diff --git a/configure.ac b/configure.ac index f6103149b..c5d9032f1 100644 --- a/configure.ac +++ b/configure.ac @@ -272,7 +272,6 @@ ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) # programs/components ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.]) -ARG_ENABL_SET([aikpub2], [enable AIK extractor for TPM 2.0.]) ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.]) ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.]) ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.]) @@ -465,10 +464,6 @@ if test x$aikgen = xtrue; then tss_trousers=true fi -if test x$aikpub2 = xtrue; then - tss_tss2=true -fi - if test x$ntru = xtrue -o x$bliss = xtrue; then mgf1=true fi @@ -1652,14 +1647,14 @@ AM_CONDITIONAL(USE_PKI, test x$pki = xtrue) AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) -AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue) +AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue) AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue) -AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue) +AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm -o x$aikgen = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue) AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) @@ -1678,7 +1673,6 @@ AM_CONDITIONAL(USE_DBGHELP, test x$dbghelp_backtraces = xtrue) AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue) AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue) AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue) -AM_CONDITIONAL(USE_AIKPUB2, test x$aikpub2 = xtrue) AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue) AM_CONDITIONAL(USE_SVC, test x$svc = xtrue) AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue) @@ -1718,7 +1712,6 @@ fi strongswan_options= AM_COND_IF([USE_AIKGEN], [strongswan_options=${strongswan_options}" aikgen"]) -AM_COND_IF([USE_AIKPUB2], [strongswan_options=${strongswan_options}" aikpub2"]) AM_COND_IF([USE_ATTR_SQL], [strongswan_options=${strongswan_options}" pool"]) AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charon-logging"]) AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"]) @@ -1927,7 +1920,6 @@ AC_CONFIG_FILES([ src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile - src/aikpub2/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 938335e78..df171b270 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -135,7 +135,3 @@ endif if USE_AIKGEN SUBDIRS += aikgen endif - -if USE_AIKPUB2 - SUBDIRS += aikpub2 -endif diff --git a/src/aikpub2/.gitignore b/src/aikpub2/.gitignore deleted file mode 100644 index 42b5e265b..000000000 --- a/src/aikpub2/.gitignore +++ /dev/null @@ -1 +0,0 @@ -aikpub2 diff --git a/src/aikpub2/Makefile.am b/src/aikpub2/Makefile.am deleted file mode 100644 index a9ab13870..000000000 --- a/src/aikpub2/Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ -bin_PROGRAMS = aikpub2 - -aikpub2_SOURCES = aikpub2.c - -aikpub2_LDADD = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtpmtss/libtpmtss.la - -aikpub2.o : $(top_builddir)/config.status - -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtpmtss \ - -DIPSEC_CONFDIR=\"${sysconfdir}\" \ - -DPLUGINS=\""${aikgen_plugins}\"" diff --git a/src/aikpub2/aikpub2.c b/src/aikpub2/aikpub2.c deleted file mode 100644 index fea58ed27..000000000 --- a/src/aikpub2/aikpub2.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright (C) 2016 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tpm_tss.h" - -#include -#include -#include - -#include -#include -#include - -/* default directory where AIK keys are stored */ -#define AIK_DIR IPSEC_CONFDIR "/pts/" - -/* default name of AIK public key blob */ -#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der" - -/* logging */ -static bool log_to_stderr = TRUE; -static bool log_to_syslog = TRUE; -static level_t default_loglevel = 1; - -/* options read by optionsfrom */ -options_t *options; - -chunk_t aik_pubkey; -chunk_t aik_keyid; - -/** - * logging function for aikpub2 - */ -static void aikpub2_dbg(debug_t group, level_t level, char *fmt, ...) -{ - char buffer[8192]; - char *current = buffer, *next; - va_list args; - - if (level <= default_loglevel) - { - if (log_to_stderr) - { - va_start(args, fmt); - vfprintf(stderr, fmt, args); - va_end(args); - fprintf(stderr, "\n"); - } - if (log_to_syslog) - { - /* write in memory buffer first */ - va_start(args, fmt); - vsnprintf(buffer, sizeof(buffer), fmt, args); - va_end(args); - - /* do a syslog with every line */ - while (current) - { - next = strchr(current, '\n'); - if (next) - { - *(next++) = '\0'; - } - syslog(LOG_INFO, "%s\n", current); - current = next; - } - } - } -} - -/** - * Initialize logging to stderr/syslog - */ -static void init_log(const char *program) -{ - dbg = aikpub2_dbg; - - if (log_to_stderr) - { - setbuf(stderr, NULL); - } - if (log_to_syslog) - { - openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); - } -} - -/** - * @brief exit aikgen - * - * @param status 0 = OK, -1 = general discomfort - */ -static void exit_aikpub2(err_t message, ...) -{ - int status = 0; - - free(aik_pubkey.ptr); - free(aik_keyid.ptr); - options->destroy(options); - - /* print any error message to stderr */ - if (message != NULL && *message != '\0') - { - va_list args; - char m[8192]; - - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); - - fprintf(stderr, "aikpub2 error: %s\n", m); - status = -1; - } - library_deinit(); - exit(status); -} - -/** - * @brief prints the usage of the program to the stderr output - * - * If message is set, program is exited with 1 (error) - * @param message message in case of an error - */ -static void usage(const char *message) -{ - fprintf(stderr, - "Usage: aikpub2 --handle --out \n" - " [--force] [--quiet] [--debug ]\n" - " aikpub2 --help\n" - "\n" - "Options:\n" - " --handle (-H) TSS 2.0 AIK object handle\n" - " --out (-o) AIK public key in PKCS #1 format\n" - " --force (-f) force to overwrite existing files\n" - " --help (-h) show usage and exit\n" - "\n" - "Debugging output:\n" - " --debug (-l) changes the log level (-1..4, default: 1)\n" - " --quiet (-q) do not write log output to stderr\n" - ); - exit_aikpub2(message); -} - - -/** - * @brief main of aikpub2 which extracts an Attestation Identity Key (AIK) - * - * @param argc number of arguments - * @param argv pointer to the argument values - */ -int main(int argc, char *argv[]) -{ - /* external values */ - extern char * optarg; - extern int optind; - - char *aik_out_filename = DEFAULT_FILENAME_AIKPUBKEY; - uint32_t aik_handle = 0; - bool force = FALSE; - hasher_t *hasher; - tpm_tss_t *tpm; - - atexit(library_deinit); - if (!library_init(NULL, "aikpub2")) - { - exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); - } - if (lib->integrity && - !lib->integrity->check_file(lib->integrity, "aikpub2", argv[0])) - { - fprintf(stderr, "integrity check of aikpub2 failed\n"); - exit(SS_RC_DAEMON_INTEGRITY); - } - - /* initialize global variables */ - options = options_create(); - - for (;;) - { - static const struct option long_opts[] = { - /* name, has_arg, flag, val */ - { "help", no_argument, NULL, 'h' }, - { "optionsfrom", required_argument, NULL, '+' }, - { "handle", required_argument, NULL, 'H' }, - { "in", required_argument, NULL, 'i' }, - { "out", required_argument, NULL, 'o' }, - { "force", no_argument, NULL, 'f' }, - { "quiet", no_argument, NULL, 'q' }, - { "debug", required_argument, NULL, 'l' }, - { 0,0,0,0 } - }; - - /* parse next option */ - int c = getopt_long(argc, argv, "h+:H:i:o:fql:", long_opts, NULL); - - switch (c) - { - case EOF: /* end of flags */ - break; - - case 'h': /* --help */ - usage(NULL); - - case '+': /* --optionsfrom */ - if (!options->from(options, optarg, &argc, &argv, optind)) - { - exit_aikpub2("optionsfrom failed"); - } - continue; - - case 'H': /* --handle */ - aik_handle = strtoll(optarg, NULL, 16); - continue; - - case 'o': /* --out */ - aik_out_filename = optarg; - continue; - - case 'f': /* --force */ - force = TRUE; - continue; - - case 'q': /* --quiet */ - log_to_stderr = FALSE; - continue; - - case 'l': /* --debug */ - default_loglevel = atoi(optarg); - continue; - - default: - usage("unknown option"); - } - /* break from loop */ - break; - } - - init_log("aikpub2"); - - if (!lib->plugins->load(lib->plugins, - lib->settings->get_str(lib->settings, "aikpub2.load", PLUGINS))) - { - exit_aikpub2("plugin loading failed"); - } - if (!aik_handle) - { - usage("--handle option is required"); - } - - /* try to find a TPM 2.0 */ - tpm = tpm_tss_probe(TPM_VERSION_2_0); - if (!tpm) - { - exit_aikpub2("no TPM 2.0 found"); - } - - /* get AIK public key from TPM */ - aik_pubkey = tpm->get_public(tpm, aik_handle); - tpm->destroy(tpm); - - /* exit if AIK public key retrieval failed */ - if (aik_pubkey.len == 0) - { - exit_aikpub2("retrieval of AIK public key failed"); - } - - /* store AIK subjectPublicKeyInfo to file */ - if (!chunk_write(aik_pubkey, aik_out_filename, 0022, force)) - { - exit_aikpub2("could not write AIK public key file '%s': %s", - aik_out_filename, strerror(errno)); - } - DBG1(DBG_LIB, "AIK public key written to '%s' (%u bytes)", - aik_out_filename, aik_pubkey.len); - - /* AIK keyid derived from subjectPublicKeyInfo encoding */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) - { - exit_aikpub2("SHA1 hash algorithm not supported"); - } - if (!hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid)) - { - hasher->destroy(hasher); - exit_aikpub2("computing SHA1 fingerprint failed"); - } - hasher->destroy(hasher); - - DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid); - - exit_aikpub2(NULL); - return -1; /* should never be reached */ -}