From 2b7cbc98095cd3ca74732508cac742c8d8887769 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 17 Aug 2020 13:43:02 -0400 Subject: [PATCH] Update to v0.3.4 release --- .gitignore | 1 + ...ple-key-to-be-2048-bit-rather-than-o.patch | 56 ----------- ...4-of-derived-keys-in-case-an-allowed.patch | 96 ------------------- sources | 2 +- swtpm.spec | 19 ++-- 5 files changed, 13 insertions(+), 161 deletions(-) delete mode 100644 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch delete mode 100644 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch diff --git a/.gitignore b/.gitignore index 53bce42..3e0cf56 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /swtpm-8dae4b3.tar.gz /swtpm-0.3.0.tar.gz /swtpm-74ae43b.tar.gz +/swtpm-80f0418.tar.gz diff --git a/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch b/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch deleted file mode 100644 index 95d5d76..0000000 --- a/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Fri, 31 Jul 2020 10:47:27 -0400 -Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033 - bit - -The generated sample keys started with 00010203, thus leaving the upper -15 bits of the key as '0', which in turn causes gnutls to think that the -key is only 2033 bit long, thus rejecting certificate verification once -the min-verification-profile is set to 'medium' in gnutls's config file -in /etc/crypto-policies/back-ends/gnutls.config. - -We now create sample keys starting with 800102, which sets the highest bit. - -This fixes test errors on Fedora Rawhide due to the change in the -min-verification-profile setting in gnutls.config. - -Signed-off-by: Stefan Berger ---- - tests/test_tpm2_samples_swtpm_localca | 4 ++-- - tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca -index 3611b9d2..11ad10ba 100755 ---- a/tests/test_tpm2_samples_swtpm_localca -+++ b/tests/test_tpm2_samples_swtpm_localca -@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca - - workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX") - --ek="" --for ((i = 0; i < 256; i++)); do -+ek="80" # 2048 bit key must have highest bit set -+for ((i = 1; i < 256; i++)); do - ek="${ek}$(printf "%02x" $i)" - done - -diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11 -index 5d0d1d45..372a6391 100755 ---- a/tests/test_tpm2_samples_swtpm_localca_pkcs11 -+++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11 -@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca - - workdir=$(mktemp -d) - --ek="" --for ((i = 0; i < 256; i++)); do -+ek="80" # 2048 bit key must have highest bit set -+for ((i = 1; i < 256; i++)); do - ek="${ek}$(printf "%02x" $i)" - done - --- -2.25.4 - diff --git a/0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch b/0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch deleted file mode 100644 index 116c1ab..0000000 --- a/0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch +++ /dev/null @@ -1,96 +0,0 @@ -From e6d81c0281900c8222022d66272254f97919cf4b Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Tue, 25 Feb 2020 21:34:21 -0500 -Subject: [PATCH] tests: Skip test 4 of derived keys in case an allowed error - is encounterd - -libtpms may not support TDES, so we have to skip test case 4 in -case we encounter an allowed error message. - -Signed-off-by: Stefan Berger ---- - tests/_test_tpm2_derived_keys | 34 +++++++++++++++++++++------------- - 1 file changed, 21 insertions(+), 13 deletions(-) - -diff --git a/tests/_test_tpm2_derived_keys b/tests/_test_tpm2_derived_keys -index 773da39..87b9940 100755 ---- a/tests/_test_tpm2_derived_keys -+++ b/tests/_test_tpm2_derived_keys -@@ -51,12 +51,14 @@ fi - # @param2: whether to send TPM2_Startup - # @param3: command to send - # @param4: expected return value -+# @param5: allowed failure return value to skip test - function tx_cmd() - { - local reset="$1" - local startup="$2" - local cmd="$3" - local exp="$4" -+ local allowed_error="$5" - - local RES tmp - -@@ -82,7 +84,9 @@ function tx_cmd() - - swtpm_open_cmddev ${SWTPM_INTERFACE} 100 - RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} ${cmd}) -- if [ "$RES" != "$exp" ]; then -+ if [ "$RES" == "$allowed_error" ]; then -+ echo "Skip: Encountered allowed error response ($allowed_error)" -+ elif [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected return from creating key" - echo "expected: $exp" - echo "received: $RES" -@@ -93,6 +97,10 @@ function tx_cmd() - return 0 - } - -+# Older versions of libtpms do not support TDES -+# So we may skip the test in case we hit this error -+error_unsupt_algo=' 80 01 00 00 00 0a 00 00 02 d6' -+ - # Create a primary RSA key and expect a predictable return value - # tsscreateprimary -hi e -v - # -> creates key with handle 0x80 00 00 00 -@@ -245,12 +253,12 @@ test5_exp2+=' 00 00 01 00 00' - case "$(uname -p)" in - ppc64le|x86_64) - echo "[Assuming ${SWTPM_EXE} is 64bit]" -- tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK" -- tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK" -- tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK" -- tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK" -- tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1 -- tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK" -+ tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK" -+ tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK" -+ tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK" -+ tx_cmd 1 1 "$test4_cmd" "$test4_exp" "$error_unsupt_algo" || exit 1 && echo "Test 4: OK" -+ tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1 -+ tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK" - ;; - *) - echo "This test currently only works with 64bit TPMs" -@@ -301,12 +309,12 @@ test4_exp=' 80 02 00 00 00 71 00 00 00 00 80 00 00 00 00 00 00 5a 00 00 00 32 00 - test5_exp1=' 80 02 00 00 01 12 00 00 00 00 80 00 00 00 00 00 00 fb 00 32 00 08 00 0b 00 03 04 72 00 00 00 0a 00 0b 00 22 00 20 60 5c 90 40 d5 ef 80 59 70 f4 90 3e 43 7a ce 49 1e 06 06 f0 e9 79 39 e4 a0 a1 8b d5 12 ca 86 9a 00 37 00 00 00 00 00 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 01 00 10 00 04 40 00 00 0b 00 04 40 00 00 0b 00 00 00 20 28 d0 26 fa fd 74 91 06 74 3e 27 c4 28 05 51 58 5e 5d 17 66 8e b5 21 83 5e d6 01 27 ef fc 05 d4 80 21 40 00 00 0b 00 40 5a 84 8d d0 73 da 49 f6 76 84 6e d1 56 13 39 4d 4b 67 0a 68 97 71 c9 a4 92 a6 aa 6d 30 4b 19 6c 69 fc a7 d5 b9 5c 8f 5a af 0c f6 72 b9 85 c5 d4 0a 09 f8 f7 16 4d 11 bc 5d ec cc 48 02 15 ce 79 00 22 00 0b 04 13 09 39 42 b3 86 80 67 68 2a d7 27 e3 c7 44 1d 1c b6 65 23 c3 ee f0 b8 b8 b5 ff ee 49 1d 4b 00 00 01 00 00' - test5_exp2=' 80 02 00 00 00 95 00 00 00 00 80 00 00 01 00 00 00 7e 00 00 00 56 00 23 00 0b 00 02 04 52 00 00 00 10 00 10 00 10 00 10 00 20 af 9f be fc c8 95 21 71 04 2d 7d db 3f 42 aa 54 cc 2f a0 cf 55 82 78 f4 3f 01 88 27 46 53 2c 88 00 20 dc ad 67 2f d1 ea 89 01 f5 27 1f 58 3f a5 da 52 85 50 98 d5 06 81 10 13 86 12 d7 23 55 12 ea 0c 00 22 00 0b 72 c2 60 3f c8 bb 79 ea 92 86 7e a3 df 57 8d 15 e3 f1 10 a2 f9 1c a6 80 41 c3 cf e1 fa 43 83 2f 00 00 01 00 00' - --tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK" --tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK" --tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK" --tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK" --tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1 --tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK" -+tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK" -+tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK" -+tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK" -+tx_cmd 1 1 "$test4_cmd" "$test4_exp" "" || exit 1 && echo "Test 4: OK" -+tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1 -+tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK" - - run_swtpm_ioctl ${SWTPM_INTERFACE} -s - if [ $? -ne 0 ]; then --- -2.25.0.rc2.1.g09a9a1a997 - diff --git a/sources b/sources index 81b63eb..8ee0fbd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (swtpm-74ae43b.tar.gz) = 59be7ab2406105ba808b1dc3656bff1c5f533dccca6acb0bb618b6dea2851d0c5c19527487748ff8d3503ea395f1ec8f07a3766f2ac6fff204b964c111c6e311 +SHA512 (swtpm-80f0418.tar.gz) = 7190800f04adf970c0579186af07e705aadb36c2305dfae4b2b300b97db3e6c920c41001449154d9bc5dd71bd635b3d6236d47a517caaa9352a3c04aed55b93c diff --git a/swtpm.spec b/swtpm.spec index 8236ea6..c040326 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -1,7 +1,7 @@ %bcond_without gnutls -%global gitdate 20200218 -%global gitcommit 74ae43bd8e4fca809d1cbc398efcb2f7f968b59f +%global gitdate 20200811 +%global gitcommit 80f04180f200829053c38818ae83721b21c747e8 %global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) # Macros needed by SELinux @@ -11,15 +11,12 @@ Summary: TPM Emulator Name: swtpm -Version: 0.3.0 -Release: 4.%{gitdate}git%{gitshortcommit}%{?dist} +Version: 0.3.4 +Release: 1.%{gitdate}git%{gitshortcommit}%{?dist} License: BSD Url: http://github.com/stefanberger/swtpm Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz -Patch0001: 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch -Patch0002: 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch - BuildRequires: git-core BuildRequires: automake BuildRequires: autoconf @@ -93,7 +90,7 @@ NOCONFIGURE=1 ./autogen.sh %make_build %check -make %{?_smp_mflags} check VERBOSE=1 +make -O check V=1 VERBOSE=1 %install @@ -169,6 +166,12 @@ fi %attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca %changelog +* Tue Aug 11 2020 Stefan Berger - 0.3.4-1.20200711git80f0418 +- Update to v0.3.4 release + +* Fri Jul 31 2020 Stefan Berger - 0.3.3-1.20200731git823f821 +- Update to v0.3.3 release + patch fixing certificate chain verification error + * Sat Aug 01 2020 Fedora Release Engineering - 0.3.0-3.20200218git74ae43b - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild