]>
Commit | Line | Data |
---|---|---|
8f0f381f | 1 | #!/usr/bin/env bash |
e46a2b66 SB |
2 | |
3 | # For the license, see the LICENSE file in the root directory. | |
4 | ||
313cf75c SB |
5 | ROOT=${abs_top_builddir:-$(dirname "$0")/..} |
6 | TESTDIR=${abs_top_testdir:=$(dirname "$0")} | |
c51c07a0 | 7 | SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..} |
e46a2b66 | 8 | |
cc410ca9 SB |
9 | PATH=$ROOT/src/swtpm:$PATH |
10 | ||
e46a2b66 SB |
11 | PARAMETERS=( |
12 | "" | |
13 | "--createek" | |
14 | "--take-ownership" | |
15 | "--createek --lock-nvram" | |
16 | "--take-ownership --lock-nvram" | |
17 | "--lock-nvram" | |
18 | "--take-ownership --ownerpass OOO" | |
19 | "--take-ownership --srkpass SSS" | |
20 | "--take-ownership --ownerpass OO --srkpass SS" | |
21 | "--take-ownership --lock-nvram --display" | |
22 | "--display" | |
23 | "--lock-nvram --display" | |
24 | "--take-ownership --srk-well-known" | |
25 | "--take-ownership --owner-well-known" | |
26 | "--take-ownership --srk-well-known --owner-well-known" | |
313cf75c SB |
27 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display" |
28 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt" | |
29 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt" | |
71d9581a SB |
30 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc" |
31 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc" | |
3892b0d8 SB |
32 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc" |
33 | "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc" | |
e46a2b66 SB |
34 | ) |
35 | ||
3892b0d8 SB |
36 | # Open read-only file descriptors referenced in test cases |
37 | exec 100<${TESTDIR}/data/keyfile256bit.txt | |
38 | exec 101<${TESTDIR}/data/pwdfile.txt | |
39 | ||
e46a2b66 | 40 | FILESIZES=( |
27bf9db6 SB |
41 | 1185 |
42 | 1605 | |
43 | 2066 | |
44 | 1605 | |
45 | 2066 | |
46 | 1185 | |
47 | 2066 | |
48 | 2066 | |
49 | 2066 | |
50 | 2066 | |
51 | 1185 | |
52 | 1185 | |
53 | 2066 | |
54 | 2066 | |
55 | 2066 | |
56 | 1721 | |
638bd3ba SB |
57 | 1788 |
58 | 1788 | |
13b76898 SB |
59 | 1820 |
60 | 1820 | |
3892b0d8 SB |
61 | 1820 |
62 | 1820 | |
e46a2b66 SB |
63 | ) |
64 | ||
13b76898 | 65 | source ${TESTDIR}/common |
f1adde9f | 66 | skip_test_no_tpm12 "${SWTPM_EXE}" |
13b76898 | 67 | |
e46a2b66 | 68 | SWTPM=swtpm |
19e05751 | 69 | SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM} |
cce7503c | 70 | TPMDIR="$(mktemp -d)" || exit 1 |
edfb8d8a | 71 | SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf |
e46a2b66 | 72 | # filesystem privileges require to run swtpm_setup as root during test |
cc410ca9 | 73 | TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}" |
c51c07a0 | 74 | PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH |
e46a2b66 | 75 | |
e46a2b66 SB |
76 | trap "cleanup" SIGTERM EXIT |
77 | ||
e46a2b66 SB |
78 | function cleanup() |
79 | { | |
80 | rm -rf $TPMDIR | |
81 | } | |
82 | ||
84d2e89a SB |
83 | # swtpm_setup.conf points to the local create_certs.sh |
84 | # For create_certs.sh to be found (with out full path) | |
85 | # add this directory to the PATH | |
86 | PATH=$PATH:$PWD | |
87 | ||
e46a2b66 SB |
88 | for (( i=0; i<${#PARAMETERS[*]}; i++)); do |
89 | rm -rf $TPMDIR/* | |
90 | echo -n "Test $i: " | |
91 | $TPMAUTHORING \ | |
92 | --tpm-state $TPMDIR \ | |
930c7ba1 | 93 | --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \ |
e46a2b66 | 94 | ${PARAMETERS[$i]} 2>&1 >/dev/null |
cc410ca9 | 95 | |
e46a2b66 SB |
96 | if [ $? -ne 0 ]; then |
97 | echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed." | |
98 | exit 1 | |
99 | elif [ ! -f $TPMDIR/tpm-00.permall ]; then | |
100 | echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not | |
101 | produce file $TPMDIR/tpm-00.permall." | |
102 | exit 1 | |
103 | fi | |
104 | ||
13b76898 | 105 | FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall) |
e46a2b66 SB |
106 | if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then |
107 | echo "ERROR: Unexpected file size of $FILESIZE, "\ | |
108 | "expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}" | |
109 | exit 1 | |
110 | fi | |
111 | ||
3892b0d8 SB |
112 | # Make sure the state is encrypted when a key was given. |
113 | # We expect sequences of 4 0-bytes in unencrypted state | |
114 | # and no such sequences in encrypted state. | |
115 | nullseq="$(cat $TPMDIR/tpm-00.permall | \ | |
2f86b627 | 116 | od -t x1 -A n | tr -d '\n' | tr -s ' ' | |
3892b0d8 SB |
117 | grep "00 00 00 00")" |
118 | if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then | |
119 | if [ -n "${nullseq}" ]; then | |
120 | echo "ERROR: State file is not encrypted with" \ | |
121 | "parameters '${PARAMETERS[$i]}'" | |
122 | fi | |
123 | else | |
124 | if [ -z "${nullseq}" ]; then | |
125 | echo "ERROR: State must not be encrypted with" \ | |
126 | "parameters '${PARAMETERS[$i]}'" | |
127 | fi | |
128 | fi | |
129 | ||
e46a2b66 SB |
130 | echo "SUCCESS with parameters '${PARAMETERS[$i]}'." |
131 | done | |
3892b0d8 SB |
132 | |
133 | exec 100>&- | |
134 | exec 101>&- | |
cc410ca9 SB |
135 | |
136 | exit 0 |