v/tpm2-store
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
77 commits 1 branch 0 tags 136 KiB
Commit graph

77 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Uiterwijk 06b2cd9335 Add fix for extra argument from clevis v15 
Clevis v15 added an additional argument, which is either an empty string
or the string "-y".
This argument is not used in this PIN, but we checked the exact number of
arguments to parse, which got changed.
This also accepts more additional arguments, and just ignores them.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-11-10 10:54:01 +01:00
Patrick Uiterwijk e2f32d0fa0 Support some more weird pcr_id specifications 
This change makes it pass all the different possible values provided by the clevis tpm2
pin test suite.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-27 14:04:33 +02:00
Patrick Uiterwijk 6a37627500 Test symlinked encrypt and decrypt 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-25 13:11:46 +02:00
Patrick Uiterwijk f5d2710e10 Add crates metadata 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-21 10:00:04 +02:00
Patrick Uiterwijk b7f8d115a7 Use u32 for 32-bit architectures 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-21 09:52:36 +02:00
Patrick Uiterwijk a0420fb4e0 Bump version to 0.1.1 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-13 10:43:18 +02:00
Patrick Uiterwijk d2aa6b3d9e Rebase to tss-esapi-4.0.6 and tpm2-policy-0.2.0 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-13 10:42:18 +02:00
Patrick Uiterwijk e10391c4fb Split some code into different files 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 17:07:04 +02:00
Patrick Uiterwijk 387826aef7 Move tpm_objects functions to other module 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 16:47:21 +02:00
Patrick Uiterwijk 98ae987519 Use the kernel TABRMD 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 15:42:07 +02:00
Patrick Uiterwijk cac6aacde4 Strip out the Policy components into a separate crate 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 12:11:43 +02:00
Patrick Uiterwijk 76e880d806 Add a --help option 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 11:03:36 +02:00
Patrick Uiterwijk 2a9a579033 Use the Device TCTI if there is no TPMRM 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 10:57:12 +02:00
Patrick Uiterwijk 8c1524f1b9 Add --sumary and help for compatibility with old pin 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 10:52:05 +02:00
Patrick Uiterwijk 83468f3028 Fix comments for rsa test 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 10:04:24 +02:00
Patrick Uiterwijk 874c0b3def Add RSA key tests 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-08-03 09:42:39 +02:00
Patrick Uiterwijk ccc7a94d56 Use biscuit 0.5.0-beta2 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 17:21:35 +02:00
Patrick Uiterwijk 8f8397c94f Remove broken and working policy 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 17:21:15 +02:00
Patrick Uiterwijk e22aedfe7a Generate a new key and signed policy during the test 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 16:46:54 +02:00
Patrick Uiterwijk 5abd766c06 Add some policy instructions to the README 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 16:38:36 +02:00
Patrick Uiterwijk bf48fcbd07 Redo tests to add second PCR and commit privkey 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 16:30:36 +02:00
Patrick Uiterwijk 2313184c9e Add sha1 pcr tests 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-22 09:54:09 +02:00
Patrick Uiterwijk e7bc7a628b Change the policy test prints 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-17 18:09:30 +02:00
Patrick Uiterwijk ef0489d9d5 Deserialize the RSA modulus with standard base64 
It was decided to use standard base64 instead of base64-url because
that's what the Go implementation did by default for a []byte.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-17 11:55:51 +02:00
Patrick Uiterwijk 38fdf9b10d Update tests with PCR values that match most setups 
Previously, the tests were searching for the specific PCR0 and 1 values
of my test machine.
The new policies are looking for the following values for PCR22:
Working: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Non-working: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-17 11:54:33 +02:00
Patrick Uiterwijk 1b5c15a992 Use AES128 to be compatible with hardware TPMs 
My hardware TPM only supports AES128, so let's use that for now to
be more compatible.

The tpm_sym_def function does take a mutable ctx borrow, so that in
the future it can automatically detect the best supported symdef.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-17 10:42:06 +02:00
Patrick Uiterwijk a2650d5234 Initial commit 2020-07-16 16:22:34 +02:00