39 changes: 35 additions & 4 deletions .ci/travis-build-and-run-tests.sh
View file
Expand Up @@ -3,12 +3,43 @@
# all command failures are fatal
set -e

if [ -d build ]; then
rm -rf build
fi

# Do not run tests when building on coverity_scan branch
if [ "${COVERITY_SCAN_BRANCH}" == 1 ]; then
echo "Coverity scan branch detected, not running build nor tests...exiting!"
exit 0
fi

# If it's clang, enable asan
if [[ "$CC" == clang* ]]; then
echo "Detecting clang, enable asan"
export CFLAGS="-O1 -g -fsanitize=address -fno-omit-frame-pointer"
echo "Exported CFLAGS=$CFLAGS"
config_flags="--disable-hardening"
echo "Disabled configure option hardening"
export ASAN_ENABLED=true
echo "Exported ASAN_ENABLED=$ASAN_ENABLED"
# To get line numbers set up the asan symbolizer
clang_version=`$CC --version | head -n 1 | cut -d\ -f 3-3 | cut -d\. -f 1-2`
# Sometimes the version string has an Ubuntu on the front of it and the field
# location changes
if [ $clang_version == "version" ]; then
clang_version=`$CC --version | head -n 1 | cut -d\ -f 4-4 | cut -d\. -f 1-2`
fi
echo "Detected clang version: $clang_version"
ASAN_SYMBOLIZER_PATH="/usr/lib/llvm-$clang_version/bin/llvm-symbolizer"
if [ -e "$ASAN_SYMBOLIZER_PATH" ]; then
export ASAN_SYMBOLIZER_PATH
echo "Exported ASAN_SYMBOLIZER_PATH=$ASAN_SYMBOLIZER_PATH"
else
echo "No llvm symbolizer found at: $ASAN_SYMBOLIZER_PATH"
unset ASAN_SYMBOLIZER_PATH
fi
fi

# Bootstrap in the tpm2.0-tss tools directory
./bootstrap

Expand All @@ -17,25 +48,25 @@ mkdir ./build
pushd ./build

# Test building without tcti tabrmd
../configure --enable-unit --without-tcti-tabrmd
../configure --enable-unit --without-tcti-tabrmd $config_flags
make -j$(nproc)
make -j$(nproc) check
make -j$(nproc) clean

# Test building without tcti socket
../configure --enable-unit --without-tcti-socket
../configure --enable-unit --without-tcti-socket $config_flags
make -j$(nproc)
make -j$(nproc) check
make -j$(nproc) clean

# Test building wihtout tcti device
../configure --enable-unit --without-tcti-device
../configure --enable-unit --without-tcti-device $config_flags
make -j$(nproc)
make -j$(nproc) check
make -j$(nproc) clean

# Build all device TCTIs
../configure --enable-unit
../configure --enable-unit $config_flags
make -j$(nproc)
make -j$(nproc) check
# no clean here, keep artifacts for system testing
Expand Down
3 changes: 2 additions & 1 deletion .travis.yml
View file
Expand Up @@ -7,7 +7,7 @@ dist: trusty
language: c
compiler:
- gcc
- clang
- clang-3.8

addons:
coverity_scan:
Expand All @@ -26,6 +26,7 @@ addons:
- libcurl4-openssl-dev
- libdbus-1-dev
- libglib2.0-dev
- clang-3.8

env:
global:
Expand Down
80 changes: 40 additions & 40 deletions lib/tpm2_alg_util.c
View file
Expand Up @@ -19,44 +19,44 @@ struct alg_pair {
void tpm2_alg_util_for_each_alg(tpm2_alg_util_alg_iteraror iterator, void *userdata) {

static const alg_pair algs[] = {
{ .name = "rsa", .id = ALG_RSA_VALUE },
{ .name = "sha", .id = ALG_SHA_VALUE },
{ .name = "sha1", .id = ALG_SHA1_VALUE },
{ .name = "hmac", .id = ALG_HMAC_VALUE },
{ .name = "aes", .id = ALG_AES_VALUE },
{ .name = "mgf1", .id = ALG_MGF1_VALUE },
{ .name = "keyedhash", .id = ALG_KEYEDHASH_VALUE },
{ .name = "xor", .id = ALG_XOR_VALUE },
{ .name = "sha256", .id = ALG_SHA256_VALUE },
{ .name = "sha384", .id = ALG_SHA384_VALUE },
{ .name = "sha512", .id = ALG_SHA512_VALUE },
{ .name = "null", .id = ALG_NULL_VALUE },
{ .name = "sm3_256", .id = ALG_SM3_256_VALUE },
{ .name = "sm4", .id = ALG_SM4_VALUE },
{ .name = "rsassa", .id = ALG_RSASSA_VALUE },
{ .name = "rsaes", .id = ALG_RSAES_VALUE },
{ .name = "rsapss", .id = ALG_RSAPSS_VALUE },
{ .name = "oaep", .id = ALG_OAEP_VALUE },
{ .name = "ecdsa", .id = ALG_ECDSA_VALUE },
{ .name = "ecdh", .id = ALG_ECDH_VALUE },
{ .name = "ecdaa", .id = ALG_ECDAA_VALUE },
{ .name = "sm2", .id = ALG_SM2_VALUE },
{ .name = "ecschnorr", .id = ALG_ECSCHNORR_VALUE },
{ .name = "ecmqv", .id = ALG_ECMQV_VALUE },
{ .name = "kdf1_sp800_56a", .id = ALG_KDF1_SP800_56A_VALUE },
{ .name = "kdf2", .id = ALG_KDF2_VALUE },
{ .name = "kdf1_sp800_108", .id = ALG_KDF1_SP800_108_VALUE },
{ .name = "ecc", .id = ALG_ECC_VALUE },
{ .name = "symcipher", .id = ALG_SYMCIPHER_VALUE },
{ .name = "camellia", .id = ALG_CAMELLIA_VALUE },
{ .name = "sha3_256", .id = ALG_SHA3_256_VALUE },
{ .name = "sha3_384", .id = ALG_SHA3_384_VALUE },
{ .name = "sha3_512", .id = ALG_SHA3_512_VALUE },
{ .name = "ctr", .id = ALG_CTR_VALUE },
{ .name = "ofb", .id = ALG_OFB_VALUE },
{ .name = "cbc", .id = ALG_CBC_VALUE },
{ .name = "cfb", .id = ALG_CFB_VALUE },
{ .name = "ecb", .id = ALG_ECB_VALUE },
{ .name = "rsa", .id = TPM_ALG_RSA },
{ .name = "sha", .id = TPM_ALG_SHA },
{ .name = "sha1", .id = TPM_ALG_SHA1 },
{ .name = "hmac", .id = TPM_ALG_HMAC },
{ .name = "aes", .id = TPM_ALG_AES },
{ .name = "mgf1", .id = TPM_ALG_MGF1 },
{ .name = "keyedhash", .id = TPM_ALG_KEYEDHASH },
{ .name = "xor", .id = TPM_ALG_XOR },
{ .name = "sha256", .id = TPM_ALG_SHA256 },
{ .name = "sha384", .id = TPM_ALG_SHA384 },
{ .name = "sha512", .id = TPM_ALG_SHA512 },
{ .name = "null", .id = TPM_ALG_NULL },
{ .name = "sm3_256", .id = TPM_ALG_SM3_256 },
{ .name = "sm4", .id = TPM_ALG_SM4 },
{ .name = "rsassa", .id = TPM_ALG_RSASSA },
{ .name = "rsaes", .id = TPM_ALG_RSAES },
{ .name = "rsapss", .id = TPM_ALG_RSAPSS },
{ .name = "oaep", .id = TPM_ALG_OAEP },
{ .name = "ecdsa", .id = TPM_ALG_ECDSA },
{ .name = "ecdh", .id = TPM_ALG_ECDH },
{ .name = "ecdaa", .id = TPM_ALG_ECDAA },
{ .name = "sm2", .id = TPM_ALG_SM2 },
{ .name = "ecschnorr", .id = TPM_ALG_ECSCHNORR },
{ .name = "ecmqv", .id = TPM_ALG_ECMQV },
{ .name = "kdf1_sp800_56a", .id = TPM_ALG_KDF1_SP800_56A },
{ .name = "kdf2", .id = TPM_ALG_KDF2 },
{ .name = "kdf1_sp800_108", .id = TPM_ALG_KDF1_SP800_108 },
{ .name = "ecc", .id = TPM_ALG_ECC },
{ .name = "symcipher", .id = TPM_ALG_SYMCIPHER },
{ .name = "camellia", .id = TPM_ALG_CAMELLIA },
{ .name = "sha3_256", .id = TPM_ALG_SHA3_256 },
{ .name = "sha3_384", .id = TPM_ALG_SHA3_384 },
{ .name = "sha3_512", .id = TPM_ALG_SHA3_512 },
{ .name = "ctr", .id = TPM_ALG_CTR },
{ .name = "ofb", .id = TPM_ALG_OFB },
{ .name = "cbc", .id = TPM_ALG_CBC },
{ .name = "cfb", .id = TPM_ALG_CFB },
{ .name = "ecb", .id = TPM_ALG_ECB },
};

size_t i;
Expand Down Expand Up @@ -143,7 +143,7 @@ bool tpm2_alg_util_is_hash_alg(TPM_ALG_ID id) {
return false;
}

static UINT16 hash_alg_size(TPMI_ALG_HASH id) {
UINT16 tpm2_alg_util_get_hash_size(TPMI_ALG_HASH id) {

switch (id) {
case TPM_ALG_SHA1 :
Expand Down Expand Up @@ -262,7 +262,7 @@ bool pcr_parse_digest_list(char **argv, int len,
/* fill up the TPMT_HA structure with algorithm and digest */
BYTE *digest_data = (BYTE *) &d->digest;

UINT16 expected_hash_size = hash_alg_size(alg);
UINT16 expected_hash_size = tpm2_alg_util_get_hash_size(alg);
/* strip any preceding hex on the data as tpm2_util_hex_to_byte_structure doesn't support it */
bool is_hex = !strncmp("0x", data, 2);
if (is_hex) {
Expand Down
26 changes: 10 additions & 16 deletions lib/tpm2_alg_util.h
View file
Expand Up @@ -5,22 +5,6 @@

#include <sapi/tpm20.h>

/*
* The TSS has a bug where it was missing algs 0x27 trough 0x29.
* see: https://github.com/01org/TPM2.0-TSS/issues/476
* per https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf
* FIXME: https://github.com/01org/tpm2-tools/issues/375
*/
#ifndef ALG_SHA3_256_VALUE
#define ALG_SHA3_256_VALUE 0x27
#endif
#ifndef ALG_SHA3_384_VALUE
#define ALG_SHA3_384_VALUE 0x28
#endif
#ifndef ALG_SHA3_512_VALUE
#define ALG_SHA3_512_VALUE 0x29
#endif

/**
* Iterator callback routine for iterating over known algorithm name and value
* pairs.
Expand Down Expand Up @@ -136,4 +120,14 @@ struct tpm2_pcr_digest_spec {
bool pcr_parse_digest_list(char **argv, int len,
tpm2_pcr_digest_spec *digest_spec);

/**
* Retrieves the size of a hash in bytes for a given hash
* algorithm or 0 if unknown/not found.
* @param id
* The HASH algorithm identifier.
* @return
* 0 on failure or the size of the hash bytes.
*/
UINT16 tpm2_alg_util_get_hash_size(TPMI_ALG_HASH id);

#endif /* LIB_TPM2_ALG_UTIL_H_ */
1 change: 1 addition & 0 deletions lib/tpm2_nv_util.h
View file
Expand Up @@ -30,6 +30,7 @@ bool tpm2_nv_util_strtoattr(char *attribute_list, TPMA_NV *nvattrs);
* of the TPMA_NV attributes.
*/
char *tpm2_nv_util_attrtostr(TPMA_NV nvattrs);

/**
* Reads the public portion of a Non-Volatile (nv) index.
* @param sapi_context
Expand Down
28 changes: 3 additions & 25 deletions lib/tpm2_policy.c
View file
Expand Up @@ -7,24 +7,7 @@
#include "files.h"
#include "log.h"
#include "tpm2_policy.h"

static unsigned get_size_from_alg(TPMI_ALG_HASH hashAlg) {
switch (hashAlg) {
case TPM_ALG_SHA1:
return SHA1_DIGEST_SIZE;
case TPM_ALG_SHA256:
return SHA256_DIGEST_SIZE;
case TPM_ALG_SHA384:
return SHA384_DIGEST_SIZE;
case TPM_ALG_SHA512:
return SHA512_DIGEST_SIZE;
case TPM_ALG_SM3_256:
return SM3_256_DIGEST_SIZE;
default:
LOG_ERR("Unknown hashAlg, cannot determine digest size.\n");
return 0;
}
}
#include "tpm2_alg_util.h"

static bool evaluate_populate_pcr_digests(TPML_PCR_SELECTION pcr_selections,
char *raw_pcrs_file,
Expand All @@ -47,7 +30,7 @@ static bool evaluate_populate_pcr_digests(TPML_PCR_SELECTION pcr_selections,
}

//digest size returned per the hashAlg type
unsigned dgst_size = get_size_from_alg(pcr_selections.pcrSelections[i].hash);
unsigned dgst_size = tpm2_alg_util_get_hash_size(pcr_selections.pcrSelections[i].hash);
if (!dgst_size) {
return false;
}
Expand Down Expand Up @@ -221,12 +204,7 @@ TPM_RC tpm2_policy_build(TSS2_SYS_CONTEXT *sapi_context,
return rval;
}

// And remove the session from sessions table.
rval = tpm_session_auth_end(*policy_session);
if (rval != TPM_RC_SUCCESS) {
LOG_ERR("Failed deleting session from session table\n");
return rval;
}
tpm_session_auth_end(*policy_session);
}

return rval;
Expand Down
2 changes: 1 addition & 1 deletion lib/tpm_kdfa.c
View file
Expand Up @@ -39,7 +39,7 @@ static const EVP_MD *tpm_algorithm_to_openssl_digest(TPMI_ALG_HASH algorithm) {
switch(algorithm) {
case TPM_ALG_SHA1:
return EVP_sha1();
case ALG_SHA256_VALUE:
case TPM_ALG_SHA256:
return EVP_sha256();
case TPM_ALG_SHA384:
return EVP_sha384();
Expand Down