| #!/usr/bin/env bash |
| |
| # For the license, see the LICENSE file in the root directory. |
| |
| ROOT=${abs_top_builddir:-$(dirname "$0")/..} |
| TESTDIR=${abs_top_testdir:=$(dirname "$0")} |
| SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..} |
| |
| PATH=$ROOT/src/swtpm:$PATH |
| |
| PARAMETERS=( |
| "" |
| "--createek" |
| "--take-ownership" |
| "--createek --lock-nvram" |
| "--take-ownership --lock-nvram" |
| "--lock-nvram" |
| "--take-ownership --ownerpass OOO" |
| "--take-ownership --srkpass SSS" |
| "--take-ownership --ownerpass OO --srkpass SS" |
| "--take-ownership --lock-nvram --display" |
| "--display" |
| "--lock-nvram --display" |
| "--take-ownership --srk-well-known" |
| "--take-ownership --owner-well-known" |
| "--take-ownership --srk-well-known --owner-well-known" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc" |
| "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc" |
| ) |
| |
| # Open read-only file descriptors referenced in test cases |
| exec 100<"${TESTDIR}/data/keyfile256bit.txt" |
| exec 101<"${TESTDIR}/data/pwdfile.txt" |
| |
| FILESIZES=( |
| 1185 |
| 1605 |
| 2066 |
| 1605 |
| 2066 |
| 1185 |
| 2066 |
| 2066 |
| 2066 |
| 2066 |
| 1185 |
| 1185 |
| 2066 |
| 2066 |
| 2066 |
| 1721 |
| 1788 |
| 1788 |
| 1820 |
| 1820 |
| 1820 |
| 1820 |
| ) |
| |
| source "${TESTDIR}/common" |
| skip_test_no_tpm12 "${SWTPM_EXE}" |
| |
| SWTPM=swtpm |
| SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM} |
| TPMDIR="$(mktemp -d)" || exit 1 |
| SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf |
| # filesystem privileges require to run swtpm_setup as root during test |
| TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}" |
| PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH |
| |
| trap "cleanup" SIGTERM EXIT |
| |
| function cleanup() |
| { |
| rm -rf "$TPMDIR" |
| } |
| |
| # swtpm_setup.conf points to the local create_certs.sh |
| # For create_certs.sh to be found (with out full path) |
| # add this directory to the PATH |
| PATH=$PATH:$PWD |
| |
| for (( i=0; i<${#PARAMETERS[*]}; i++)); do |
| rm -rf "${TPMDIR:?}"/* |
| echo -n "Test $i: " |
| params=${PARAMETERS[$i]} |
| if ! $TPMAUTHORING \ |
| --tpm-state "$TPMDIR" \ |
| --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \ |
| ${params:+${params}} &>/dev/null; |
| then |
| echo "ERROR: Test with parameters '${params}' failed." |
| exit 1 |
| elif [ ! -f "$TPMDIR/tpm-00.permall" ]; then |
| echo "ERROR: Test with parameters '${params}' did not |
| produce file $TPMDIR/tpm-00.permall." |
| exit 1 |
| fi |
| |
| FILESIZE=$(get_filesize "$TPMDIR/tpm-00.permall") |
| if [ "${FILESIZE}" -ne "${FILESIZES[$i]}" ]; then |
| echo "ERROR: Unexpected file size of $FILESIZE, "\ |
| "expected ${FILESIZES[$i]}. Parameters: ${params}" |
| exit 1 |
| fi |
| |
| # Make sure the state is encrypted when a key was given. |
| # We expect sequences of 4 0-bytes in unencrypted state |
| # and no such sequences in encrypted state. |
| nullseq="$(od -t x1 -A n < "$TPMDIR/tpm-00.permall" | tr -d '\n' | tr -s ' ' | |
| grep "00 00 00 00")" |
| if [[ "$params}" =~ (keyfile|pwdfile) ]]; then |
| if [ -n "${nullseq}" ]; then |
| echo "ERROR: State file is not encrypted with" \ |
| "parameters '${params}'" |
| fi |
| else |
| if [ -z "${nullseq}" ]; then |
| echo "ERROR: State must not be encrypted with" \ |
| "parameters '${params}'" |
| fi |
| fi |
| |
| echo "SUCCESS with parameters '${params}'." |
| done |
| |
| exec 100>&- |
| exec 101>&- |
| |
| exit 0 |