tests/test_parameters

   1 #!/usr/bin/env bash
   2
   3 # For the license, see the LICENSE file in the root directory.
   4
   5 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
   6 TESTDIR=${abs_top_testdir:=$(dirname "$0")}
   7 SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}
   8
   9 PATH=$ROOT/src/swtpm:$PATH
  10
  11 PARAMETERS=(
  12         ""
  13         "--createek"
  14         "--take-ownership"
  15         "--createek --lock-nvram"
  16         "--take-ownership --lock-nvram"
  17         "--lock-nvram"
  18         "--take-ownership --ownerpass OOO"
  19         "--take-ownership --srkpass SSS"
  20         "--take-ownership --ownerpass OO --srkpass SS"
  21         "--take-ownership --lock-nvram --display"
  22         "--display"
  23         "--lock-nvram --display"
  24         "--take-ownership --srk-well-known"
  25         "--take-ownership --owner-well-known"
  26         "--take-ownership --srk-well-known --owner-well-known"
  27         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
  28         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
  29         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
  30         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
  31         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
  32         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
  33         "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
  34 )
  35
  36 # Open read-only file descriptors referenced in test cases
  37 exec 100<${TESTDIR}/data/keyfile256bit.txt
  38 exec 101<${TESTDIR}/data/pwdfile.txt
  39
  40 FILESIZES=(
  41         1185
  42         1605
  43         2066
  44         1605
  45         2066
  46         1185
  47         2066
  48         2066
  49         2066
  50         2066
  51         1185
  52         1185
  53         2066
  54         2066
  55         2066
  56         1721
  57         1788
  58         1788
  59         1820
  60         1820
  61         1820
  62         1820
  63 )
  64
  65 source ${TESTDIR}/common
  66 skip_test_no_tpm12 "${SWTPM_EXE}"
  67
  68 SWTPM=swtpm
  69 SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
  70 TPMDIR="$(mktemp -d)" || exit 1
  71 SWTPM_SETUP_CONF=$SRCDIR/samples/swtpm_setup.conf
  72 # filesystem privileges require to run swtpm_setup as root during test
  73 TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF}"
  74 PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH
  75
  76 trap "cleanup" SIGTERM EXIT
  77
  78 function cleanup()
  79 {
  80         rm -rf $TPMDIR
  81 }
  82
  83 # swtpm_setup.conf points to the local create_certs.sh
  84 # For create_certs.sh to be found (with out full path)
  85 # add this directory to the PATH
  86 PATH=$PATH:$PWD
  87
  88 for (( i=0; i<${#PARAMETERS[*]}; i++)); do
  89         rm -rf $TPMDIR/*
  90         echo -n "Test $i: "
  91         $TPMAUTHORING \
  92                 --tpm-state $TPMDIR \
  93                 --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
  94                 ${PARAMETERS[$i]} 2>&1 >/dev/null
  95
  96         if [ $? -ne 0 ]; then
  97                 echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
  98                 exit 1
  99         elif [ ! -f $TPMDIR/tpm-00.permall ]; then
 100                 echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
 101                       produce file $TPMDIR/tpm-00.permall."
 102                 exit 1
 103         fi
 104
 105         FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
 106         if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
 107                 echo "ERROR: Unexpected file size of $FILESIZE, "\
 108                      "expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
 109                 exit 1
 110         fi
 111
 112         # Make sure the state is encrypted when a key was given.
 113         # We expect sequences of 4 0-bytes in unencrypted state
 114         # and no such sequences in encrypted state.
 115         nullseq="$(cat $TPMDIR/tpm-00.permall | \
 116                         od -t x1 -A n | tr -d '\n' | tr -s ' ' |
 117                         grep "00 00 00 00")"
 118         if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then
 119                 if [ -n "${nullseq}" ]; then
 120                         echo "ERROR: State file is not encrypted with" \
 121                              "parameters '${PARAMETERS[$i]}'"
 122                 fi
 123         else
 124                 if [ -z "${nullseq}" ]; then
 125                         echo "ERROR: State must not be encrypted with" \
 126                              "parameters '${PARAMETERS[$i]}'"
 127                 fi
 128         fi
 129
 130         echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
 131 done
 132
 133 exec 100>&-
 134 exec 101>&-
 135
 136 exit 0