test

test 2

verifier: add option to send revocation messages via webhook

This introduces the option to also send revocation messages via webhook
instead of 0mq. It is useful for systems that need to act on revocation
messages but are not running the Keylime agent.

Signed-off-by: Thore Sommer <mail@thson.de>

Update python cryptography lib to v3.3.2

Fixes issue keylime#581

Signed-off-by: Michael Peters <mpeters@redhat.com>

Remove TPM1.2 specifics from README (keylime#561)

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Fix CVE-2021-3406

This ensures we verify the EK and AIK we get from the agent before
trusting signatures by it.

Advisory: GHSA-78f8-6c68-375m
For details, see https://patrick.uiterwijk.org/blog/tpm2-attestation-keylime-vulnerability
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Michael Peters <mpeters@redhat.com>

ima: Count for bad file signatures in separate error field

Extend the err array with another field and account for bad file signatures
in err[3]. We move prior usage of err[3] to err[4] where the good
entries are counted and now sum over 4 error fields rather than 3.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

ima: Count for bad file signatures in separate error field

Extend the err array with another field and account for bad file signatures
in err[3]. We move prior usage of err[3] to err[4] where the good
entries are counted and now sum over 4 error fields rather than 3.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>