From 9a08b03c5770dfd2ae6037521e018bf22905c7b3 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 16 Feb 2018 18:32:43 -0500 Subject: [PATCH] tests: Test key written to and loaded from volatile state Test that a key written to volatile state is properly loaded again and produces the same signature as before. Signed-off-by: Stefan Berger --- tests/data/tpm2state3/signature2.bin | Bin 0 -> 262 bytes .../data/tpm2state3/tpm2-00.volatilestate.3rd | Bin 0 -> 6877 bytes tests/test_tpm2_save_load_state_3 | 235 +++++++++++++++++- 3 files changed, 234 insertions(+), 1 deletion(-) create mode 100644 tests/data/tpm2state3/signature2.bin create mode 100644 tests/data/tpm2state3/tpm2-00.volatilestate.3rd diff --git a/tests/data/tpm2state3/signature2.bin b/tests/data/tpm2state3/signature2.bin new file mode 100644 index 0000000000000000000000000000000000000000..7b417049a520f21ebacadbf1dea81de80c8958c5 GIT binary patch literal 262 zcmV+h0r~y_6aWhW00~Y$MdU~)z#yKw^rn->#3~W;yy|+q;k)$|>fWSflUR?;?YOPi zu|yXBZB{yJf+Nysh^T}^=0gii4Y7i@E3WgfiySOUYiL*_WR=7XlV zhyXY;V8{+k_V$AcIM8B-8D(fqULvcu1E$PyRpe_P@iE2lcZgOUQ|P@{)Dd670OJ%0 zPjOClRjF^dm}|~G^yp7htEQL{+*-(Uk!y5t(!hj3)(}3V*(>hpQG_w#xG*>`@Qd7g8AmvheV`JVH8e&;*`AQRW1 zXd(bYfJ5dG;BXLtSP}@Rxs&}oeaL8UlKT;~0b13a>`e+pbA=>yus2%~;Om3-_k@2Q zwg9qo4~pb;2jKo7-(h_!mqlzhv^EB6G=2Aqv4&n}qYWB`D;W4aPhDjdJ0D{>5!#c?S$n!FQ0tkq> z)RM=4B?3skuWZ0G|HmO9%KwjhB;Et@5cnztPyjkOta^)`BOwT-fCt3p+)UHCY6t(L zlNO5g>It-+E-sg{ZRlG~%v=c3>&cVhDY#G>FTS39%xm1AbK(!MIj55R%}rEnY&$g> z8^m$|Q59dai+QjlzP%+Rh0>Q1dqX$ee>^(nNnn|g&6)5=IXMN*bv-&Ur9o!5_onpk zYS?y#yz)t$#g3?7ODxwM)qJ+-35bih|DO4nc_krW@u45JaHRN|0o_%rtWHS{VGiJA zY1#%wsRL`@jQy@Wb}_U#+$nTkI7>p%@tNqwH9c7IK{x>~Ay$Sa0Dd9>!cf=}-Iv(; zc>p*U1h{Dk;uB*{!N;V;Ak1EWe-eQEo8fL*locW(epa$SQ<5X^*cbPLz6k&;YOY;= z3AJr|eIo`1mQd3hpD!~jf6Yy{vE`KnL%4Y-$x#%wC20QiVJpt z+fM71X=3v+V$Bxcl*!VPl$P^d(<1NBW#UIiRqt4A6IU>d*jIdZ7Jc$gQem9fMzpj3 zOQLnvNya|ql%_WKyh^4Tcih$I?k-b<-F|S7mMZw0+MhU^Ih7r6w{NEZ}wR;w_7G@H#W__GG7}omz&?(n0SIlGbxO}BcfiS zoI@Kv;=&nUj1BHbeD`s2xM9!Hv(%RGwScS7P;!>e?v725adeTGZO!M$2s>}spP$1t zM_dk7vL}?;P29*|^|Pg60Z~}bbVtZ~R(m#a=TD8>|8nHWC~N+Rn-kdc$l@1FStW$n z1NZ?nm!=Z{FM^E#BA5HKq7(@bh$FBb1yCH!Akdy8La4b=e8z7G)RjH=X?@ zyKcsM8fzzrQT)Dn#;UshRo%r<_iC=tUfdnqg2+K zrS6$UF8W!oGebhdAAimk&jKBQ#BfRd-qDccCGdWvc#nylI}$)+jKs4 zD=&(#xIf}kZ}#F%jQJh&dS7O?O5Br?TNX7JAu8?dwrjnI#?2>qzmbl0Q1SR6HUuSbt_V3t zrW+(U%IM+krn3Aom*2^|L|hw62y*N3GR*1_fKfrii2NrC>nUKHTrew1*rXHW>MXS% zYlxg!enFtYPVezGQkJk-6E;KG_t-7((j6u(g5FaOMi+1o80PPvqrzgScp1ZuwdONh zV&`4_R5PsPzH^dERtdct^g<>#L7@4&nT~g>8}+LY@}hdtjgP<*|=}r!v@J>YW=rZXy&@!Tx8R1wMLYB zr9Gl@ui{SeP+i1tL!*yY-j;gu+6=$H_?ZWFr2$G<@x2mtfE2f>NAs}}*27Z{YoFSj ztScVLm#`LPrickTENXnNAxeueUY;AQInd!>*EUG-K{|+L_sR~684#x{gbd&V9%o)O zot@71X$1Y$p56QOn##tj&Nxdc4Rc1>@O5`9vG~~TSml9$?6fKUq;?Moc4&f zx3<<#<&V@zQr#`BwhxEbT4rN(y;n>tg7pB|HH6;}9TG-bJ&ev#h_cnreE*8NIFkb`(^ $TMPFILE + if [ $? -ne 0 ]; then + echo "Error: createprimary failed." + exit 1 + fi + if [ -z "$(grep 80000000 $TMPFILE)" ]; then + echo "Error: createprimary did not result in expected handle 80000000" + exit 1 + fi + + echo -n "123" > $BINFILE + ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE} > $TMPFILE + if [ $? -ne 0 ]; then + echo "Error: Could not create signature." + cat $TMPFILE + exit 1 + fi + + printf "Verifying signature with this key (create phase)\n" + ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \ + -is ${SIGFILE} \ + -if ${BINFILE} > $TMPFILE + if [ $? -ne 0 ]; then + echo "Verifying signature failed." + exit 1 + fi + fi + + if [ $check -eq 1 ]; then + local sigfile=${SIGFILE} hash1 hash2 + + if [ $previousstate -ne 0 ]; then + sigfile=${DIR}/data/tpm2state3/signature2.bin + fi + + printf "Checking availability of key with handle 0x80000000\n" + ${TOOLSPATH}/${PREFIX}getcapability -cap 1 -pr 0x80000000 >$TMPFILE + if [ -z "$(grep 80000000 $TMPFILE)" ]; then + echo "Could not find key with handle 0x80000000" + exit 1 + fi + + printf "Verifying signature with this key (check phase)\n" + echo -n "123" > $BINFILE + ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \ + -is ${sigfile} \ + -if ${BINFILE} > $TMPFILE + if [ $? -ne 0 ]; then + echo "Verifying signature failed." + exit 1 + fi + + if [ $previousstate -eq 0 ]; then + ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE2} > $TMPFILE + if [ $? -ne 0 ]; then + echo "Error: Could not create signature." + cat $TMPFILE + exit 1 + fi + hash1=$(get_sha1_file ${SIGFILE}) + hash2=$(get_sha1_file ${SIGFILE2}) + if [ "${hash1}" != "${hash2}" ]; then + echo "Error: hashes of signatures are different. Loaded key may be different." + exit 1 + fi + fi + fi +} + export TPM_SERVER_TYPE=raw export TPM_COMMAND_PORT=65533 export TPM_DATA_DIR=$TPMDIR @@ -1052,4 +1136,153 @@ fi echo "Test 3 OK" + +# +# +# Tests with volatile state -- 3rd test +# +# + +rm -f ${TPMDIR}/* + +$SWTPM_EXE socket \ + --server port=${TPM_COMMAND_PORT} \ + --tpmstate dir=$TPMDIR \ + --pid file=$PID_FILE \ + --ctrl type=unixio,path=$SOCK_PATH \ + --log file=$LOGFILE,level=20 \ + --tpm2 & + +if wait_for_file $PID_FILE 3; then + echo "Error: (3) Socket TPM did not write pidfile." + exit 1 +fi + +PID="$(cat $PID_FILE)" + +# Send TPM_Init +act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" + exit 1 +fi + +${TOOLSPATH}/${PREFIX}startup -c +if [ $? -ne 0 ]; then + echo "Error: tpm_startup clear failed." + cat $LOGFILE + exit 1 +fi + +test_primary_volatile_load 1 0 0 + +act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act" + exit 1 +fi + +${TOOLSPATH}/${PREFIX}shutdown -c +if [ $? -ne 0 ]; then + echo "Error: tpm_shutdown clear failed." + cat $LOGFILE + exit 1 +fi + +# Send Shutdown +act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" + exit 1 +fi + +################################################################# +# Run TPM2 with the saved volatile state + +# create a backup for running the next test... +# cp $TPMDIR/tpm2-00.volatilestate ${DIR}/data/tpm2state3/tpm2-00.volatilestate.3rd +# cp $SIGFILE ${DIR}/data/tpm2state3/signature2.bin + +#echo $TPMDIR +#ls -l $TPMDIR +$SWTPM_EXE socket \ + --server port=${TPM_COMMAND_PORT} \ + --tpmstate dir=$TPMDIR \ + --pid file=$PID_FILE \ + --ctrl type=unixio,path=$SOCK_PATH \ + --log file=$LOGFILE,level=20 \ + --tpm2 & + +if wait_for_file $PID_FILE 3; then + echo "Error: (3) Socket TPM did not write pidfile." + exit 1 +fi + +PID="$(cat $PID_FILE)" + +# Send TPM_Init +act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) +if [ $? -ne 0 ]; then + cat $LOGFILE + echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" + exit 1 +fi + +test_primary_volatile_load 0 1 0 + +${TOOLSPATH}/${PREFIX}shutdown -c +if [ $? -ne 0 ]; then + echo "Error: tpm_shutdown clear failed." + cat $LOGFILE + exit 1 +fi + +# Send Shutdown +act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" + exit 1 +fi + +##################################################################### +# Run TPM2 with previously saved (volatile) state and verify it's +# working as well + +cp -f ${DIR}/data/tpm2state3/tpm2-00.volatilestate.3rd $TPMDIR/tpm2-00.volatilestate + +$SWTPM_EXE socket \ + --server port=${TPM_COMMAND_PORT} \ + --tpmstate dir=$TPMDIR \ + --pid file=$PID_FILE \ + --ctrl type=unixio,path=$SOCK_PATH \ + --log file=$LOGFILE,level=20 \ + --tpm2 & + +if wait_for_file $PID_FILE 3; then + echo "Error: (3) Socket TPM did not write pidfile." + exit 1 +fi + +echo "TPM started with previously generated state" + +PID="$(cat $PID_FILE)" + +# Send TPM_Init +act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" + exit 1 +fi + +test_primary_volatile_load 0 1 1 + +# Send Shutdown +act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) +if [ $? -ne 0 ]; then + echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" + exit 1 +fi + +echo "Test 4 OK" + exit 0 -- 2.39.5