1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
|
* TROUSERS_0_3_8
- Fix ssl_ui.c overflow
- Handling of TPM_CERTIFY_INFO2 structure special case
- Fix possible obfuscation of obj_migdata.c errors.
- Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag.
- PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO.
- Add functions for deserializing NVRAM related data structures
- Add NVRAM specific error messages
- Fix spec file so one can build an rpm
- Initialize the tcsd_config_file with NULL.
- support for -c <configfile> command line option
- Establish a .gitignore file
- ENDIAN_H and htole definition fix
* TROUSERS_0_3_7
- __tspi_freeTable wrong call
- Owner Evict pubkey setup fix
- The "HAVE_ENDIAN_H" check is missing from configure.in, but it appears to be needed in a couple of the source files.
- tspi_context.c fix (memleak)
- Added the missing setup of a tcs handle for owner evict keys.
- No need to initialize the flock structure.
- flock to fcntl change
- Fixed cleanup code in svrside.c
- Avoid warning of missing return in tcsd_thread_run()
- printf() warning fix
- Moved hDAA debug message after initialization
- Additional length check
- Tspi_NV_DefineSpace secret check fix
* TROUNSERS_0_3_6
- Fixed a number of warnings during a build with --debug regarding THREAD ID
definition
- Removed htole() dependency, which was included only in glibc 2.9
* TROUSERS_0_3_5
- Allowed TCD Daemon to run with reduced privileges In Solaris.
- Fixing previous kfreebsd build patch conflict with the current tree.
- TCSD error handling improvements.
- mutex init inclusion.
- pthread_t portability fix
- Owner Evict keys load fix.
- Big- endian issues.
- Memory leak fix.
- Adding missing #include <limits.h>.
- kfreebsd build fixes.
- Fixed usage of syslog().
- 64bits clean
- Fixes the TCP UN and IN socket connection attempt handling
- Fixes logic on opening a hardware TPM.
- Added communication through TCP to software TPMs in TrouSerS.
- Fixed conflicting defines
- Adds missing free()
- Fixed fread() return value check.
- Made the previous fix cleaner and more robust.
- Added missing check in order to avoid freeing buffer that's out of Tspi_Data_Seal() scope.
- Fixed Tspi_TPM_GetRandom 4kb output limit.
* TROUSERS_0_3_4
- Fixed TrouSerS mishandling of TPM auth sessions
- Enabled hosttable.c "_init" and "_fini" functions to work on Solaris
- Included Solaris in BSD_CONST definition conditional
- Made the init script LSB compliant
- make distcheck improved
* TROUSERS_0_3_3_2
- Fixed logic when filling up RSA keys objects.
* TROUSERS_0_3_3_1
- TCSD now runs as tss and has a better signal handling
- Fixed many memory handling issues
* TROUSERS_0_3_3
- Tspi_ChangeAuth fixed for popup secret use case.
- Prefixed exported functions with common names.
- Fixed issues with accessing the utmp database.
- Migrated the bios parser file handler from open to fopen.
* TROUSERS_0_3_2
- Added IMA log parser in conformance with format introduced in linux kernel 2.6.30
- Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c
- Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c
- Fixed logic when releasing auth handles, now the TPM won't become out of
resources due too many unreleased auth handles there.
- Fixed compilation problems when building trousers in Fedora with
-fstack-protector & gcc 4.4
- Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions
can be closed fine.
- Fixed key memory cache when evicting keys, invalid key handles were evicted
when shouldn't.
- Fixed authsess_xsap_init call with wrong handle
- Fixed authsess_callback_hmac return code
- Fixed validateReturnAuth return value
- Added consistency to avoid multiple double free() and bound checks to avoid
SEGV
- Moved from flock to fcntl since the first isn't supported in multi-thread
applications
- Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV
- Typecast added in trousers.c in the UNICODE conversion functions
- Fixed wrong return code in Tspi_NV_ReleaseSpace
- Fixed digest computation in Tspi_NV_ReleaseSpace
- Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob,
resulting in a incorrect data blog unload.
- Added new OpenSSL UI for TSS_SECRET_MODE_POPUP auth mode.
- Added workaround to fix namespace conflict with SELINUX
- Set SO_REUSEADDR socket option.
- Added TSS_SS_RSASSAPKCS1v15_INFO signature scheme definitions and support
- TDDL can now be compiled apart from the rest of TrouSerS.
- Added #include <limits.h> to remove INT_MAX undeclared error
during build. Files updated: trspi/crypto/openssl/symmetric.c,
tspi/tspi_aik.c and tspi/tsp_ps.c
- Added bounds checking in the data parsing routines of the TCSD's
tcstp RPC code, preventing attacks from malicious clients.
- Removed commented out code in src/tcs/rpc/tcstp/rpc.c
- Commented out old OSAP code, its now unused
- Fixed bug in tcsi_bind.c, one too few params were passed to
the function parsing the TPM blob.
- Fixed lots of erroneous TSPERR and TCSERR calls
- Added support for logging all error return codes when debug
is on
- Check that parent auth is loaded in the load key path outside
the mem_cache_lock, if a thread sleeps holding it, we deadlock
- Added support for dynamically growing the table that holds
sleeping threads inside the auth manager
- In tcs_auth_mgr.c, fixed the release handle path, which didn't
check if the handle was swapped out before calling to the TPM.
- Updates throughout the code supporting the modular build.
* TROUSERS_0_3_1
- Added check of return code for ResetDALock call in tspi_admin
- Added missing ordinals in tcs_pbg.c as reported by Phil Carmon.
- Added support for DSAP sessions and delegating authorizations!
- Added support for DSAP sessions inside a transport session.
- Prevent Tspi_TPM_GetCapability from switching the endianess of
the data returned from a request for TSS_TPMCAP_NV_LIST when that
list happens to be sizeof(UINT32).
- Fixed trouble in owner_evict_init path for 1.1 TPMs
- Fixed multiple problems with changing auth on encrypted data
and keys.
- Fix for SF#1811120, Tspi_TPM_StirRandom01 test crashes TCSD.
- Fix for SF#1805829, ChangeAuth fails to return an error
- Fix for SF#1803767, TSS_TSPATTRIB_KEY_PCR_LONG key attribute
not implemented
- Fix for SF#1802804, Tspi_TPM_Delegate_UpdateVerificationCount
problem
- Fix for SF#1799935, Tspi_TPM_Delegate_ReadTables bug
- Fix for SF#1799912, policy lifetime counter doesn't reset with
SetSecret
- Fix for SF#1799901, policy lifetime timer doesn't reset with
SetSecret
- Fix for SF#1779282. Trspi_UnloadBlob_CERTIFY_INFO DNE.
- Fix for setting the right kind of PCR struct in the key object
* TROUSERS_REDHAT_SUBMIT
- Updated ps_inspect utility to more accurately guess if the file
you're inspecting is really a persistent storage file.
- Fixed endianess issue with certain TPM get caps
- Fixed bug in setting credential data in the TSP
- Moved secret hash mode code out from inside spec compliance
#defines since they're now part of the 1.2 spec.
- Better support for NULL parameters to blob manipulation
functions
- Fix for regression - blank the SRK pubkey copy stored in system
persistent storage
- Added RPC plumbing for DSAP sessions
- Added support for unmasking data on unseal :-)
- Implemented encdata PCR_INFO_LONG GetAttrib's
- Overhauled OSAP session handling.
* TROUSERS_0_3_0
- Added TSS_TCSCAP_PLATFORM_CLASS cap support
- Added the Quote2 Commands
- Added new TSS 1.2 return codes to Trspi_Error_String.
- Added Tspi_Context_GetRegisteredKeysByUUID2 functions
to the persistent storage system
- Added Tspi_TPM_OwnerGetSRKPubKey and TCS OwnerReadInternalPub
code.
- Added support for operator auth and Tspi_TPM_SetOperatorAuth.
- Added support for Sealx.
- Added ordinal auditing support.
- Added initial transport session support.
- Rewrote TCSD key loading functions.
- Added support for UINT64 loading/unloading everywhere.
- Created an initial TCS parameter block generator in tcs_pbg.c.
- Added support to get_local_random to either allocate a new
buffer for the random number or write it to a given buffer.
- Removed TCS GetCredentials APIs -- the TSSWG verified that these
had accidentally been left in the spec.
- Added TCS GetCredential API.
- Added NVRAM APIs, donated by James Xu, and others from Intel.
- Added TCS GetCredentials functions
- Patched the TCS key loading infrastructure to return
TCS_E_INVALID_KEY when a handle is used by a context that doesn't
have a reference to the key in its keys_loaded list.
- Added ASN.1 blob encoding and decoding APIs.
- Added tick stamping APIs
- Added monotonic counter APIs
- Added the Tspi_PcrComposite APIs: GetPcrLocality,
SetPcrLocality, SelectPcrIndexEx and GetCompositeHash.
- Added new TSS 1.2 return codes for bad EK checksum and
invalid resource passed to Tspi_Context_FreeMemory.
- Added Christian Kummer's implementation of PCR reset
- In PcrExtend, set up the event struct fully before sending
to the TCS.
- Fixed bug in ActivateIdentity's use of rgbSymCAAttestation.
- updated policy handling to match the latest spec.
- Fixed bug when 2 TCSD's return the same context number.
- Added a check for the size of Tcsi_StirRandom's entropy data.
- Added support for TSS 1.2 style keys and PCR info long and
short structures.
- Added support for TPM_Save/LoadAuthContext.
- Grouped all threading functions in one header file, threads.h.
- Fix added in TCSD's event parsing code for a segfault when only
the number of events is requested.
- Several bugs fixed in the Tspi_Context_GetRegisteredKeysByUUID
code path in the TSP lib.
- Added a lock around all TCSP functions; removed auth_mgr_lock
since the TCSP lock now suffices. This fixed some TCSD multi-
threaded errors.
- hosttable.c: Fixed bug in host table entry removal, thanks
to Thomas Winkler for the testcase that helped in finding this.
- In the TCS GetPcrEventsByPcr, fixed a bug in calculating
the number of events to return. Thanks to Seiji Munetoh.
- Added functions to do incremental hashing, removing most
large stack allocations in trousers.
- Updated blob utility functions to use UINT64's instead of
UINT16, which had caused some arbitrary limits in parts of
trousers.
- Merged in TSS 1.2 header files.
- Merged in build changes for embedded.
* TROUSERS_0_2 branch created
- In obj_policy.c and obj_tpm.c, if NULL is passed in when trying
to set a 1.2 style callback, clear the callback address.
- Fix in Tspi_TPM_ActivateIdentity: Only validate over the out
parameters from the TPM, not the TCS (size of data).
- obj_encdata.c: fixed reference of pcrSelect, which caused
bad data to be returned as the PCR selection.
- added TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE, which was
type-o'd in the 1.1 header files.
- Fix for SF1570380: Algorithm ID not compliant with TSS spec.
- Corrected off by 1 errors in PCR index bounds checking.
- Changed logging in the TCSD so that FILE:LINE isn't printed
unless debugging is on.
- Changed build/code so that the system PS dir is mode 0700, not
1777. It used to be 1777 when user PS was not in ~/.trousers.
- Fix for SF1565726: Segfault when connecting from remote host.
- Fix for SF1565208: User PS load key by UUID failed.
* TROUSERS_0_2_8
- Fixed bug in mc_add_entry, where the PCRInfo data was not being
copied into the mem cache with the other fields of the key.
- Fixed 2 bugs in spi_getset.c where setting the secret hash mode
was passing subFlag to the internal set function instead of
ulAttrib.
- Added patch to retry the libtspi's recv() call to the TCSD
if the call was interrupted before completion.
- Made the popup string appear as a label on the popup, not the
title. Also, got rid of annoying mouse-over texts.
- Added a flag to pass to the get_secret function internally to
indicate whether a popup should contain the confirm box.
- Added support for callbacks in the identity creation code.
- Updated the identity creation code in the TSP/TCS to support
AES, DES, 3DES during identity creation.
- Added symmetric encryption interfaces for openssl, Trspi.
- In Tspi_Hash_Sign, fixed memory leak.
- Added SetAttribData functions for RSA modulus/exponent per
the upcoming additions to the TSS 1.2 errata 1 spec.
- Fixed bug in TCS key cache where if 2 keys had the same public
modulus, they could confuse the key cache manager.
- Bind/Seal functions now return more descriptive errors codes
and won't do the encryption if the data to use is larger than
the RSA pubkey.
- Made updates to the code/headers for the TSS_VALIDATION struct
change to be issued as TSS 1.1 header file errata 1.
- Bug fix: In LoadManuMaintPub's wrapping function in the TSP,
we incorrectly passed a reference to the pubkey in loading the
blob.
- Fixed bugs in the maintenance commands, owner auth'd commands
were using no auth tags in their commands sent to the TPM.
- Fixed SF1546344: Track the release of auth handles by TCS
context and take the fContinueAuthSession variable into account
when calling the TPM to release a handle.
- Fixed SF1545614: deadlock due to auth_mgr_osap taking the
auth_mgr_lock before calling ensureKeyIsLoaded, which took the
mem_cache_lock.
- Added checks to ensure corrupt packets don't crash the tcsd.
- Added configure option --with-gui=gtk/none to enable building
with no popup support for embedded apps. The default secret
mode becomes TSS_SECRET_MODE_NONE for all policies and the
default context mode becomes TSS_TSPATTRIB_CONTEXT_SILENT to
supress all popups.
- Changed the Tspi_GetAttribData function to return a TCPA_PUBKEY
blob as is specified in the portable data section.
- Added a debugging #define in req_mgr.c to print all data passed
to/from the TPM.
- Updated Tspi_Context_LoadKeyByUUID to check in-memory keys by
UUID when the TCS returns a filled-out loadkey info struct.
- Removed the free of all context related memory when the context
closes. Allows an app more flexibility in choosing what to free.
- Removed check for secret mode None in establishing an OSAP
session. Now, a secret of all 0's is used if no secret exists.
- Added checks for 2 return codes in secret_TakeOwnership.
- Fixed TSS_VERSION problem. There are no specific getcaps for
software version vs. TSS spec version. Instead, the TSP's
version structure contains spec version and software major/minor.
- Removed obj_regdkey list references.
* TROUSERS_0_2_7
- Added 3 new TCSD config options to allow admins to set paths
to the 3 types of credentials returned on Make Identity calls.
- Added an implementation for returning the MANUFACTURER TCS
caps.
- Added translation of TSS caps that are destined for the TPM.
- Updated DirWrite to work correctly (thanks Kylie).
- Updated the Tspi_TPM_DirWrite manpage with more info, removed
a confusing statement.
- Changed the number of loops in TCSP_GetRandom_Internal to 50,
which should allow TPMs that return few bytes per request to
fullfill up to 4K bytes.
- Removed the TCS's getSomeMemory() function, which was really
dumb.
- Changed the way user PS operates. User PS is now really
persistent, its kept in ~/.trousers/users.data, which is
created if it doesn't exist. Also, the environment variable
TSS_USER_PS_FILE can be set to a path that will override the
default location for as long as the TSP context is open.
- Lots of memory leaks found in error paths by Coverity, mostly
in tcsd_wrap.c.
- Fix for SF #1501811, setting some SetAttribUint32 flags not
supported.
- Lots of updates to the fedora specific RPM specfile.
- Fix for SF #1490845, 'make install' overwrites old tcsd.conf
- Added code to return TSS_E_POLICY_NO_SECRET when setting up
an OIAP or OSAP session.
- Added fix for SF #1490745, trousers demands too much from
/dev/random. Default random device is now /dev/urandom.
- Changed severity of the ioctl fallback print stmts to
warning and info.
- Added implementation of the maintenance functions.
- Added fix for SF #1487664, Offset in PS cache is not
updated correctly.
- Removed some Atmel specific code and commented out code.
- Added some missing auth_mgr_check calls in tcspbg.c.
- Fixed some unchecked mallocs in the TSP.
- Added build variables to automatically update the TSP
library version and TCSD version getcap variables.
- Added call to return the modulus of an RSA key on a
GetAttribData call.
- Added implementation of the migration functions.
- Fix for SF 1477178, random numbers get hosed by the tcsd.
* TROUSERS_0_2_6
- Removed unnecessary call to obj_encdata_get_data in
Tspi_Data_Seal.
- Added support for using the trousers.h APIs in C++.
- Fixed Tspi_PcrComposite_GetPcrValue's man page, which had
left out *'s in two parameters.
- Fix for SF 1414817, Quote's PCR object doesn't get set on
return.
- Lots of function renaming to make code reading clearer.
- Return TSS_E_INVALID_OBJ_ACCESS when trying to retrieve data
from an encrypted data object that hasn't been set.
- Added contact info to the README.
- Fix for ordering of params in call to set callback by
Tspi_SetAttribUint32. Thanks to Thomas Winkler for the fix.
- Fix for SF 1410948, get random numbers from /dev/urandom
unless Tspi_TPM_GetRandom is called explicitly.
- Fix for SF 1342026, print TPM error codes during bring-up.
- Added support for a TCS_LOADKEY_INFO structure returned from
a TCSP_LoadKeyByUUID call.
- Fixed 2 free_tspi's that should have been plain free's
* TROUSERS_0_2_5
- Changed all prints of size_t to %z (matters on 64bit platforms).
- Backport of the context and policy object's
TSS_TSPATTRIB_SECRET_HASH_MODE attribute from the TSS 1.2 spec.
This will allow 1.1 apps to decide whether they want to
include the 2 bytes of NULL in the hashes of their secrets.
This will in turn allow various TSS's to interoperate better.
- SF#1397265 'getpubek' to 'readpubek' in tcsd.conf.
- Added an implementation of TSS 1.2 style callbacks.
- Added Emily's patch to explain the TSS_DEBUG_OFF flag, added
blurb to README.
- Fixed bug that only manifested on PPC64: if errno is not set
to 0 explicitly before making a call to iconv, iconv will not
set it on failure.
* TROUSERS_0_2_4
- Updated README with how to use new system.data files.
- Added sample system.data files for users who've taken
ownership of their TPMs under other OS's.
- Updated unicode routines to NULL terminate their strings
with the same number of bytes as is the width of the
encoding.
- Fixed bug in TCS_EnumRegisteredKeys_TP, returned data should
be alloc'd on the TSP heap.
- Added a logging statement when tcsd_startup fails due to an
error returned by the TPM itself.
- Fixed validation data in Tspi_TPM_Quote and
Tspi_TPM_GetPubEndorsementKey.
- Implemented Tspi_TPM_CollateIdentityRequest and
Tspi_TPM_ActivateIdentity.
- Bug fix in TCSP_Sign_TP, signature should be alloc'd using
the TSP heap.
- Fix for SF#1351593, authdata was always 0 for the SRK. This
was due to the defaults set in Tspi_Context_CreateObject for
the SRK key flag. The default SRK key is now set to require
auth. If you want an authless SRK, you need to either set
the authdatausage attribute directly or pass in your own
SRK initFlags to the create object call.
- Return bad parameter when no the pcr object is not
initialized instead of internal error.
- Several fixes added for list locking in the obj_*.c files.
- Added initial support for Tspi_TPM_CollateIdentityRequest
and its supporting functions (symmetric encryption).
- Fix for SF#1338785: Support TSS_TSPATTRIB_HASH_IDENTIFIER.
- Changed default kernel and firmware controlled PCRs to
none, which should have happened a long time ago. :-/
- Fix for SF#1324108: Tspi_TPM_GetEvents should return a
number of events
- Fix for RFE#1301441: Fallback support for the device
node. ioctl is tried first, if that fails, r/w is tried,
if that fails, error is returned.
- Fixes for SF#1332479: HMAC and XOR callbacks were being
passed wrong params.
- Fix for SF#1334235, uuid data wasn't being set correctly
when keys were registered or loaded by uuid.
- Fix for SF#1332316, Tspi_GetAttribData doesn't always
return data alloc'd by TSP. Unicode data returned from the
function was being allocated off the TSP heap.
- Changed default return value for Tspi_GetAttribUint32 to
success.
- Corrected Tspi_TPM_PcrExtend manpage to state that the
application should fill out the TSS_PCR_EVENT structure.
-Fixes for SF BUG#1312194, and SF BUG#1312196. Get
Attribs for key usage and size were not being returned
correctly. Imported values for size from the TSS 1.2
header files and translated TPM <-> TSP values for
key usage in the get attrib calls.
- Accepted Halcrow's patch to add a TSP key object
removal function, invoked at object close time.
This was SF BUG#1276133.
- increased the size of the return buffer from TCS to
TSP to 8K, so that larger requests won't fail.
- added a loop to TCSP_GetRandom_Internal to try several
(currently 5) times to get the number of requested bytes
from the TPM. Since the TSP has no way to tell an
application that a single request failed, this will help
improve the odds of a large request succeeding.
* TROUSERS_0_2_3
- SF#1291256 bugs fixed. A UINT16 was being passed instead
of a UINT32 to TCS_LoadKeyByBlob_Internal.
- Removed test in spi_context.c's call to TCS_LoadKeyByUUID,
which would always fail, since there was no TCS layer bit
set. This kept us in a success path.
- Added debug logging functions that print the function
name at the beginning of the statement.
- Added GetPubKey as an option for TCSD's remote ops.
- SF#1249767 bug fixed. UTF16 strings are now hashed when
passwords are passed in through the popups.
- SF#1286333 bug fixed. New unicode functions added that
convert to UTF-16 and from the nl_langinfo(CODESET)
encoding.
- SF#1285428 bug fixed. obj_context_get_machine_name copied
too many bytes out. Code added to Tspi_GetAttribData to
convert to UTF16 before returning.
* TROUSERS_0_2_2
- deleted section on ssh-askpass in README
- Modified popup code to hash UTF16 instead of UTF8.
- Restructured TCS calls to the TPM so that all auth sessions
are released correctly.
- Removed TSP contexts from all Trspi functions and modified
all trousers code to free its own memory instead.
- Fixed the TSP seal command to allow Sealing with a no-auth
key by using null auth data. Also changes the TCS seal
to return bad parameter if it gets null auth data.
- Removed lots of unused code and made formatting changes.
- Don't require Tspi_Key_WrapKey to be connected to succeed
and return a default value (or from the environment) if
we're doing PCR operations on an unconnected context.
- Fixed bug where a tcsd created system.data file was not
getting the right version info put into it.
- SF BUG#1269290 Fixed: Protect the SRK pub key. Upon taking
ownership, the unaltered SRK blob is passed back to the TSP
to create a valid key object with the SRK pub key intact.
The copies of the SRK pub key data that do into the TCSd's
mem cache and PS are zeroed out. From then on, the only way
to get the SRK pub key is through Tspi_Key_GetPubKey.
- tcspbg.c: deleted unused code and always release auth session
on an Unbind call.
- Bugfix for SF#1274308, Tspi_Key_CreateKey doesn't add PCRs
correctly. Ordering of calls in obj_rsakey_set_pcr_data
and calculation of PCRInfo size were incorrect.
- Close auth sessions in TCS_GetCapabilityOwner
- Removed volatile flag from the SRK key handle at key object
create time. This was keeping National TPM's from having the
ability to be owned!
- Moved calcCompositeHash to obj_pcrs.c and renamed it.
- Check returns everywhere for addKeyHandle calls.
- Call pthread_mutex_init on the host table's mutex.
- Modified TSSWG headers so that code w/o BSD types compiles
(such as the PKCS#11 TPM STDLL).
- Removed ssh_askpass, since UNICODE must be hashed from the GUI
input source.
- Updated all manpages to include the TSSWG header file names
instead of trousers specific files.
- Don't log debug data when TSS_DEBUG_OFF env var is available.
- Converted UNICODE to unsigned short and modified code accordingly.
- Only allow INADDR_LOCALHOST connections when no remote_ops are
defined in the tcsd.conf file.
- Bugfix in obj_pcrs.c, setting pcr indices and values was buggy.
- Moved macros from trousers_types.h (internal) to trousers.h
(external), since new header files make them virtually a
requirement
- Bugfix for SF#1249780, PCR selection structure was incomplete.
- Bugfix for SF#1249769, addKeyHandle now returns a TSS_RESULT.
* TROUSERS_0_2_1
- return invalid handle int Tspi_ChangeAuth when hParentObject
is not of the right type.
- Fixed bug in TCS ps, write_key_init returned the wrong offset.
- Fixed mem leak in spi_getset.c:791, found by Coverity.
- Fixed mem leak in calltcsapi.c:70, found by Coverity.
- Fixed mem leak in tcskcm.c:531, found by Coverity.
- Fixed type-o mem leak in tspps.c:319/tcsps.c:349, found by Coverity.
- Fixed mem leak bug in memmgr.c:173, found by Coverity.
- Fixed bounds error bugs in tcstp.c:38/98, found by Coverity.
- Fixed bounds error bug in tcsd_wrap.c:154, found by Coverity.
- Fixed unchecked return bug in spi_utils.c:430, found by Coverity.
- Fixed unchecked return bug in calltcsapi.c:1159, found by Coverity.
- Fixed negative return value bug tcs/ps/ps_utils.c:365, found by Coverity.
- Fixed negative array index bug readpass.c:65, found by Coverity.
- Fixed null deref bugs spi_tpm.c:1292/1309/1302, and uninitialized
variable 1272, found by Coverity.
- Fixed null deref bugs spi_context.c:358/378, found by Coverity.
- Fixed null deref bug tcspbg.c:1413, found by Coverity.
- Fixed null deref bug tcspbg.c:745, found by Coverity.
- Fixed null deref bug imaem.c:356, found by Coverity.
- changed config file defaults for kernel/firmware pcrs.
- added better logging for when user/group "tss" doesn't exist
- in sendTCSDPacket: set transmitBuffer to 0 to prevent sending
bogus data.
- added some sanity checking in getTCSDPacket to prevent segfaults.
- added TCSERR where needed in tcs/ps files.
- BUG 1233031 fixed, TSP now stores PACKAGE_STRING as the vendor
data when registering a key.
- Added better debugging of auth mapping table, also closed two
auth handles that were getting left opened in CreateWrapKey and
Seal/Unseal.
- fixed ps_inspect's printing function.
- added SELinux files and README.selinux.
- updated ps_inspect tool to recognize non-PS files,
print out version 1 PS files and added a license
statement. Also added ps_convert tool to convert
version 0 PS files to version 1.
- updated ps_inspect tool to print out blobs and keys.
- change assert to DBG_ASSERT in tcs/ps files, also
assert that data sizes are > 0 when read off disk.
- Lots of malloc error logging changes where %d should
have been %u in the print statment.
- auth_mgr.c: allow a TSP to open a max of max_auths/2
sessions before its denied any more, for TPMs that
can handle a lot of auth sessions.
- Big-endian fixes for the persistent store functions.
Trousers now runs fine on ppc64, for example.
- BUG 1226617: Audit of code for auth handle termination.
- Use @PACKAGE_BUGREPORT@ instead of a static email addr in
manpages.
- Added man page for tcsd.conf in section 5.
- Bugfix in remove_table_entry. Host table head was left
pointing at free'd memory.
- corrected comment in spi_context.c.
- added 64bit stuff to configure.in
- fixed bug in Tspi_ChangeAuth where parent object was
assumed to be an rsakey.
- fixed debug logging of data.
- modified calcCompositeHash for accepting incomplete pcr
select structures & to fill out the structure correctly.
* TROUSERS_0_2_0
- removed unused code and added debugging in clearUnusedKeys().
- Updated README with info on the 2.6.12 kernel device driver.
- fixed bug in calculating pcr select size
- fixed bug in init'ing PCRS, spi_utils.c:431
- Changed TCPA sig schemes to TSS sig schemes in
Hash_VerifySignature.
- Implemented Tspi_Context_GetKeyByPublicInfo on the TCS side.
- Fixed PS bug in storing the pub key data.
- Implemented Tspi_Key_UnloadKey
- Implemented the guts of Tspi_Key_CertifyKey, which now works
in at least the case where both keys passed in are authless.
- in obj_rsakey_set_es/ss, added mapping from TCPA numbers
to TSS numbers and vice versa.
- added #includes in readpass.c to get rid of compile errors.
(thanks Emily).
- Fixed popup secret handling. Bug #1194607 closed.
- Fixed up the LogBlobData functions, no more strcat. Bug #1221974
closed.
- changed sprintf's to snprintf. Bug #1221932 closed.
- Changed the TCPA_RSA_KEY_PARMS management at key creation time.
- Re-implemented TSP object management.
- Integrated TSSWG header files.
- Added valid_keys variable for the debugging build of
tcs/ps/ps_utils.c.
- Changed >= to > in openssl/crypto.c to correct off by one in
checking the size of the input data.
- added cvs commit logging to CVSROOT/loginfo file.
* TROUSERS_0_1_11
- Changed TCSD logging to only log on remote connection attempts,
local connections will be left silent.
- mended compiled time warnings
- updated src/tspi/Makefile.am to respect libtool.
- added x86_64 case to configure.in
- added args to print stmt tcsd_wrap.c:3640 (thanks Kylie).
- commited fix for detecting past runlevel states (thanks Kylie).
- committed fix for RNG problem: a TPM's RNG is disabled when
the TPM is in the disabled state, yet needs a random number
to open an OSAP session to call the owner auth'd TPM enable
command.
- added code for CreatePubEK plumbing (thanks Kylie).
- fixed a couple signed/unsigned comparison warnings
- fixed endianess stuff in TPM GetCap spi_tpm.c.
- added Trspi_Error functions to manipulate TSS_RESULTs.
- Fixed order of receiving for the TCS_OwnerReadPubek call
(thanks Kylie).
- Added defns for volatile and non-volatile flags (thanks Kylie).
- Added Trspi_Error, which converts a TSS_RESULT to a string.
(thanks Kylie).
- In tcsd_wrap.c, added function bodies for tcs_wrap_OwnerClear,
tcs_wrap_DisablePubekRead, tcs_wrap_OwnerReadPubek,
tcs_wrap_DisableForceClear and tcs_wrap_DisableOwnerClear.
(thanks Kylie).
- Added an unload of the auth returned from the TPM in
TCSP_OwnerReadPubek_Internal. (thanks Kylie).
- Corrected the TAG for the TPM command in
TCSP_OwnerReadPubek_Internal. (thanks Kylie).
* TROUSERS_0_1_10
- Updated implementation of Tspi_Key_WrapKey.
- Added missing goto in ReadPubEK in tcstp.c. (thanks Kylie).
- Added function guts for various functions in tcstp.c. (thanks
Kylie).
- In Tspi_TPM_SetStatus, do the right in the physical presence
path based on boolean. (thanks Kylie).
- Actually pass in the bool flag on TCSP_PhysicalPresence_Internal
(thanks Kylie).
- corrected force clear logic in spi_tpm.c:818 (thanks Kylie).
- fixed error return code check to socket() syscall clntside.c:52.
- added comment about TDDL reries and added log statement when a
physical presence command is denied because of runlevel.
- Fixed Tspi_Hash_VerifySignature to check signatures based on the
signature scheme of the key in use. Also, crypto.c was changed
to do a verify based on TSS_HASH_OTHER.
- Added 2 new highlevel Unbind testcases to test PKCS1.5 vs OAEP.
- In Tspi_Context_LoadKeyByUUID, the uninitialized keyBlob variable
was causing an invalid free on exit. Corrected that.
- changed return value from internal error to invalid handle when a
bad object handle is passed to Tspi_Hash_Sign and the Tspi_Data
functions.
- added Tspi_TPM_CertifySelfTest functionality
- corrected iptables string in the tcsd manpage.
- Corrected return code in Tspi_Key_UnloadKey02.c testcase.
- enabled Tspi_TPM_GetTestResult functionality
- added selftest as an option to the list of remote ops for the access
control
- added compatibility with openssh-askpass for the popup dialog box.
Now either gtk2-devel OR openssh-askpass must be installed to build
trousers. Using openssh-askpass reduces the size of libtspi.so by
about 40K and reduces the number of dependencies from 26 to 6!
- Bugfixes
- The entityType field was being passed between the TCSD and
TSP as a UINT32 instead of UINT16. This was keeping Tspi_ChangeAuth
from working as advertised.
- Secrets were being hashed incorrectly when secret mode was PLAIN
and the secret data length was 0. Now, when secret mode is plain, the
passed in data is always hashed, even if its 0 length.
- Popups are hopefully being handled more correctly now. Previously
the dialog popped up at the time SetSecret was called, but now its
just when the secret is actually needed.
- sf.net Bug #118026: memory allocations and free's fixed in almost
all paths from app to tcstp.c wrt correctly returning calloc_tspi'd
memory vs. malloc'd memory. Only problem remaining is the PCR event
functions, which have dangling malloc'd references, which is an
architectural problem which should be solved in the 1.2 rewrite.
* TROUSERS_0_1_9
- added tcsd manpage
- added access control functionality so that sets of ordinals
cannot be executed by non-local hosts. This is now a
configurable option in tcsd.conf as "remote_ops".
- Set Physical Presence now works from the TSP when the TCSD
detects that it is running in single user mode. When not
running in single user mode, the TCS_PhysicalPresence
command returns TSS_E_NOTIMPL.
- Changed an fprintf to LogError in gtk/support.c
- TCP/IP server-side fixes in svrside.c
- various compile warnings fixed
- moved commonly used utility functions to trspi/trousers.c and
exported these functions in the header file tss/trousers.h.
- added new testcases for ChangeAuth of the TPM owner and SRK in
tcg/highlevel/tspi.
- added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c
- updated Tspi_TPM_GetCapability manpage.
- added code to detect a 1.2 TPM and get auth sessions the 1.2 way.
- added manpage for Tspi_TPM_GetPubEndorsementKey
- Bugfixes
- in crypto.c, encrypted data area should be RSA_size(rsa) bytes
large, not always 256. This was keeping non-2048 bit keys from
working with the TPM keyring app.
- Fixed detection of an already closed Tddl.
- Allow validating the entire TCPA_PUBKEY structure in
Tspi_TPM_GetPubEndorsementKey, as National chips do this.
- Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in
Tspi_TPM_GetCapability, which required a call to
TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added
tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test.
- When loading the SRK from TCS PS, the TCS key handle should now
be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in
the ChangeAuth code paths, which caused failing of various sorts.
- Bug fixed in roll over of TCS key handle generation. Previously we
would have smashed the SRK's fixed value and we would have thought
there were 2 SRK's loaded.
- sf.net bug #1154611, old SRK was not being removed from mem cache,
though disk cache was being deleted. This means that after re-taking
ownership the mem cache was corrupted until a restart of the TCSD.
- Feature Requests
- sf.net RFE #1122608 completed. Several different device locations
are now supported by default. If /dev/tpm is created its assumed that
the IBM Research device driver is being used and therefore ioctl's are
sent to the driver, all others get read/write's. Updated README.
* TROUSERS_0_1_8
- added a manpage for Tspi_TPM_PcrExtend
- added SHA1_HASH_SIZE #define tied to openssl/sha.h
- Corrected typo in tcpa_types.h of pValdationData -> pValidationData
- updated README with info on device file stuff
- added a usage function and long options to tcsd
- added an error message when incorrect params are passed to tcsd on
the command line.
- added -lcrypto and -lpthread to the build of libtspi.so, so that app
writers will avoid having to include those when they don't have to.
- Connected up Tspi_TPM_SetStatus and Tspi_TPM_SelfTestFull to
TCSP_SetTempDeactivated, TCSP_SelfTestFull, TCSP_SetOwnerInstall,
TCSP_OwnerSetDisable and TCSP_PhysicalDisable.
- Bugfixes
- tcsem.c:507, error in calculating number of PCR events to copy out.
- sf.net bug #1151183 fixed. Tspi_TPM_GetPubEndorsementKey now takes
the correct number of params, and all testcases/TSS calls are changed.
- sf.net bug #1113313 fixed. Tspi_TPM_TakeOwnership now allows a NULL
pub endorsement key handle and a testcase,
tcg/highlevel/tpm/Tspi_TPM_TakeOwnership03.c, exists to test this.
- In Tspi_SetAttribData, set the TCPA_KEY's privkey, not the wrapper
object on a TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY.
* TROUSERS_0_1_7
- Fixed the logging up so that if tcsd -f is specified, all logs go the
foreground, else all logs go to syslog.
- Moved the TPM_IOCTL #define into the tddl.h file. Now, if you're
using the IBM research device driver, compiling with #define TPM_IOCTL
will use ioctl's to open /dev/tpm and #undef TPM_IOCTL will use
read/write calls to /dev/tpm0.
- Revert accidental change in tddl.c
- Lots of 0's replaced with non-magic #define's in the TSP code
- In spi_getset.c: removed unimportant debugging stmts; make
Tspi_{Get|Set}AttribData set the correct public and private key data
when asked to.
- Lots of manpage verbage changes.
- added new manpages for: Tspi_TPM_TakeOwnership, Tspi_Key_LoadKey,
Tspi_Context_Create and Tspi_TPM_ClearOwner.
- Bugfixes
- cxt.c: when destroying a context object, release the tcs_ctx_lock before
calling ctx_ref_count_keys(). This prevents a deadlock.
- added a mutex unlock call for an error path that would have caused a
deadlock
* TROUSERS_0_1_6
- Logging functionality changes only, for bug #1106301
- TCSD:
- Logs now go to stdout/stderr until a successful startup
- After a successful startup, cmdline args are parsed
- if -f is specified, logging continues to stdout/stderr and daemon runs
in the foreground, killable by ctrl-c.
- If -f is not specified, logs go to syslog and the tcsd forks into the
background
- TSP library
- If compiled w/o debugging, there is no logging of any kind
- If compiled w/ debugging, all logs go to stdout/stderr, unless the
environment variable TSS_DEBUG_OFF is set, then, there is no logging of
any kind
- There is no longer a --enable-stderrlog option to the configure script
* TROUSERS_0_1_5
- Complete memory management overhaul. calloc_tspi is now used to clean up
memory allocated by Tspi functions. TCS blob functions have been changed
to not require a context, since there's no need w/o calloc_tspi. Its
now necessary to call free explicitly everywhere in the TCS. In the TSP,
calloc_tspi is now always called with the TSP context of the session, which
would will ensure all memory allocated by the session is accounted for.
- Unused #defines and variables removed from spi_utils.h
- Commented out code removed throughout the source.
- Removed log.o on a 'make clean'.
- commented out unnecessary logging, added more descriptive logging
- renamed variables named 'hContext' to specifiy whether they represent TSP
of TCS context handles.
- got rid of a few magic numbers
- Bugfixes
- in tcs/cache.c, getNextTimeStamp() was unlocking the mutex twice.
- removed destroy_key_refs() in TSP, which caused double free errors
- added call to event_log_final() in tcsd_shutdown() to clean up the event log
- added an intermediate copy stage of data in getTCSDPacket() to avoid
memcpy() calls with overlapping source and dest fields.
* TROUSERS_0_1_4
- added ChangeLog :-)
- TSP object management overhaul. All API's should be correct for contexts
whether they're connected to a TCS or not.
- testsuite changes based on object mgmt overhaul
- various internal fixes and simplifications of the code due to object mgmt
overhaul
* TROUSERS_0_1_3
- added helpful message when package gtk2-devel is not found in configure.in
- chown changes in dist/Makefile for new syntax
- added detailed flags to various manpages
- TSP memory management overhaul
- added more complete destroy_key_refs() function
- Bugfixes
- quashed memory leaks in TSP found by valgrind
- return TRUE/FALSE from getAttribData
- added TSS_TSPATTRIB_KEYINFO_SIZE to Tspi_GetAttribData
- call free() not Tspi_Context_FreeMemory() in spi_utils.c
* TROUSERS_0_1_2
- added bug report mailing list to configure.in
- added --enable-stderrlog feature to configure.in
- Marked Tspi_TPM_GetCapabilitySigned as not implemented (per TSS v1.1b spec)
- Bugfixes
- Removed common.h from Tspi_Context_RegisterKey manpage
- added endianess macros to spi_utils.h
- made all endianess fixes to the TSP and testsuite
- logging improvements tcspbg.c
- tcs_utils.c compile time warning quashed
* TROUSERS_0_1_1
- Updated design doc
- Updated README
- More sensible function naming (no addNewObject, just addObject)
- Bugfixes
- return data correctly in Tspi_GetAttribData
- malloc space for returned UUID correctly in tspps.c
- log errors in tddl.c
- follow a failure path in auth_mgr.c
- don't always return success in req_mgr.c
* TROUSERS_0_1_0
- Initial code drop
|