[swtpm.git] / tests / test_tpm2_ctrlchannel3

#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

TPMDIR="$(mktemp -d)" || exit 1
SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
PID_FILE=$TPMDIR/swtpm.pid
LOG_FILE=$TPMDIR/swtpm.log

SWTPM_SERVER_PORT=65474
SWTPM_CTRL_PORT=65475

source "${TESTDIR}/test_common"

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -rf "${TPMDIR}"
	if [ -n "${SWTPM_PID}" ]; then
		kill_quiet -SIGTERM "${SWTPM_PID}" 2>/dev/null
	fi
}

source "${TESTDIR}/common"
skip_test_no_tpm12 "${SWTPM_EXE}"


if ! [[ "$(uname -s)" =~ Linux ]]; then
	echo "Need Linux to run UnixIO test for CMD_SET_DATAFD."
	echo "Test 1: Skipped"
else

	# Test CMD_SET_DATAFD
	cp "${TESTDIR}/data/tpmstate1/"* "${TPMDIR}"
	$SWTPM_EXE socket \
		--tpm2 \
		--flags not-need-init \
		--ctrl "type=unixio,path=${SWTPM_CTRL_UNIX_PATH}" \
		--tpmstate dir="${TPMDIR}" \
		-t \
		--pid "file=${PID_FILE}" \
		--log "file=${LOG_FILE},level=20" \
		${SWTPM_TEST_SECCOMP_OPT} &
	SWTPM_PID=$!

	if wait_for_file "${PID_FILE}" 3; then
		echo "Error: Socket TPM did not write pidfile."
		exit 1
	fi

	LOG=$(SOCK_PATH=${SWTPM_CTRL_UNIX_PATH} exec "${TESTDIR}/test_setdatafd.py" --tpm2)
	res=$?

	if [ $res -ne 0 ]; then
		echo "Error: CMD_SET_DATAFD failed: $LOG"
		exit 1
	fi

	if wait_process_gone ${SWTPM_PID} 4; then
		echo "Error: TPM should not be running anymore after data channel loss."
		exit 1
	fi

	echo "Test 1: OK"
fi

# Test that loss of control channel terminates swtpm

$SWTPM_EXE socket \
	--tpm2 \
	--ctrl "type=unixio,path=${SWTPM_CTRL_UNIX_PATH},terminate" \
	--server "type=tcp,port=${SWTPM_SERVER_PORT}" \
	--tpmstate "dir=${TPMDIR}" \
	--pid "file=${PID_FILE}" \
	${SWTPM_TEST_SECCOMP_OPT} &
SWTPM_PID=$!

if wait_for_file "${PID_FILE}" 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

# Opening the data socket must NOT terminate it
exec 100<>/dev/tcp/127.0.0.1/${SWTPM_SERVER_PORT}
exec 100>&-
sleep 1

if ! kill -0 "${SWTPM_PID}"; then
	echo "Error: Opening and closing data channel must not have terminated swtpm"
	exit 1
fi

if ! socat -T1 - "UNIX-CONNECT:${SWTPM_CTRL_UNIX_PATH}"; then
	echo "Error: Socat failed"
	exit 1
fi

if wait_process_gone "${SWTPM_PID}" 4; then
	echo "Error: TPM should not be running anymore after control channel loss."
	exit 1
fi

echo "Test 2: OK"

$SWTPM_EXE socket \
	--tpm2 \
	--ctrl "type=tcp,port=${SWTPM_CTRL_PORT},terminate" \
	--server "type=tcp,port=${SWTPM_SERVER_PORT}" \
	--tpmstate "dir=${TPMDIR}" \
	--pid "file=${PID_FILE}" \
	${SWTPM_TEST_SECCOMP_OPT} &
SWTPM_PID=$!

if wait_for_file "${PID_FILE}" 3; then
	echo "Error: Swtpm did not write pidfile."
	exit 1
fi

# Opening the data socket must NOT terminate it
exec 100<>/dev/tcp/127.0.0.1/${SWTPM_SERVER_PORT}
exec 100>&-
sleep 1

if ! kill -0 "${SWTPM_PID}"; then
	echo "Error: Opening and closing data channel must not have terminated swtpm"
	exit 1
fi

# Opening the ctrl socket must be enough to terminate it
exec 100<>/dev/tcp/127.0.0.1/${SWTPM_CTRL_PORT}
exec 100>&-

if wait_process_gone "${SWTPM_PID}" 4; then
	echo "Error: TPM should not be running anymore after control channel loss."
	exit 1
fi

echo "Test 3: OK"

exit 0
Commit	Line	Data
aa92bbf6 SB	1	#!/usr/bin/env bash
	2
	3	# For the license, see the LICENSE file in the root directory.
	4
	5	ROOT=${abs_top_builddir:-$(dirname "$0")/..}
	6	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
	7
	8	TPMDIR="$(mktemp -d)" \|\| exit 1
	9	SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
	10	PID_FILE=$TPMDIR/swtpm.pid
	11	LOG_FILE=$TPMDIR/swtpm.log
	12
	13	SWTPM_SERVER_PORT=65474
	14	SWTPM_CTRL_PORT=65475
	15
	16	source "${TESTDIR}/test_common"
	17
	18	trap "cleanup" SIGTERM EXIT
	19
	20	function cleanup()
	21	{
	22	rm -rf "${TPMDIR}"
	23	if [ -n "${SWTPM_PID}" ]; then
	24	kill_quiet -SIGTERM "${SWTPM_PID}" 2>/dev/null
	25	fi
	26	}
	27
	28	source "${TESTDIR}/common"
	29	skip_test_no_tpm12 "${SWTPM_EXE}"
	30
	31
	32	if ! [[ "$(uname -s)" =~ Linux ]]; then
	33	echo "Need Linux to run UnixIO test for CMD_SET_DATAFD."
	34	echo "Test 1: Skipped"
	35	else
	36
	37	# Test CMD_SET_DATAFD
	38	cp "${TESTDIR}/data/tpmstate1/"* "${TPMDIR}"
	39	$SWTPM_EXE socket \
	40	--tpm2 \
	41	--flags not-need-init \
	42	--ctrl "type=unixio,path=${SWTPM_CTRL_UNIX_PATH}" \
	43	--tpmstate dir="${TPMDIR}" \
	44	-t \
	45	--pid "file=${PID_FILE}" \
	46	--log "file=${LOG_FILE},level=20" \
	47	${SWTPM_TEST_SECCOMP_OPT} &
	48	SWTPM_PID=$!
	49
	50	if wait_for_file "${PID_FILE}" 3; then
	51	echo "Error: Socket TPM did not write pidfile."
	52	exit 1
	53	fi
	54
	55	LOG=$(SOCK_PATH=${SWTPM_CTRL_UNIX_PATH} exec "${TESTDIR}/test_setdatafd.py" --tpm2)
	56	res=$?
	57
	58	if [ $res -ne 0 ]; then
	59	echo "Error: CMD_SET_DATAFD failed: $LOG"
	60	exit 1
	61	fi
	62
	63	if wait_process_gone ${SWTPM_PID} 4; then
	64	echo "Error: TPM should not be running anymore after data channel loss."
65	exit 1
66	fi
67
68	echo "Test 1: OK"
69	fi
70
71	# Test that loss of control channel terminates swtpm
72
73	$SWTPM_EXE socket \
74	--tpm2 \
75	--ctrl "type=unixio,path=${SWTPM_CTRL_UNIX_PATH},terminate" \
76	--server "type=tcp,port=${SWTPM_SERVER_PORT}" \
77	--tpmstate "dir=${TPMDIR}" \
78	--pid "file=${PID_FILE}" \
79	${SWTPM_TEST_SECCOMP_OPT} &
80	SWTPM_PID=$!
81
82	if wait_for_file "${PID_FILE}" 3; then
83	echo "Error: Socket TPM did not write pidfile."
84	exit 1
85	fi
86
87	# Opening the data socket must NOT terminate it
88	exec 100<>/dev/tcp/127.0.0.1/${SWTPM_SERVER_PORT}
89	exec 100>&-
90	sleep 1
91
92	if ! kill -0 "${SWTPM_PID}"; then
93	echo "Error: Opening and closing data channel must not have terminated swtpm"
94	exit 1
95	fi
96
97	if ! socat -T1 - "UNIX-CONNECT:${SWTPM_CTRL_UNIX_PATH}"; then
98	echo "Error: Socat failed"
99	exit 1
100	fi
101
102	if wait_process_gone "${SWTPM_PID}" 4; then
103	echo "Error: TPM should not be running anymore after control channel loss."
104	exit 1
105	fi
106
107	echo "Test 2: OK"
108
109	$SWTPM_EXE socket \
110	--tpm2 \
111	--ctrl "type=tcp,port=${SWTPM_CTRL_PORT},terminate" \
112	--server "type=tcp,port=${SWTPM_SERVER_PORT}" \
113	--tpmstate "dir=${TPMDIR}" \
114	--pid "file=${PID_FILE}" \
115	${SWTPM_TEST_SECCOMP_OPT} &
116	SWTPM_PID=$!
117
118	if wait_for_file "${PID_FILE}" 3; then
119	echo "Error: Swtpm did not write pidfile."
120	exit 1
121	fi
122
123	# Opening the data socket must NOT terminate it
124	exec 100<>/dev/tcp/127.0.0.1/${SWTPM_SERVER_PORT}
125	exec 100>&-
126	sleep 1
127
128	if ! kill -0 "${SWTPM_PID}"; then
129	echo "Error: Opening and closing data channel must not have terminated swtpm"
130	exit 1
131	fi
132
133	# Opening the ctrl socket must be enough to terminate it
134	exec 100<>/dev/tcp/127.0.0.1/${SWTPM_CTRL_PORT}
135	exec 100>&-
136
137	if wait_process_gone "${SWTPM_PID}" 4; then
138	echo "Error: TPM should not be running anymore after control channel loss."
139	exit 1
140	fi
141
142	echo "Test 3: OK"
143
144	exit 0