ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

51 Commits

Author SHA1 Message Date
Andreas Steffen 08760dd927 tpm: Intel FW TPM always uses locality 0 2021-01-08 11:00:15 +01:00
Andreas Steffen 3e5a528aec tpm: Auto-detection of legacy TPM 2.0 devices 2020-10-07 16:54:32 +02:00
Andreas Steffen 3ef5b23903 pts: Variable size PCR banks 2020-10-07 16:54:32 +02:00
Andreas Steffen 56de4dc596 libtpmtss: Remove aik_blob debug output 2020-10-07 16:54:32 +02:00
Andreas Steffen d647a8f91d pts: Parse TPM 2.0 BIOS/EFI event log 2020-10-07 16:54:32 +02:00
Andreas Steffen da1d7815ef tpm: TPM 2.0 supports SHA3 and CMAC 2020-10-07 16:54:32 +02:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner ef4113a49d libtpmtss: Fix problematic usage of chunk_from_chars() in TSS2 implementations 
See 8ea13bbc5c for details.

References #3249.
 2020-01-30 18:18:33 +01:00
Tobias Brunner 8ee1242f14 libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0 
While the TPM expects and returns the data in big-endian, the SAPI
implementation converts it to native-endianness.  As stated in the
SAPI specification (section 3.2):

  8. All SAPI data SHALL be in native-endian format.  This means that
     the SAPI implementation will do any endian conversion required for
     both inputs and outputs.

So to use the exponent in a chunk we have to convert it to big-endian again.

Fixes: 7533cedb9a ("libtpmtss: Read RSA public key exponent instead of assuming its value")
 2019-12-10 15:19:32 +01:00
Tobias Brunner 45c8399d78 Add missing strings to several enum string definitions 2019-10-28 14:26:32 +01:00
Tobias Brunner b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
krinfels 4b25885025 libtpmtss: Protect TPM 2.0 context by mutex 
Each private key object created to access a key residing in a TPM 2.0
creates a context structure used for communication with the TSS.
When multiple IKE SAs are established at the same time and using the
same private key, it is possible to make concurrent calls to the
TSS with the same context which results in multiple threads writing
to the same place in memory causing undefined behaviour.

Fix this by protecting calls to the TSS with a mutex unique for
each TPM 2.0 context object.
 2019-06-26 16:30:01 +02:00
krinfels 7533cedb9a libtpmtss: Read RSA public key exponent instead of assuming its value 
Up to now it was assumed that the RSA public key exponent is equal to 2^16+1.
Although this is probably true in most if not all cases, it is not correct
according to the TPM 2.0 specification.

This patch fixes that by reading the exponent from the structure returned
by TPM2_ReadPublic.

Closes strongswan/strongswan#121.
 2019-01-21 11:52:08 +01:00
Andreas Steffen 3150bd2b81 libtpmtss: Generalize AIK keys to signature keys 2018-10-26 09:55:07 +02:00
Andreas Steffen 526c5abd0f tpm: Check FIPS-140-2 and FIPS-186-4 compliance 2018-10-26 09:55:07 +02:00
Tobias Brunner b158404c5f tpm: Return signature schemes supported by the key if TSS supports it 2018-10-26 09:03:27 +02:00
Tobias Brunner 7ca3b3daee libtpmtss: Add enumeration of supported signature schemes to TSS2 implementations 2018-10-26 09:03:27 +02:00
Tobias Brunner 532cd488e3 libtpmtss: TSS can optionally return signature schemes supported by a key 2018-10-26 09:03:26 +02:00
Andreas Steffen d99e73548e libtpmtss: Fixed inclusion of tcti-tabrmd.h header file 2018-10-19 10:46:08 +02:00
Vishal Rana 41fed536e8 libtpmtss: Fixed Android.mk 
Closes strongswan/strongswan#111

Signed-off-by: Vishal Rana <vr@labstack.com>
 2018-08-10 10:09:43 +02:00
Andreas Steffen b9d6b3c3e2 libtpmss: Configure TCTI device options 2018-07-20 19:19:24 +02:00
Andreas Steffen fd21c40b6c libtpmtss: Support of RSAPSS signature scheme 2018-07-19 12:40:42 +02:00
Andreas Steffen e74e920bbc libtpmtss: Support for TSS2 v2 libraries 2018-07-19 12:40:42 +02:00
Andreas Steffen 97688e8567 libtpmtss: Query maximum TPM data transmission size 2018-06-14 15:47:27 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Andreas Steffen 55cce124bf libtpmtss: Properly initialize tabrmd tcti_context 2018-04-09 11:07:20 +02:00
Andreas Steffen 3232cf68b9 libtpmtss: Return after failure 2018-01-09 16:12:40 +01:00
Andreas Steffen 0fb293fc91 tpm_extendpcr: Extend digests into a TPM PCR 2017-12-13 07:10:28 +01:00
Andreas Steffen e850d000b8 libtpmtss: Load X.509 certificates from TPM 2.0 NV RAM 2017-12-05 21:31:31 +01:00
Andreas Steffen fb1cf320a2 libtpmtss: Extend TPM 2.0 capability info 2017-12-05 21:31:31 +01:00
Andreas Steffen 0d63255513 libtpmtss: Added missing argument in hasher_from_signature_scheme() 2017-11-10 11:47:27 +01:00
Tobias Brunner de280c2e03 private-key: Add optional parameters argument to sign() method 2017-11-08 16:48:10 +01:00
Andreas Steffen eab650d62f libtpmtss: Support of Intel TABRMD interface 2017-07-12 17:07:34 +02:00
Tobias Brunner 4a0b6d659d Add plugin constructor registration for all libraries that provide plugins 
Unfortunately, we can't just add the generated C file to the sources in
Makefile.am as the linker would remove that object file when it notices
that no symbol in it is ever referenced.  So we include it in the file
that contains the library initialization, which will definitely be
referenced by the executable.

This allows building an almost stand-alone static version of e.g. charon
when building with `--enable-monolithic --enable-static --disable-shared`
(without `--disable-shared` libtool will only build a version that links
the libraries dynamically).  External libraries (e.g. gmp or openssl) are
not linked statically this way, though.
 2017-05-23 18:29:12 +02:00
Andreas Steffen 2b233c8a64 The tpm plugin offers random number generation 
The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.
 2017-03-20 21:16:10 +01:00
Andreas Steffen af9341c2c0 Use of TPM 2.0 private keys for signatures via tpm plugin 2017-02-22 12:18:26 +01:00
Andreas Steffen e8736028e6 Implement signatures with private keys bound to TPM 2.0 2017-02-21 20:37:32 +01:00
Andreas Steffen d125941802 libtpmtss: TCTI finalization call changed 2016-08-25 13:22:51 +02:00
Andreas Steffen 0274163674 libtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries 2016-07-20 11:26:07 +02:00
Tobias Brunner 1fafc56b95 Fixed some typos, courtesy of codespell 2016-07-04 12:18:51 +02:00
Tobias Brunner c05d49632f libtpmtss: Define missing Doxygen group and fix some comments 2016-06-30 12:12:31 +02:00
Tobias Brunner 08fe609ce2 android: Actually add Android.mk for libtpmtss 2016-06-28 14:34:13 +02:00
Andreas Steffen b031593641 libtpmtss: Added to integrity checks 2016-06-26 18:19:05 +02:00
Andreas Steffen 2343c48341 aikpub2: Output AIK signature algorithm 2016-06-26 18:19:05 +02:00
Andreas Steffen 721ed31b39 Refactoring to tpm_tss_quote_info object 2016-06-26 18:19:05 +02:00
Andreas Steffen 57e80492eb libtpmtss: Implemented TSS2 quote() method 2016-06-26 18:19:05 +02:00
Andreas Steffen bc67802ac8 libtpmtss: Implemented TSS2 read_pcr() method 2016-06-22 15:33:44 +02:00
Andreas Steffen 30d4989aec libimcv: migrate pts to tpm_tss 2016-06-22 15:33:44 +02:00
Andreas Steffen 8301dc859c libtpmtss: Get TPM 2.0 capabilities 2016-06-22 15:33:44 +02:00
Andreas Steffen fedc6769dc libtpmtss: Retrieve TPM 1.2 version info 2016-06-22 15:33:43 +02:00