diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/tpm-luks')
-rw-r--r-- | nixpkgs/pkgs/tools/security/tpm-luks/default.nix | 36 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch | 63 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch | 15 |
3 files changed, 114 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix new file mode 100644 index 000000000000..4aab72cb5dfc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }: + +stdenv.mkDerivation { + pname = "tpm-luks"; + version = "unstable-2015-07-11"; + + src = fetchgit { + url = "https://github.com/momiji/tpm-luks"; + rev = "c9c5b7fdddbcdac1cd4d2ea6baddd0617cc88ffa"; + sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; + }; + + patches = [ + ./openssl-1.1.patch + ./signed-ptr.patch + ]; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ gawk trousers cryptsetup openssl ]; + + installPhase = '' + mkdir -p $out + make install DESTDIR=$out + mv $out/$out/sbin $out/bin + rm -r $out/nix + ''; + + meta = with lib; { + description = "LUKS key storage in TPM NVRAM"; + homepage = "https://github.com/shpedoikal/tpm-luks/"; + maintainers = [ maintainers.tstrobel ]; + license = with licenses; [ gpl2Only ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch new file mode 100644 index 000000000000..10132242b345 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch @@ -0,0 +1,63 @@ +diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c +index 5545375..f9bedea 100644 +--- a/swtpm-utils/lib/hmac.c ++++ b/swtpm-utils/lib/hmac.c +@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke + /****************************************************************************/ + uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) + { +- HMAC_CTX hmac; ++ HMAC_CTX* hmac; + unsigned int dlen; + unsigned char *data; + va_list argp; +- +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_init(&hmac); +-#endif +- HMAC_Init(&hmac,key,keylen,EVP_sha1()); ++ ++ hmac = HMAC_CTX_new(); ++ ++ if (hmac == NULL) ++ { ++ return ERR_MEM_ERR; ++ } ++ ++ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL); + + va_start(argp,keylen); + for (;;) +@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i + if (dlen == 0) break; + data = (unsigned char *)va_arg(argp,unsigned char *); + if (data == NULL) return ERR_NULL_ARG; +- HMAC_Update(&hmac,data,dlen); ++ HMAC_Update(hmac,data,dlen); + } +- HMAC_Final(&hmac,digest,&dlen); ++ HMAC_Final(hmac,digest,&dlen); + +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_cleanup(&hmac); +-#endif ++ HMAC_CTX_free(hmac); + va_end(argp); + return 0; + } +diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c +index 99691b6..6627a1f 100644 +--- a/swtpm-utils/lib/keys.c ++++ b/swtpm-utils/lib/keys.c +@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k) + exp); + } + /* set up the RSA public key structure */ +- rsa->n = mod; +- rsa->e = exp; ++ RSA_set0_key(rsa, mod, exp, NULL); + return rsa; + } + diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch b/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch new file mode 100644 index 000000000000..83e356a4ef9e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch @@ -0,0 +1,15 @@ +diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c +index 7359ba3..17b4324 100644 +--- a/swtpm-utils/getcapability.c ++++ b/swtpm-utils/getcapability.c +@@ -480,7 +480,8 @@ int main(int argc, char *argv[]) + } + + if (c) { +- char pcrmap[4], *pf; ++ char pcrmap[4]; ++ unsigned char *pf; + + memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect, + ndp.pcrInfoRead.pcrSelection.sizeOfSelect); + |