth.sh index 15c239a..59f33c6 100755 --- a/test/ecdsa-emptyauth.sh +++ b/test/ecdsa-emptyauth.sh @@ -10,7 +10,7 @@ export PATH=${PWD}:${PATH} DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mydata -tpm2_startup -T mssim -c || true +tpm2_startup -c || true tpm2tss-genkey -a ecdsa -c nist_p256 ${DIR}/mykey diff --git a/test/ecdsa.sh b/test/ecdsa.sh index 4fdc3d1..daab553 100755 --- a/test/ecdsa.sh +++ b/test/ecdsa.sh @@ -10,7 +10,7 @@ export PATH=${PWD}:${PATH} DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mydata -tpm2_startup -T mssim -c || true +tpm2_startup -c || true tpm2tss-genkey -a ecdsa -c nist_p256 -p abc ${DIR}/mykey diff --git a/test/failload.sh b/test/failload.sh index 2093cdd..95b8d07 100755 --- a/test/failload.sh +++ b/test/failload.sh @@ -11,7 +11,7 @@ DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mykey chmod ugo-rwx ${DIR}/mykey -tpm2_startup -T mssim -c || true +tpm2_startup -c || true R="$(openssl rsa -engine tpm2tss -inform engine -in ${DIR}/mykey -pubout -outform pem -out ${DIR}/mykey.pub 2>&1 || true)" echo $R diff --git a/test/failwrite.sh b/test/failwrite.sh index 90b025a..3905034 100755 --- a/test/failwrite.sh +++ b/test/failwrite.sh @@ -11,7 +11,7 @@ DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mykey chmod ugo-rwx ${DIR}/mykey -tpm2_startup -T mssim -c || true +tpm2_startup -c || true R="$(tpm2tss-genkey -a ecdsa -c nist_p256 -p abc ${DIR}/mykey 2>&1 || true)" echo $R diff --git a/test/rand.sh b/test/rand.sh index b63404e..0178f86 100755 --- a/test/rand.sh +++ b/test/rand.sh @@ -6,6 +6,6 @@ export OPENSSL_ENGINES=${PWD}/.libs export LD_LIBRARY_PATH=$OPENSSL_ENGINES:${LD_LIBRARY_PATH-} export PATH=${PWD}:${PATH} -tpm2_startup -T mssim -c || true +tpm2_startup -c || true openssl rand -engine tpm2tss -hex 10 >/dev/null diff --git a/test/rsadecrypt.sh b/test/rsadecrypt.sh index cedafc4..ca46ff2 100755 --- a/test/rsadecrypt.sh +++ b/test/rsadecrypt.sh @@ -9,7 +9,7 @@ export PATH=${PWD}:${PATH} DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mydata -tpm2_startup -T mssim -c || true +tpm2_startup -c || true tpm2tss-genkey -a rsa -s 2048 -p abc ${DIR}/mykey diff --git a/test/rsasign.sh b/test/rsasign.sh index f90a59f..3f975b5 100755 --- a/test/rsasign.sh +++ b/test/rsasign.sh @@ -9,7 +9,7 @@ export PATH=${PWD}:${PATH} DIR=$(mktemp -d) echo -n "abcde12345abcde12345">${DIR}/mydata -tpm2_startup -T mssim -c || true +tpm2_startup -c || true tpm2tss-genkey -a rsa -s 2048 -p abc ${DIR}/mykey diff --git a/test/rsasign_parent.sh b/test/rsasign_parent.sh index 1670467..a4a89be 100755 --- a/test/rsasign_parent.sh +++ b/test/rsasign_parent.sh @@ -13,14 +13,14 @@ echo -n "abcde12345abcde12345">${DIR}/mydata.txt echo "Generating primary key" PARENT_CTX=${DIR}/primary_owner_key.ctx -tpm2_startup -T mssim -c || true +tpm2_startup -c || true -tpm2_createprimary -T mssim -a o -g sha256 -G rsa -o ${PARENT_CTX} -tpm2_flushcontext -T mssim -t +tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX} +tpm2_flushcontext -t # Load primary key to persistent handle -HANDLE=$(tpm2_evictcontrol -T mssim -a o -c ${PARENT_CTX} | cut -d ' ' -f 2) -tpm2_flushcontext -T mssim -t +HANDLE=$(tpm2_evictcontrol -a o -c ${PARENT_CTX} | cut -d ' ' -f 2) +tpm2_flushcontext -t # Generating a key underneath the persistent parent tpm2tss-genkey -a rsa -s 2048 -p abc -P ${HANDLE} ${DIR}/mykey @@ -31,7 +31,7 @@ cat ${DIR}/mykey.pub echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${DIR}/mykey -sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin # Release persistent HANDLE -tpm2_evictcontrol -T mssim -a o -c ${HANDLE} -p ${HANDLE} +tpm2_evictcontrol -a o -c ${HANDLE} -p ${HANDLE} cat ${DIR}/mysig diff --git a/test/rsasign_persistent.sh b/test/rsasign_persistent.sh index 236db6c..293b13e 100755 --- a/test/rsasign_persistent.sh +++ b/test/rsasign_persistent.sh @@ -13,33 +13,33 @@ echo -n "abcde12345abcde12345">${DIR}/mydata.txt echo "Generating primary key" PARENT_CTX=${DIR}/primary_owner_key.ctx -tpm2_startup -T mssim -c || true +tpm2_startup -c || true -tpm2_createprimary -T mssim -a o -g sha256 -G rsa -o ${PARENT_CTX} -tpm2_flushcontext -T mssim -t +tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX} +tpm2_flushcontext -t # Create an RSA key pair echo "Generating RSA key pair" TPM_RSA_PUBKEY=${DIR}/rsakey.pub TPM_RSA_KEY=${DIR}/rsakey -tpm2_create -T mssim -p abc -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -A sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext -T mssim -t +tpm2_create -p abc -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -A sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda +tpm2_flushcontext -t # Load Key to persistent handle RSA_CTX=${DIR}/rsakey.ctx -tpm2_load -T mssim -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX} -tpm2_flushcontext -T mssim -t +tpm2_load -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX} +tpm2_flushcontext -t -HANDLE=$(tpm2_evictcontrol -T mssim -a o -c ${RSA_CTX} | cut -d ' ' -f 2) -tpm2_flushcontext -T mssim -t +HANDLE=$(tpm2_evictcontrol -a o -c ${RSA_CTX} | cut -d ' ' -f 2) +tpm2_flushcontext -t # Signing Data echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE} -sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin # Get public key of handle -tpm2_readpublic -T mssim -c ${HANDLE} -o ${DIR}/mykey.pem -f pem +tpm2_readpublic -c ${HANDLE} -o ${DIR}/mykey.pem -f pem # Release persistent HANDLE -tpm2_evictcontrol -T mssim -a o -c ${HANDLE} +tpm2_evictcontrol -a o -c ${HANDLE} R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in ${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)" if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then diff --git a/test/rsasign_persistent_emptyauth.sh b/test/rsasign_persistent_emptyauth.sh index 0e1bead..71debcd 100755 --- a/test/rsasign_persistent_emptyauth.sh +++ b/test/rsasign_persistent_emptyauth.sh @@ -13,25 +13,25 @@ echo -n "abcde12345abcde12345">${DIR}/mydata.txt echo "Generating primary key" PARENT_CTX=${DIR}/primary_owner_key.ctx -tpm2_startup -T mssim -c || true +tpm2_startup -c || true -tpm2_createprimary -T mssim -a o -g sha256 -G rsa -o ${PARENT_CTX} -tpm2_flushcontext -T mssim -t +tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX} +tpm2_flushcontext -t # Create an RSA key pair echo "Generating RSA key pair" TPM_RSA_PUBKEY=${DIR}/rsakey.pub TPM_RSA_KEY=${DIR}/rsakey -tpm2_create -T mssim -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -A sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda -tpm2_flushcontext -T mssim -t +tpm2_create -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -A sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda +tpm2_flushcontext -t # Load Key to persistent handle RSA_CTX=${DIR}/rsakey.ctx -tpm2_load -T mssim -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX} -tpm2_flushcontext -T mssim -t +tpm2_load -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX} +tpm2_flushcontext -t -HANDLE=$(tpm2_evictcontrol -T mssim -a o -c ${RSA_CTX} | cut -d ' ' -f 2) -tpm2_flushcontext -T mssim -t +HANDLE=$(tpm2_evictcontrol -a o -c ${RSA_CTX} | cut -d ' ' -f 2) +tpm2_flushcontext -t # Signing Data #Actually signing should not require an auth value @@ -46,10 +46,10 @@ EOF fi # Get public key of handle -tpm2_readpublic -T mssim -c ${HANDLE} -o ${DIR}/mykey.pem -f pem +tpm2_readpublic -c ${HANDLE} -o ${DIR}/mykey.pem -f pem # Release persistent HANDLE -tpm2_evictcontrol -T mssim -a o -c ${HANDLE} -p ${HANDLE} +tpm2_evictcontrol -a o -c ${HANDLE} -p ${HANDLE} R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in ${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)" if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then From 9b0c7d1225f194a6098ceabcc9b0392abf8e1deb Mon Sep 17 00:00:00 2001 From: cplappert Date: Mon, 18 Feb 2019 18:38:45 +0100 Subject: [PATCH 2/3] Fix segfault on non-null auth'd persistent keys. Signed-off-by: cplappert --- src/tpm2-tss-engine-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tpm2-tss-engine-common.c b/src/tpm2-tss-engine-common.c index 3a668a1..542024e 100644 --- a/src/tpm2-tss-engine-common.c +++ b/src/tpm2-tss-engine-common.c @@ -275,7 +275,7 @@ tpm2tss_tpm2data_readtpm(uint32_t handle, TPM2_DATA **tpm2Datap) r = Esys_ReadPublic(eactx.ectx, keyHandle, session, ESYS_TR_NONE, ESYS_TR_NONE, - &outPublic, NULL, NULL); + NULL, NULL, NULL); /* tpm2-tss < 2.2 has some bugs. (1) it may miscalculate the auth from above leading to a password query in case of empty auth and (2) it From 933d5d378a83b9b47599e452c703436bc5b4f39b Mon Sep 17 00:00:00 2001 From: Andreas Fuchs Date: Tue, 19 Feb 2019 15:39:01 +0100 Subject: [PATCH 3/3] Fix parallel connections to TPM. Esys internal us of the TPM conflicted with our lease of the TPM, when using sessions under tpm2tss >=2.2.0. Fixing this by overriding the random engine to not be ourselves. Signed-off-by: Andreas Fuchs --- .travis.yml | 11 +++++++---- src/tpm2-tss-engine-common.c | 13 +++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index df67495..9deb34c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,8 +8,9 @@ dist: trusty env: matrix: - - OPENSSL_BRANCH=OpenSSL_1_0_2-stable - - OPENSSL_BRANCH=OpenSSL_1_1_0-stable + - OPENSSL_BRANCH=OpenSSL_1_0_2-stable TPM2TSS_BRANCH=2.2.0 + - OPENSSL_BRANCH=OpenSSL_1_1_0-stable TPM2TSS_BRANCH=2.1.0 + - OPENSSL_BRANCH=OpenSSL_1_1_0-stable TPM2TSS_BRANCH=2.2.0 global: - TPM2TOOLS_TCTI=mssim - PATH="${PWD}/installdir/usr/local/bin:${PATH}" @@ -30,6 +31,7 @@ addons: - uthash-dev - pandoc - expect + - doxygen install: - git clean -xdf @@ -83,11 +85,12 @@ install: - tar xJf autoconf-archive-2017.09.28.tar.xz - cp autoconf-archive-2017.09.28/m4/ax_code_coverage.m4 m4/ # TPM2-TSS - - git clone --depth=1 -b 2.1.0 https://github.com/tpm2-software/tpm2-tss.git + - git clone --depth=1 -b ${TPM2TSS_BRANCH} https://github.com/tpm2-software/tpm2-tss.git - pushd tpm2-tss - cp ../autoconf-archive-2017.09.28/m4/ax_code_coverage.m4 m4/ + - cp ../autoconf-archive-2017.09.28/m4/ax_prog_doxygen.m4 m4/ - ./bootstrap - - ./configure CFLAGS=-I${PWD}/../installdir/usr/local/include LDFLAGS=-L${PWD}/../installdir/usr/local/lib + - ./configure CFLAGS=-I${PWD}/../installdir/usr/local/include LDFLAGS=-L${PWD}/../installdir/usr/local/lib --disable-doxygen-doc - make -j$(nproc) - make install DESTDIR=${PWD}/../installdir - rm ${PWD}/../installdir/usr/local/lib/*.la diff --git a/src/tpm2-tss-engine-common.c b/src/tpm2-tss-engine-common.c index 542024e..7414a0e 100644 --- a/src/tpm2-tss-engine-common.c +++ b/src/tpm2-tss-engine-common.c @@ -34,6 +34,7 @@ #include #include +#include #include "tpm2-tss-engine.h" #include "tpm2-tss-engine-common.h" @@ -251,6 +252,16 @@ tpm2tss_tpm2data_readtpm(uint32_t handle, TPM2_DATA **tpm2Datap) .mode = {.aes = TPM2_ALG_CFB} }; + /* Esys_StartAuthSession() and session handling use OpenSSL for random + bytes and thus might end up inside this engine again. This becomes + a problem if we have no resource manager, i.e. the tpm simulator. */ + const RAND_METHOD *rand_save = RAND_get_rand_method(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 + RAND_set_rand_method(RAND_SSLeay()); +#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ + RAND_set_rand_method(RAND_OpenSSL()); +#endif + /* We do the check by starting a bound audit session and executing a very cheap command. */ r = Esys_StartAuthSession(eactx.ectx, ESYS_TR_NONE, keyHandle, @@ -277,6 +288,8 @@ tpm2tss_tpm2data_readtpm(uint32_t handle, TPM2_DATA **tpm2Datap) session, ESYS_TR_NONE, ESYS_TR_NONE, NULL, NULL, NULL); + RAND_set_rand_method(rand_save); + /* tpm2-tss < 2.2 has some bugs. (1) it may miscalculate the auth from above leading to a password query in case of empty auth and (2) it may return an error because the object's auth value is "\0". */