[swtpm.git] / tests / test_parameters

#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:=$(dirname "$0")}
SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}

PATH=$ROOT/src/swtpm:$PATH

PARAMETERS=(
	""
	"--createek"
	"--take-ownership"
	"--createek --lock-nvram"
	"--take-ownership --lock-nvram"
	"--lock-nvram"
	"--take-ownership --ownerpass OOO"
	"--take-ownership --srkpass SSS"
	"--take-ownership --ownerpass OO --srkpass SS"
	"--take-ownership --lock-nvram --display"
	"--display"
	"--lock-nvram --display"
	"--take-ownership --srk-well-known"
	"--take-ownership --owner-well-known"
	"--take-ownership --srk-well-known --owner-well-known"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
)

# Open read-only file descriptors referenced in test cases
exec 100<${TESTDIR}/data/keyfile256bit.txt
exec 101<${TESTDIR}/data/pwdfile.txt

FILESIZES=(
	1185
	1605
	2066
	1605
	2066
	1185
	2066
	2066
	2066
	2066
	1185
	1185
	2066
	2066
	2066
	1721
	1788
	1788
	1820
	1820
	1820
	1820
)

source ${TESTDIR}/common
skip_test_no_tpm12 "${SWTPM_EXE}"

SWTPM=swtpm
SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
TPMDIR="$(mktemp -d)" || exit 1
SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf
# filesystem privileges require to run swtpm_setup as root during test
TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}"
PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -rf $TPMDIR
}

# swtpm_setup.conf points to the local create_certs.sh
# For create_certs.sh to be found (with out full path)
# add this directory to the PATH
PATH=$PATH:$PWD

for (( i=0; i<${#PARAMETERS[*]}; i++)); do
	rm -rf $TPMDIR/*
	echo -n "Test $i: "
	$TPMAUTHORING \
		--tpm-state $TPMDIR \
		--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
		${PARAMETERS[$i]} 2>&1 >/dev/null

	if [ $? -ne 0 ]; then
		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
		exit 1
	elif [ ! -f $TPMDIR/tpm-00.permall ]; then
		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
		      produce file $TPMDIR/tpm-00.permall."
		exit 1
	fi

	FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
	if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
		echo "ERROR: Unexpected file size of $FILESIZE, "\
		     "expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
		exit 1
	fi

	# Make sure the state is encrypted when a key was given.
	# We expect sequences of 4 0-bytes in unencrypted state
	# and no such sequences in encrypted state.
	nullseq="$(cat $TPMDIR/tpm-00.permall | \
			od -t x1 -A n | tr -d '\n' | tr -s ' ' |
			grep "00 00 00 00")"
	if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then
		if [ -n "${nullseq}" ]; then
			echo "ERROR: State file is not encrypted with" \
			     "parameters '${PARAMETERS[$i]}'"
		fi
	else
		if [ -z "${nullseq}" ]; then
			echo "ERROR: State must not be encrypted with" \
			     "parameters '${PARAMETERS[$i]}'"
		fi
	fi

	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
done

exec 100>&-
exec 101>&-

exit 0
Commit	Line	Data
8f0f381f	1	#!/usr/bin/env bash
e46a2b66 SB	2
	3	# For the license, see the LICENSE file in the root directory.
	4
313cf75c SB	5	ROOT=${abs_top_builddir:-$(dirname "$0")/..}
313cf75c SB	6	TESTDIR=${abs_top_testdir:=$(dirname "$0")}
c51c07a0	7	SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}
e46a2b66	8
cc410ca9 SB	9	PATH=$ROOT/src/swtpm:$PATH
cc410ca9 SB	10
e46a2b66 SB	11	PARAMETERS=(
	12	""
	13	"--createek"
	14	"--take-ownership"
	15	"--createek --lock-nvram"
	16	"--take-ownership --lock-nvram"
	17	"--lock-nvram"
	18	"--take-ownership --ownerpass OOO"
	19	"--take-ownership --srkpass SSS"
	20	"--take-ownership --ownerpass OO --srkpass SS"
	21	"--take-ownership --lock-nvram --display"
	22	"--display"
	23	"--lock-nvram --display"
	24	"--take-ownership --srk-well-known"
	25	"--take-ownership --owner-well-known"
	26	"--take-ownership --srk-well-known --owner-well-known"
313cf75c SB	27	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	28	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	29	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
71d9581a SB	30	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
71d9581a SB	31	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
3892b0d8 SB	32	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
3892b0d8 SB	33	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
e46a2b66 SB	34	)
e46a2b66 SB	35
3892b0d8 SB	36	# Open read-only file descriptors referenced in test cases
	37	exec 100<${TESTDIR}/data/keyfile256bit.txt
	38	exec 101<${TESTDIR}/data/pwdfile.txt
	39
e46a2b66	40	FILESIZES=(
27bf9db6 SB	41	1185
	42	1605
	43	2066
	44	1605
	45	2066
	46	1185
	47	2066
	48	2066
	49	2066
	50	2066
	51	1185
	52	1185
	53	2066
	54	2066
	55	2066
	56	1721
638bd3ba SB	57	1788
638bd3ba SB	58	1788
13b76898 SB	59	1820
13b76898 SB	60	1820
3892b0d8 SB	61	1820
3892b0d8 SB	62	1820
e46a2b66 SB	63	)
e46a2b66 SB	64
13b76898	65	source ${TESTDIR}/common
f1adde9f	66	skip_test_no_tpm12 "${SWTPM_EXE}"
13b76898	67
e46a2b66	68	SWTPM=swtpm
19e05751	69	SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
cce7503c	70	TPMDIR="$(mktemp -d)" \|\| exit 1
edfb8d8a	71	SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf
e46a2b66	72	# filesystem privileges require to run swtpm_setup as root during test
cc410ca9	73	TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}"
c51c07a0	74	PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH
e46a2b66	75
e46a2b66 SB	76	trap "cleanup" SIGTERM EXIT
e46a2b66 SB	77
e46a2b66 SB	78	function cleanup()
	79	{
	80	rm -rf $TPMDIR
	81	}
	82
84d2e89a SB	83	# swtpm_setup.conf points to the local create_certs.sh
	84	# For create_certs.sh to be found (with out full path)
	85	# add this directory to the PATH
	86	PATH=$PATH:$PWD
	87
e46a2b66 SB	88	for (( i=0; i<${#PARAMETERS[*]}; i++)); do
	89	rm -rf $TPMDIR/*
	90	echo -n "Test $i: "
	91	$TPMAUTHORING \
	92	--tpm-state $TPMDIR \
930c7ba1	93	--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
e46a2b66	94	${PARAMETERS[$i]} 2>&1 >/dev/null
cc410ca9	95
e46a2b66 SB	96	if [ $? -ne 0 ]; then
	97	echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
	98	exit 1
	99	elif [ ! -f $TPMDIR/tpm-00.permall ]; then
	100	echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
	101	produce file $TPMDIR/tpm-00.permall."
	102	exit 1
	103	fi
	104
13b76898	105	FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
e46a2b66 SB	106	if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
	107	echo "ERROR: Unexpected file size of $FILESIZE, "\
	108	"expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
	109	exit 1
	110	fi
	111
3892b0d8 SB	112	# Make sure the state is encrypted when a key was given.
	113	# We expect sequences of 4 0-bytes in unencrypted state
	114	# and no such sequences in encrypted state.
	115	nullseq="$(cat $TPMDIR/tpm-00.permall \| \
2f86b627	116	od -t x1 -A n \| tr -d '\n' \| tr -s ' ' \|
3892b0d8 SB	117	grep "00 00 00 00")"
	118	if [[ "${PARAMETERS[$i]}" =~ (keyfile\|pwdfile) ]]; then
	119	if [ -n "${nullseq}" ]; then
	120	echo "ERROR: State file is not encrypted with" \
	121	"parameters '${PARAMETERS[$i]}'"
	122	fi
	123	else
	124	if [ -z "${nullseq}" ]; then
	125	echo "ERROR: State must not be encrypted with" \
	126	"parameters '${PARAMETERS[$i]}'"
	127	fi
	128	fi
	129
e46a2b66 SB	130	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
e46a2b66 SB	131	done
3892b0d8 SB	132
	133	exec 100>&-
	134	exec 101>&-
cc410ca9 SB	135
cc410ca9 SB	136	exit 0