Andreas Steffen
08760dd927
tpm: Intel FW TPM always uses locality 0
2021-01-08 11:00:15 +01:00
Andreas Steffen
3e5a528aec
tpm: Auto-detection of legacy TPM 2.0 devices
2020-10-07 16:54:32 +02:00
Andreas Steffen
3ef5b23903
pts: Variable size PCR banks
2020-10-07 16:54:32 +02:00
Andreas Steffen
56de4dc596
libtpmtss: Remove aik_blob debug output
2020-10-07 16:54:32 +02:00
Andreas Steffen
d647a8f91d
pts: Parse TPM 2.0 BIOS/EFI event log
2020-10-07 16:54:32 +02:00
Andreas Steffen
da1d7815ef
tpm: TPM 2.0 supports SHA3 and CMAC
2020-10-07 16:54:32 +02:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
ef4113a49d
libtpmtss: Fix problematic usage of chunk_from_chars() in TSS2 implementations
...
See 8ea13bbc5c
for details.
References #3249 .
2020-01-30 18:18:33 +01:00
Tobias Brunner
8ee1242f14
libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0
...
While the TPM expects and returns the data in big-endian, the SAPI
implementation converts it to native-endianness. As stated in the
SAPI specification (section 3.2):
8. All SAPI data SHALL be in native-endian format. This means that
the SAPI implementation will do any endian conversion required for
both inputs and outputs.
So to use the exponent in a chunk we have to convert it to big-endian again.
Fixes: 7533cedb9a
("libtpmtss: Read RSA public key exponent instead of assuming its value")
2019-12-10 15:19:32 +01:00
Tobias Brunner
45c8399d78
Add missing strings to several enum string definitions
2019-10-28 14:26:32 +01:00
Tobias Brunner
b9949e98c2
Some whitespace fixes
...
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
2019-08-22 15:18:06 +02:00
krinfels
4b25885025
libtpmtss: Protect TPM 2.0 context by mutex
...
Each private key object created to access a key residing in a TPM 2.0
creates a context structure used for communication with the TSS.
When multiple IKE SAs are established at the same time and using the
same private key, it is possible to make concurrent calls to the
TSS with the same context which results in multiple threads writing
to the same place in memory causing undefined behaviour.
Fix this by protecting calls to the TSS with a mutex unique for
each TPM 2.0 context object.
2019-06-26 16:30:01 +02:00
krinfels
7533cedb9a
libtpmtss: Read RSA public key exponent instead of assuming its value
...
Up to now it was assumed that the RSA public key exponent is equal to 2^16+1.
Although this is probably true in most if not all cases, it is not correct
according to the TPM 2.0 specification.
This patch fixes that by reading the exponent from the structure returned
by TPM2_ReadPublic.
Closes strongswan/strongswan#121 .
2019-01-21 11:52:08 +01:00
Andreas Steffen
3150bd2b81
libtpmtss: Generalize AIK keys to signature keys
2018-10-26 09:55:07 +02:00
Andreas Steffen
526c5abd0f
tpm: Check FIPS-140-2 and FIPS-186-4 compliance
2018-10-26 09:55:07 +02:00
Tobias Brunner
b158404c5f
tpm: Return signature schemes supported by the key if TSS supports it
2018-10-26 09:03:27 +02:00
Tobias Brunner
7ca3b3daee
libtpmtss: Add enumeration of supported signature schemes to TSS2 implementations
2018-10-26 09:03:27 +02:00
Tobias Brunner
532cd488e3
libtpmtss: TSS can optionally return signature schemes supported by a key
2018-10-26 09:03:26 +02:00
Andreas Steffen
d99e73548e
libtpmtss: Fixed inclusion of tcti-tabrmd.h header file
2018-10-19 10:46:08 +02:00
Vishal Rana
41fed536e8
libtpmtss: Fixed Android.mk
...
Closes strongswan/strongswan#111
Signed-off-by: Vishal Rana <vr@labstack.com>
2018-08-10 10:09:43 +02:00
Andreas Steffen
b9d6b3c3e2
libtpmss: Configure TCTI device options
2018-07-20 19:19:24 +02:00
Andreas Steffen
fd21c40b6c
libtpmtss: Support of RSAPSS signature scheme
2018-07-19 12:40:42 +02:00
Andreas Steffen
e74e920bbc
libtpmtss: Support for TSS2 v2 libraries
2018-07-19 12:40:42 +02:00
Andreas Steffen
97688e8567
libtpmtss: Query maximum TPM data transmission size
2018-06-14 15:47:27 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Andreas Steffen
55cce124bf
libtpmtss: Properly initialize tabrmd tcti_context
2018-04-09 11:07:20 +02:00
Andreas Steffen
3232cf68b9
libtpmtss: Return after failure
2018-01-09 16:12:40 +01:00
Andreas Steffen
0fb293fc91
tpm_extendpcr: Extend digests into a TPM PCR
2017-12-13 07:10:28 +01:00
Andreas Steffen
e850d000b8
libtpmtss: Load X.509 certificates from TPM 2.0 NV RAM
2017-12-05 21:31:31 +01:00
Andreas Steffen
fb1cf320a2
libtpmtss: Extend TPM 2.0 capability info
2017-12-05 21:31:31 +01:00
Andreas Steffen
0d63255513
libtpmtss: Added missing argument in hasher_from_signature_scheme()
2017-11-10 11:47:27 +01:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Andreas Steffen
eab650d62f
libtpmtss: Support of Intel TABRMD interface
2017-07-12 17:07:34 +02:00
Tobias Brunner
4a0b6d659d
Add plugin constructor registration for all libraries that provide plugins
...
Unfortunately, we can't just add the generated C file to the sources in
Makefile.am as the linker would remove that object file when it notices
that no symbol in it is ever referenced. So we include it in the file
that contains the library initialization, which will definitely be
referenced by the executable.
This allows building an almost stand-alone static version of e.g. charon
when building with `--enable-monolithic --enable-static --disable-shared`
(without `--disable-shared` libtool will only build a version that links
the libraries dynamically). External libraries (e.g. gmp or openssl) are
not linked statically this way, though.
2017-05-23 18:29:12 +02:00
Andreas Steffen
2b233c8a64
The tpm plugin offers random number generation
...
The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.
2017-03-20 21:16:10 +01:00
Andreas Steffen
af9341c2c0
Use of TPM 2.0 private keys for signatures via tpm plugin
2017-02-22 12:18:26 +01:00
Andreas Steffen
e8736028e6
Implement signatures with private keys bound to TPM 2.0
2017-02-21 20:37:32 +01:00
Andreas Steffen
d125941802
libtpmtss: TCTI finalization call changed
2016-08-25 13:22:51 +02:00
Andreas Steffen
0274163674
libtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries
2016-07-20 11:26:07 +02:00
Tobias Brunner
1fafc56b95
Fixed some typos, courtesy of codespell
2016-07-04 12:18:51 +02:00
Tobias Brunner
c05d49632f
libtpmtss: Define missing Doxygen group and fix some comments
2016-06-30 12:12:31 +02:00
Tobias Brunner
08fe609ce2
android: Actually add Android.mk for libtpmtss
2016-06-28 14:34:13 +02:00
Andreas Steffen
b031593641
libtpmtss: Added to integrity checks
2016-06-26 18:19:05 +02:00
Andreas Steffen
2343c48341
aikpub2: Output AIK signature algorithm
2016-06-26 18:19:05 +02:00
Andreas Steffen
721ed31b39
Refactoring to tpm_tss_quote_info object
2016-06-26 18:19:05 +02:00
Andreas Steffen
57e80492eb
libtpmtss: Implemented TSS2 quote() method
2016-06-26 18:19:05 +02:00
Andreas Steffen
bc67802ac8
libtpmtss: Implemented TSS2 read_pcr() method
2016-06-22 15:33:44 +02:00
Andreas Steffen
30d4989aec
libimcv: migrate pts to tpm_tss
2016-06-22 15:33:44 +02:00
Andreas Steffen
8301dc859c
libtpmtss: Get TPM 2.0 capabilities
2016-06-22 15:33:44 +02:00
Andreas Steffen
fedc6769dc
libtpmtss: Retrieve TPM 1.2 version info
2016-06-22 15:33:43 +02:00