Remove TPM
authorMike Looijmans <milo-software@users.sourceforge.net>
Sun, 9 Aug 2015 11:45:49 +0000 (13:45 +0200)
committerMike Looijmans <milo-software@users.sourceforge.net>
Sun, 9 Aug 2015 11:45:49 +0000 (13:45 +0200)
Remove a waste of resources.

doc/TPM [deleted file]
lib/base/Makefile.inc
lib/base/etpm.cpp [deleted file]
lib/base/etpm.h [deleted file]
lib/python/enigma_python.i

diff --git a/doc/TPM b/doc/TPM
deleted file mode 100644 (file)
index 20c0230..0000000
--- a/doc/TPM
+++ /dev/null
@@ -1,27 +0,0 @@
-The TPM check is currently to be considered a beta version. So please expect
-code changes in the future.
-
-If you'd like to write your own plugins and honor the efforts, Dream Multimedia
-puts into developing Enigma 2, you can protect your plugin against execution
-on Non-Dream Multimedia Hardware by implementing a TPM (Trusted Platform Module)
-check into your plugin.
-For ease of use we provide a demo plugin in lib/python/Plugins/DemoPlugins/TPMDemo.
-
-The main TPM check is implemented into the "main" function. You need to provide
-this code yourself in your plugin. So copy&paste the code into your own as well
-as the needed functions
-- bin2long
-- long2bin
-- rsa_pub1024
-- decrypt_block
-- validate_cert
-- read_random
-Importing the functions from somewhere else would spoil the security model. So
-you need to provide the code with your plugin.
-You can either use the given method using the main function (which will run the
-TPM check each time the plugin is called) or directly use it in the
-Plugins(**kwargs) function and not return the Plugins-list if the TPM check failes
-(which will prevent the plugin from showing up at all). You can also implement
-a warning message for all possible TPM failure scenarios.
-  
index 94f293e..f6385a0 100644 (file)
@@ -12,7 +12,6 @@ base_libenigma_base_a_SOURCES = \
        base/elock.cpp \
        base/encoding.cpp \
        base/estring.cpp \
-       base/etpm.cpp \
        base/freesatv2.cpp \
        base/filepush.cpp \
        base/init.cpp \
@@ -41,7 +40,6 @@ baseinclude_HEADERS = \
        base/encoding.h \
        base/eptrlist.h \
        base/estring.h \
-       base/etpm.h \
        base/filepush.h \
        base/freesatv2.cpp \
        base/i18n.h \
diff --git a/lib/base/etpm.cpp b/lib/base/etpm.cpp
deleted file mode 100644 (file)
index 8a3626d..0000000
+++ /dev/null
@@ -1,178 +0,0 @@
-#include <sys/socket.h>
-#include <fcntl.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-#include <lib/base/eerror.h>
-
-#include "etpm.h"
-
-eTPM::eTPM()
-{
-       struct sockaddr_un addr;
-       unsigned char buf[8];
-       unsigned int tag;
-       size_t len;
-       unsigned char *val;
-
-       level2_cert_read = level3_cert_read = false;
-
-       addr.sun_family = AF_UNIX;
-       strcpy(addr.sun_path, TPMD_SOCKET);
-
-       fd = socket(PF_UNIX, SOCK_STREAM, 0);
-       if (fd < 0)
-       {
-               eDebug("[eTPM] socket error: %m");
-               return;
-       }
-
-       if (connect(fd, (const struct sockaddr *)&addr, SUN_LEN(&addr)) < 0)
-       {
-               eDebug("[eTPM] connect error %m");
-               return;
-       }
-
-       buf[0] = TPMD_DT_LEVEL2_CERT;
-       buf[1] = TPMD_DT_LEVEL3_CERT;
-       if (!send_cmd(TPMD_CMD_GET_DATA, buf, 2))
-       {
-               return;
-       }
-
-       val = (unsigned char*)recv_cmd(&tag, &len);
-       if (val == NULL)
-       {
-               return;
-       }
-
-       parse_data(val, len);
-       free(val);
-}
-
-eTPM::~eTPM()
-{
-       if (fd >= 0)
-               close(fd);
-}
-
-bool eTPM::send_cmd(enum tpmd_cmd cmd, const void *data, size_t len)
-{
-       unsigned char buf[len + 4];
-
-       buf[0] = (cmd >> 8) & 0xff;
-       buf[1] = (cmd >> 0) & 0xff;
-       buf[2] = (len >> 8) & 0xff;
-       buf[3] = (len >> 0) & 0xff;
-       memcpy(&buf[4], data, len);
-
-       if (write(fd, buf, sizeof(buf)) != (ssize_t)sizeof(buf))
-       {
-               eDebug("[eTPM] %s: incomplete write: %m", __func__);
-               return false;
-       }
-
-       return true;
-}
-
-void* eTPM::recv_cmd(unsigned int *tag, size_t *len)
-{
-       unsigned char buf[4];
-       void *val;
-
-       if (read(fd, buf, 4) != 4)
-       {
-               eDebug("[eTPM] %s: incomplete read: %m", __func__);
-               return NULL;
-       }
-
-       *tag = (buf[0] << 8) | buf[1];
-       *len = (buf[2] << 8) | buf[3];
-
-       val = malloc(*len);
-       if (val == NULL)
-               return NULL;
-
-       ssize_t rd = read(fd, val, *len);
-       if (rd < 0)
-       {
-               eDebug("[eTPM] %s: incomplete read2: %m", __func__);
-               free(val);
-               val = (void *)0;
-       }
-       else
-       {
-               if ((size_t)rd != *len)
-               {
-                       eDebug("[eTPM] %s: incomplete read3: %m", __func__);
-                       free(val);
-                       val = (void *)0;
-               }
-       }
-
-       return val;
-}
-
-void eTPM::parse_data(const unsigned char *data, size_t datalen)
-{
-       unsigned int i;
-       unsigned int tag;
-       unsigned int len;
-       const unsigned char *val;
-
-       for (i = 0; i < datalen; i += len) {
-               tag = data[i++];
-               len = data[i++];
-               val = &data[i];
-
-               switch (tag) {
-               case TPMD_DT_LEVEL2_CERT:
-                       if (len != 210)
-                               break;
-                       memcpy(level2_cert, val, 210);
-                       level2_cert_read = true;
-                       break;
-               case TPMD_DT_LEVEL3_CERT:
-                       if (len != 210)
-                               break;
-                       memcpy(level3_cert, val, 210);
-                       level3_cert_read = true;
-                       break;
-               }
-       }
-}
-
-std::string eTPM::getCert(cert_type type)
-{
-       if (type == TPMD_DT_LEVEL2_CERT && level2_cert_read)
-               return std::string((char*)level2_cert, 210);
-       else if (type == TPMD_DT_LEVEL3_CERT && level3_cert_read)
-               return std::string((char*)level3_cert, 210);
-       return "";
-}
-
-std::string eTPM::challenge(std::string rnd)
-{
-       if (rnd.length() == 8)
-       {
-               if (!send_cmd(TPMD_CMD_COMPUTE_SIGNATURE, rnd.c_str(), 8))
-                       return "";
-
-               unsigned int tag;
-               size_t len;
-               unsigned char *val = (unsigned char*)recv_cmd(&tag, &len);
-
-               if (tag != TPMD_CMD_COMPUTE_SIGNATURE)
-                       return "";
-
-               std::string ret((char*)val, len);
-               free(val);
-               return ret;
-       }
-       return "";
-}
diff --git a/lib/base/etpm.h b/lib/base/etpm.h
deleted file mode 100644 (file)
index fd74538..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
-#ifndef __lib_base_etpm_h
-#define __lib_base_etpm_h
-
-#ifndef SWIG
-#define TPMD_SOCKET "/var/run/tpmd_socket"
-#endif
-
-#include <string>
-
-class eTPM
-{
-#ifndef SWIG
-       int fd;
-       unsigned char level2_cert[210];
-       unsigned char level3_cert[210];
-       bool level2_cert_read;
-       bool level3_cert_read;
-
-       enum tpmd_cmd {
-               TPMD_CMD_RESERVED               = 0x0000,
-               TPMD_CMD_GET_DATA               = 0x0001,
-               TPMD_CMD_APDU                   = 0x0002,
-               TPMD_CMD_COMPUTE_SIGNATURE      = 0x0003,
-               TPMD_CMD_APP_CERT               = 0x0004,
-       };
-
-       bool send_cmd(enum tpmd_cmd cmd, const void *data, size_t len);
-       void *recv_cmd(unsigned int *tag, size_t *len);
-       void parse_data(const unsigned char *data, size_t datalen);
-
-#endif
-public:
-       eTPM();
-       ~eTPM();
-
-       enum cert_type {
-               TPMD_DT_LEVEL2_CERT = 0x04,
-               TPMD_DT_LEVEL3_CERT = 0x05,
-               DT_LEVEL2_CERT = 0x04,
-               DT_LEVEL3_CERT = 0x05
-       };
-       std::string getCert(cert_type type);
-       std::string challenge(std::string rnd);
-       std::string getData(cert_type type) { return getCert(type); };
-       std::string computeSignature(const std::string &data) { return challenge(data); };
-};
-
-#endif // __lib_base_etpm_h
index dd4b8c7..96e64df 100644 (file)
@@ -40,7 +40,6 @@ is usually caused by not marking PSignals as immutable.
 #include <lib/base/smartptr.h>
 #include <lib/base/eenv.h>
 #include <lib/base/eerror.h>
-#include <lib/base/etpm.h>
 #include <lib/base/message.h>
 #include <lib/driver/rc.h>
 #include <lib/driver/rcinput_swig.h>
@@ -189,7 +188,6 @@ typedef long time_t;
 %immutable eTuxtxtApp::appClosed;
 %immutable iDVBChannel::receivedTsidOnid;
 %include <lib/base/message.h>
-%include <lib/base/etpm.h>
 %include <lib/driver/rc.h>
 %include <lib/driver/rcinput_swig.h>
 %include <lib/gdi/fb.h>