script/fint-log-compiler.sh - third_party/github.com/tpm2-software/tpm2-tss - Git at Google

 #!/usr/bin/env bash
 #;**********************************************************************;
 # SPDX-License-Identifier: BSD-2-Clause
 #
 # Copyright (c) 2017 - 2020, Intel Corporation
 # Copyright (c) 2018 - 2020, Fraunhofer SIT sponsored by Infineon Technologies AG
 #
 # All rights reserved.
 #;**********************************************************************;

 # source the int-log-compiler-common sript
 . ${srcdir}/script/int-log-compiler-common.sh

 sanity_test

 # start simulator if needed
 if [[ ${INTEGRATION_TCTI} == "mssim" || ${INTEGRATION_TCTI} == "swtpm" ]]; then
     echo "Trying to start simulator ${INTEGRATION_TCTI}"
     try_simulator_start
     TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}"
     TPM20TEST_TCTI="${INTEGRATION_TCTI}:host=${TPM20TEST_SOCKET_ADDRESS},port=${TPM20TEST_SOCKET_PORT}"
 else
     # Device will be used.
     TPM20TEST_TCTI="${INTEGRATION_TCTI}:${TPM20TEST_DEVICE_FILE}"
 fi

 while true; do

 # Some debug prints
 echo "TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME}"
 echo "TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE}"
 echo "TPM20TEST_SOCKET_ADDRESS=${TPM20TEST_SOCKET_ADDRESS}"
 echo "TPM20TEST_SOCKET_PORT=${TPM20TEST_SOCKET_PORT}"
 echo "TPM20TEST_TCTI=${TPM20TEST_TCTI}"

 if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
         TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
         TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
         TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_startup
     if [ $? -ne 0 ]; then
         echo "TPM_StartUp failed"
         ret=99
         break
     fi
 else
     env TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME} \
         TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE} \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_transientempty
     if [ $? -ne 0 ]; then
         echo "TPM transient area not empty => skipping"
         ret=99
         break
     fi
 fi

 # Certificate generation for simulator tests
 if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     EKPUB_FILE=${TEST_BIN}_ekpub.pem
     EKCERT_FILE=${TEST_BIN}_ekcert.crt
     EKCERT_PEM_FILE=${TEST_BIN}_ekcert.pem

     env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
         TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
         TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
         TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
         TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_getek ${EKPUB_FILE}
     if [ $? -ne 0 ]; then
         echo "TPM_getek failed"
         ret=99
         break
     fi

     EKECCPUB_FILE=${TEST_BIN}_ekeccpub.pem
     EKECCCERT_FILE=${TEST_BIN}_ekecccert.crt
     EKECCCERT_PEM_FILE=${TEST_BIN}_ekecccert.pem

     env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
         TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
         TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
         TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
         TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
         G_MESSAGES_DEBUG=all ./test/helper/tpm_getek_ecc ${EKECCPUB_FILE}
     if [ $? -ne 0 ]; then
         echo "TPM_getek_ecc failed"
         ret=99
         break
     fi

     INTERMEDCA_FILE=${TEST_BIN}_intermedecc-ca
     ROOTCA_FILE=${TEST_BIN}_root-ca

     SCRIPTDIR="$(dirname $(realpath $0))/"
     ${SCRIPTDIR}/ekca/create_ca.sh "${EKPUB_FILE}" "${EKECCPUB_FILE}" "${EKCERT_FILE}" \
                 "${EKECCCERT_FILE}" "${INTERMEDCA_FILE}" "${ROOTCA_FILE}" >${TEST_BIN}_ca.log 2>&1
     if [ $? -ne 0 ]; then
         echo "ek-cert ca failed"
         ret=99
         break
     fi

     # Determine the fingerprint of the RSA EK public.
     FINGERPRINT=$(openssl pkey -pubin -inform PEM -in ${EKPUB_FILE} -outform DER | shasum -a 256  | cut -f 1 -d ' ')
     export FAPI_TEST_FINGERPRINT=" { \"hashAlg\" : \"sha256\", \"digest\" : \"${FINGERPRINT}\" }"
     openssl x509 -inform DER -in ${EKCERT_FILE} -outform PEM -out ${EKCERT_PEM_FILE}
     export FAPI_TEST_CERTIFICATE="file:${EKCERT_PEM_FILE}"

     # Determine the fingerprint of the RSA EK public.
     FINGERPRINT_ECC=$(openssl pkey -pubin -inform PEM -in ${EKECCPUB_FILE} -outform DER | shasum -a 256  | cut -f 1 -d ' ')
     export FAPI_TEST_FINGERPRINT_ECC=" { \"hashAlg\" : \"sha256\", \"digest\" : \"${FINGERPRINT_ECC}\" }"
     openssl x509 -inform DER -in ${EKECCCERT_FILE} -outform PEM -out ${EKECCCERT_PEM_FILE}
     export FAPI_TEST_CERTIFICATE_ECC="file:${EKECCCERT_PEM_FILE}"

     cat $EKCERT_FILE | \
         env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
             TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
             TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
             TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
             TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
             G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C00002
     if [ $? -ne 0 ]; then
         echo "TPM_writeekcert failed"
         ret=99
         break
     fi

     cat $EKECCCERT_FILE | \
         env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
             TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
             TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
             TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
             TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
             G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C0000A
     if [ $? -ne 0 ]; then
         echo "TPM_writeekcert failed"
         ret=99
     fi
 fi # certificate generation

 TPMSTATE_FILE1=${TEST_BIN}_state1
 TPMSTATE_FILE2=${TEST_BIN}_state2

 env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
     TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
     TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
     TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
     TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
     G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE1}
 if [ $? -ne 0 ]; then
     echo "Error during dumpstate"
     ret=99
     break
 fi

 echo "Execute the test script"
 if [ "${TPM20TEST_TCTI_NAME}" == "device" ]; then
     # No root certificate needed
     env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
         TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
         TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
         TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
         TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
         G_MESSAGES_DEBUG=all ${@: -1}
 else
     # Run test with generated certificate.
     env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
         TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
         TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
         TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
         FAPI_TEST_ROOT_CERT=${ROOTCA_FILE}.pem \
         TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
         G_MESSAGES_DEBUG=all ${@: -1}
 fi
 ret=$?
 echo "Script returned $ret"

 #We check the state before a reboot to see if transients and NV were chagned.
 env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
     TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
     TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
     TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
     G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE2}
 if [ $? -ne 0 ]; then
     echo "Error during dumpstate"
     ret=99
     break
 fi

 if [ "$(cat ${TPMSTATE_FILE1})" != "$(cat ${TPMSTATE_FILE2})" ]; then
     echo "TPM changed state during test"
     echo "State before ($TPMSTATE_FILE1):"
     cat ${TPMSTATE_FILE1}
     echo "State after ($TPMSTATE_FILE2):"
     cat ${TPMSTATE_FILE2}
     ret=1
     break
 fi

 #TODO: Add a tpm-restart/reboot here

 break
 done

 if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
     # This sleep is sadly necessary: If we kill the tabrmd w/o sleeping for a
     # second after the test finishes the simulator will die too. Bug in the
     # simulator?
     sleep 1
     # teardown
     daemon_stop ${SIM_PID_FILE}
     rm -rf ${SIM_TMP_DIR} ${SIM_PID_FILE}
 fi

 exit $ret
	#!/usr/bin/env bash
	#;**********************************************************************;
	# SPDX-License-Identifier: BSD-2-Clause
	#
	# Copyright (c) 2017 - 2020, Intel Corporation
	# Copyright (c) 2018 - 2020, Fraunhofer SIT sponsored by Infineon Technologies AG
	#
	# All rights reserved.
	#;**********************************************************************;

	# source the int-log-compiler-common sript
	. ${srcdir}/script/int-log-compiler-common.sh

	sanity_test

	# start simulator if needed
	if [[ ${INTEGRATION_TCTI} == "mssim" \|\| ${INTEGRATION_TCTI} == "swtpm" ]]; then
	echo "Trying to start simulator ${INTEGRATION_TCTI}"
	try_simulator_start
	TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}"
	TPM20TEST_TCTI="${INTEGRATION_TCTI}:host=${TPM20TEST_SOCKET_ADDRESS},port=${TPM20TEST_SOCKET_PORT}"
	else
	# Device will be used.
	TPM20TEST_TCTI="${INTEGRATION_TCTI}:${TPM20TEST_DEVICE_FILE}"
	fi

	while true; do

	# Some debug prints
	echo "TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME}"
	echo "TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE}"
	echo "TPM20TEST_SOCKET_ADDRESS=${TPM20TEST_SOCKET_ADDRESS}"
	echo "TPM20TEST_SOCKET_PORT=${TPM20TEST_SOCKET_PORT}"
	echo "TPM20TEST_TCTI=${TPM20TEST_TCTI}"

	if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_startup
	if [ $? -ne 0 ]; then
	echo "TPM_StartUp failed"
	ret=99
	break
	fi
	else
	env TPM20TEST_TCTI_NAME=${TPM20TEST_TCTI_NAME} \
	TPM20TEST_DEVICE_FILE=${TPM20TEST_DEVICE_FILE} \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_transientempty
	if [ $? -ne 0 ]; then
	echo "TPM transient area not empty => skipping"
	ret=99
	break
	fi
	fi

	# Certificate generation for simulator tests
	if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
	EKPUB_FILE=${TEST_BIN}_ekpub.pem
	EKCERT_FILE=${TEST_BIN}_ekcert.crt
	EKCERT_PEM_FILE=${TEST_BIN}_ekcert.pem

	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_getek ${EKPUB_FILE}
	if [ $? -ne 0 ]; then
	echo "TPM_getek failed"
	ret=99
	break
	fi

	EKECCPUB_FILE=${TEST_BIN}_ekeccpub.pem
	EKECCCERT_FILE=${TEST_BIN}_ekecccert.crt
	EKECCCERT_PEM_FILE=${TEST_BIN}_ekecccert.pem

	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_getek_ecc ${EKECCPUB_FILE}
	if [ $? -ne 0 ]; then
	echo "TPM_getek_ecc failed"
	ret=99
	break
	fi

	INTERMEDCA_FILE=${TEST_BIN}_intermedecc-ca
	ROOTCA_FILE=${TEST_BIN}_root-ca

	SCRIPTDIR="$(dirname $(realpath $0))/"
	${SCRIPTDIR}/ekca/create_ca.sh "${EKPUB_FILE}" "${EKECCPUB_FILE}" "${EKCERT_FILE}" \
	"${EKECCCERT_FILE}" "${INTERMEDCA_FILE}" "${ROOTCA_FILE}" >${TEST_BIN}_ca.log 2>&1
	if [ $? -ne 0 ]; then
	echo "ek-cert ca failed"
	ret=99
	break
	fi

	# Determine the fingerprint of the RSA EK public.
	FINGERPRINT=$(openssl pkey -pubin -inform PEM -in ${EKPUB_FILE} -outform DER \| shasum -a 256 \| cut -f 1 -d ' ')
	export FAPI_TEST_FINGERPRINT=" { \"hashAlg\" : \"sha256\", \"digest\" : \"${FINGERPRINT}\" }"
	openssl x509 -inform DER -in ${EKCERT_FILE} -outform PEM -out ${EKCERT_PEM_FILE}
	export FAPI_TEST_CERTIFICATE="file:${EKCERT_PEM_FILE}"

	# Determine the fingerprint of the RSA EK public.
	FINGERPRINT_ECC=$(openssl pkey -pubin -inform PEM -in ${EKECCPUB_FILE} -outform DER \| shasum -a 256 \| cut -f 1 -d ' ')
	export FAPI_TEST_FINGERPRINT_ECC=" { \"hashAlg\" : \"sha256\", \"digest\" : \"${FINGERPRINT_ECC}\" }"
	openssl x509 -inform DER -in ${EKECCCERT_FILE} -outform PEM -out ${EKECCCERT_PEM_FILE}
	export FAPI_TEST_CERTIFICATE_ECC="file:${EKECCCERT_PEM_FILE}"

	cat $EKCERT_FILE \| \
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C00002
	if [ $? -ne 0 ]; then
	echo "TPM_writeekcert failed"
	ret=99
	break
	fi

	cat $EKECCCERT_FILE \| \
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C0000A
	if [ $? -ne 0 ]; then
	echo "TPM_writeekcert failed"
	ret=99
	fi
	fi # certificate generation

	TPMSTATE_FILE1=${TEST_BIN}_state1
	TPMSTATE_FILE2=${TEST_BIN}_state2

	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE1}
	if [ $? -ne 0 ]; then
	echo "Error during dumpstate"
	ret=99
	break
	fi

	echo "Execute the test script"
	if [ "${TPM20TEST_TCTI_NAME}" == "device" ]; then
	# No root certificate needed
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ${@: -1}
	else
	# Run test with generated certificate.
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	FAPI_TEST_ROOT_CERT=${ROOTCA_FILE}.pem \
	TPM20TEST_DEVICE_FILE="${TPM20TEST_DEVICE_FILE}" \
	G_MESSAGES_DEBUG=all ${@: -1}
	fi
	ret=$?
	echo "Script returned $ret"

	#We check the state before a reboot to see if transients and NV were chagned.
	env TPM20TEST_TCTI_NAME="${TPM20TEST_TCTI_NAME}" \
	TPM20TEST_SOCKET_ADDRESS="${TPM20TEST_SOCKET_ADDRESS}" \
	TPM20TEST_SOCKET_PORT="${TPM20TEST_SOCKET_PORT}" \
	TPM20TEST_TCTI="${TPM20TEST_TCTI}" \
	G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>${TPMSTATE_FILE2}
	if [ $? -ne 0 ]; then
	echo "Error during dumpstate"
	ret=99
	break
	fi

	if [ "$(cat ${TPMSTATE_FILE1})" != "$(cat ${TPMSTATE_FILE2})" ]; then
	echo "TPM changed state during test"
	echo "State before ($TPMSTATE_FILE1):"
	cat ${TPMSTATE_FILE1}
	echo "State after ($TPMSTATE_FILE2):"
	cat ${TPMSTATE_FILE2}
	ret=1
	break
	fi

	#TODO: Add a tpm-restart/reboot here

	break
	done

	if [ "${TPM20TEST_TCTI_NAME}" != "device" ]; then
	# This sleep is sadly necessary: If we kill the tabrmd w/o sleeping for a
	# second after the test finishes the simulator will die too. Bug in the
	# simulator?
	sleep 1
	# teardown
	daemon_stop ${SIM_PID_FILE}
	rm -rf ${SIM_TMP_DIR} ${SIM_PID_FILE}
	fi

	exit $ret