tests/test_parameters - third_party/github.com/stefanberger/swtpm - Git at Google

 #!/usr/bin/env bash

 # For the license, see the LICENSE file in the root directory.

 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
 TESTDIR=${abs_top_testdir:=$(dirname "$0")}
 SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}

 PATH=$ROOT/src/swtpm:$PATH

 PARAMETERS=(
 	""
 	"--createek"
 	"--take-ownership"
 	"--createek --lock-nvram"
 	"--take-ownership --lock-nvram"
 	"--lock-nvram"
 	"--take-ownership --ownerpass OOO"
 	"--take-ownership --srkpass SSS"
 	"--take-ownership --ownerpass OO --srkpass SS"
 	"--take-ownership --lock-nvram --display"
 	"--display"
 	"--lock-nvram --display"
 	"--take-ownership --srk-well-known"
 	"--take-ownership --owner-well-known"
 	"--take-ownership --srk-well-known --owner-well-known"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
 	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
 )

 # Open read-only file descriptors referenced in test cases
 exec 100<${TESTDIR}/data/keyfile256bit.txt
 exec 101<${TESTDIR}/data/pwdfile.txt

 FILESIZES=(
 	1185
 	1605
 	2066
 	1605
 	2066
 	1185
 	2066
 	2066
 	2066
 	2066
 	1185
 	1185
 	2066
 	2066
 	2066
 	1721
 	1788
 	1788
 	1820
 	1820
 	1820
 	1820
 )

 source ${TESTDIR}/common
 skip_test_no_tpm12 "${SWTPM_EXE}"

 SWTPM=swtpm
 SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
 TPMDIR="$(mktemp -d)" || exit 1
 SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf
 # filesystem privileges require to run swtpm_setup as root during test
 TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}"
 PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH

 trap "cleanup" SIGTERM EXIT

 function cleanup()
 {
 	rm -rf $TPMDIR
 }

 # swtpm_setup.conf points to the local create_certs.sh
 # For create_certs.sh to be found (with out full path)
 # add this directory to the PATH
 PATH=$PATH:$PWD

 for (( i=0; i<${#PARAMETERS[*]}; i++)); do
 	rm -rf $TPMDIR/*
 	echo -n "Test $i: "
 	$TPMAUTHORING \
 		--tpm-state $TPMDIR \
 		--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
 		${PARAMETERS[$i]} 2>&1 >/dev/null

 	if [ $? -ne 0 ]; then
 		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
 		exit 1
 	elif [ ! -f $TPMDIR/tpm-00.permall ]; then
 		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
 		      produce file $TPMDIR/tpm-00.permall."
 		exit 1
 	fi

 	FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
 	if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
 		echo "ERROR: Unexpected file size of $FILESIZE, "\
 		     "expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
 		exit 1
 	fi

 	# Make sure the state is encrypted when a key was given.
 	# We expect sequences of 4 0-bytes in unencrypted state
 	# and no such sequences in encrypted state.
 	nullseq="$(cat $TPMDIR/tpm-00.permall | \
 			od -t x1 -A n | tr -d '\n' | tr -s ' ' |
 			grep "00 00 00 00")"
 	if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then
 		if [ -n "${nullseq}" ]; then
 			echo "ERROR: State file is not encrypted with" \
 			     "parameters '${PARAMETERS[$i]}'"
 		fi
 	else
 		if [ -z "${nullseq}" ]; then
 			echo "ERROR: State must not be encrypted with" \
 			     "parameters '${PARAMETERS[$i]}'"
 		fi
 	fi

 	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
 done

 exec 100>&-
 exec 101>&-

 exit 0
	#!/usr/bin/env bash

	# For the license, see the LICENSE file in the root directory.

	ROOT=${abs_top_builddir:-$(dirname "$0")/..}
	TESTDIR=${abs_top_testdir:=$(dirname "$0")}
	SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}

	PATH=$ROOT/src/swtpm:$PATH

	PARAMETERS=(
	""
	"--createek"
	"--take-ownership"
	"--createek --lock-nvram"
	"--take-ownership --lock-nvram"
	"--lock-nvram"
	"--take-ownership --ownerpass OOO"
	"--take-ownership --srkpass SSS"
	"--take-ownership --ownerpass OO --srkpass SS"
	"--take-ownership --lock-nvram --display"
	"--display"
	"--lock-nvram --display"
	"--take-ownership --srk-well-known"
	"--take-ownership --owner-well-known"
	"--take-ownership --srk-well-known --owner-well-known"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
	)

	# Open read-only file descriptors referenced in test cases
	exec 100<${TESTDIR}/data/keyfile256bit.txt
	exec 101<${TESTDIR}/data/pwdfile.txt

	FILESIZES=(
	1185
	1605
	2066
	1605
	2066
	1185
	2066
	2066
	2066
	2066
	1185
	1185
	2066
	2066
	2066
	1721
	1788
	1788
	1820
	1820
	1820
	1820
	)

	source ${TESTDIR}/common
	skip_test_no_tpm12 "${SWTPM_EXE}"

	SWTPM=swtpm
	SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
	TPMDIR="$(mktemp -d)" \|\| exit 1
	SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf
	# filesystem privileges require to run swtpm_setup as root during test
	TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}"
	PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH

	trap "cleanup" SIGTERM EXIT

	function cleanup()
	{
	rm -rf $TPMDIR
	}

	# swtpm_setup.conf points to the local create_certs.sh
	# For create_certs.sh to be found (with out full path)
	# add this directory to the PATH
	PATH=$PATH:$PWD

	for (( i=0; i<${#PARAMETERS[*]}; i++)); do
	rm -rf $TPMDIR/*
	echo -n "Test $i: "
	$TPMAUTHORING \
	--tpm-state $TPMDIR \
	--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
	${PARAMETERS[$i]} 2>&1 >/dev/null

	if [ $? -ne 0 ]; then
	echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
	exit 1
	elif [ ! -f $TPMDIR/tpm-00.permall ]; then
	echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
	produce file $TPMDIR/tpm-00.permall."
	exit 1
	fi

	FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
	if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
	echo "ERROR: Unexpected file size of $FILESIZE, "\
	"expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
	exit 1
	fi

	# Make sure the state is encrypted when a key was given.
	# We expect sequences of 4 0-bytes in unencrypted state
	# and no such sequences in encrypted state.
	nullseq="$(cat $TPMDIR/tpm-00.permall \| \
	od -t x1 -A n \| tr -d '\n' \| tr -s ' ' \|
	grep "00 00 00 00")"
	if [[ "${PARAMETERS[$i]}" =~ (keyfile\|pwdfile) ]]; then
	if [ -n "${nullseq}" ]; then
	echo "ERROR: State file is not encrypted with" \
	"parameters '${PARAMETERS[$i]}'"
	fi
	else
	if [ -z "${nullseq}" ]; then
	echo "ERROR: State must not be encrypted with" \
	"parameters '${PARAMETERS[$i]}'"
	fi
	fi

	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
	done

	exec 100>&-
	exec 101>&-

	exit 0