From eb14174640156232be77e2e45409153bfee869ab Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 17 Dec 2018 19:13:04 -0500 Subject: [PATCH] tests: Add simple test case reading PCRs and writing state file Add a simple test case to make sure that reading the PCRs works as expected and that the state file is written as expected. This state file (NVChip) is only written because libtpms doesn't have any callbacks registered. Signed-off-by: Stefan Berger --- tests/Makefile.am | 14 ++++- tests/common | 13 ++++ tests/tpm2_pcr_read.c | 131 +++++++++++++++++++++++++++++++++++++++++ tests/tpm2_pcr_read.sh | 53 +++++++++++++++++ 4 files changed, 208 insertions(+), 3 deletions(-) create mode 100644 tests/common create mode 100644 tests/tpm2_pcr_read.c create mode 100755 tests/tpm2_pcr_read.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index bb19b755..cdf9ca1e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -4,11 +4,16 @@ # For the license, see the LICENSE file in the root directory. # +TESTS_ENVIRONMENT = \ + abs_top_testdir=`cd '$(top_srcdir)'/tests; pwd` \ + abs_top_builddir=`cd '$(top_builddir)'; pwd` \ + abs_top_srcdir=`cd '$(top_srcdir)'; pwd` + AM_CFLAGS = -I$(top_srcdir)/include $(SANITIZERS) AM_LDFLAGS = -ltpms -L$(top_builddir)/src/.libs $(SANITIZERS) -check_PROGRAMS = base64decode nvram_offsets -TESTS = base64decode.sh nvram_offsets +check_PROGRAMS = base64decode nvram_offsets tpm2_pcr_read +TESTS = base64decode.sh nvram_offsets tpm2_pcr_read.sh nvram_offsets_SOURCES = nvram_offsets.c nvram_offsets_CFLAGS = $(AM_CFLAGS) \ @@ -47,4 +52,7 @@ freebl_sha1flattensize_LDFLAGS = \ EXTRA_DIST = \ freebl_sha1flattensize.c \ base64decode.c \ - base64decode.sh + base64decode.sh \ + common \ + tpm2_pcr_read.c \ + tpm2_pcr_read.sh diff --git a/tests/common b/tests/common new file mode 100644 index 00000000..353b12c5 --- /dev/null +++ b/tests/common @@ -0,0 +1,13 @@ + +# Get the size of a file in bytes +# +# @1: filename +function get_filesize() +{ + if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then + stat -c%s $1 + else + # OpenBSD + stat -f%z $1 + fi +} diff --git a/tests/tpm2_pcr_read.c b/tests/tpm2_pcr_read.c new file mode 100644 index 00000000..6028d7e6 --- /dev/null +++ b/tests/tpm2_pcr_read.c @@ -0,0 +1,131 @@ +#include +#include +#include + +#include +#include +#include + +int main(void) +{ + unsigned char *rbuffer = NULL; + uint32_t rlength; + uint32_t rtotal = 0; + TPM_RESULT res; + int ret = 1; + unsigned char startup[] = { + 0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, + 0x01, 0x44, 0x00, 0x00 + }; + + unsigned char tpm2_pcr_read[] = { + 0x80, 0x01, // TPM_ST_NO_SESSIONS + 0x00, 0x00, 0x00, 0x26, // command size + 0x00, 0x00, 0x01, 0x7e, // TPM_CC_PCR_Read + 0x00, 0x00, 0x00, 0x04, // TPML_PCR_SELECTION + 0x00, 0x04, // TPMI_ALG_HASH, SHA1=4 + 0x03, // size of the select + 0x01, 0x00, 0x10, // pcrSelect + 0x00, 0x0b, // TPMI_ALG_HASH, SHA256=11 + 0x03, // size of the select + 0x01, 0x00, 0x10, // pcrSelect + 0x00, 0x0c, // TPMI_ALG_HASH, SHA384=12 + 0x03, // size of the select + 0x01, 0x00, 0x10, // pcrSelect + 0x00, 0x0d, // TPMI_ALG_HASH, SHA512=13 + 0x03, // size of the select + 0x01, 0x00, 0x10 // pcrSelect + }; + const unsigned char tpm2_pcr_read_exp_resp[] = { + 0x80, 0x01, 0x00, 0x00, 0x01, 0x86, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, + 0x00, 0x04, 0x00, 0x04, 0x03, 0x01, 0x00, 0x10, + 0x00, 0x0b, 0x03, 0x01, 0x00, 0x10, 0x00, 0x0c, + 0x03, 0x01, 0x00, 0x10, 0x00, 0x0d, 0x03, 0x01, + 0x00, 0x10, 0x00, 0x00, 0x00, 0x08, 0x00, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x30, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + }; + + res = TPMLIB_ChooseTPMVersion(TPMLIB_TPM_VERSION_2); + assert(res == TPM_SUCCESS); + + res = TPMLIB_MainInit(); + if (res != TPM_SUCCESS) { + fprintf(stderr, "TPMLIB_MainInit() failed\n"); + goto exit; + } + + res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, startup, sizeof(startup)); + if (res != TPM_SUCCESS) { + fprintf(stderr, "TPMLIB_Process(Startup) failed\n"); + goto exit; + } + + res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, + tpm2_pcr_read, sizeof(tpm2_pcr_read)); + if (res != TPM_SUCCESS) { + fprintf(stderr, "TPMLIB_Process(TPM2_PCR_Read) failed\n"); + goto exit; + } + + if (rlength != sizeof(tpm2_pcr_read_exp_resp)) { + fprintf(stderr, "Expected response is %zu bytes, but got %u.\n", + sizeof(tpm2_pcr_read_exp_resp), rlength); + goto exit; + } + + if (memcmp(rbuffer, tpm2_pcr_read_exp_resp, rlength)) { + fprintf(stderr, "Expected response is different than received one.\n"); + goto exit; + } + + ret = 0; + +exit: + TPMLIB_Terminate(); + TPM_Free(rbuffer); + + return ret; +} diff --git a/tests/tpm2_pcr_read.sh b/tests/tpm2_pcr_read.sh new file mode 100755 index 00000000..c554ec20 --- /dev/null +++ b/tests/tpm2_pcr_read.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +# For the license, see the LICENSE file in the root directory. + +ROOT=${abs_top_builddir:-$(pwd)/..} +TESTDIR=${abs_top_testdir:-$(dirname "$0")} +DIR=${PWD} + +WORKDIR=$(mktemp -d) +export LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-${ROOT}/src/.libs} + +. ${TESTDIR}/common + +case "$(uname -s)" in +Linux) + if ! [ -d ${LD_LIBRARY_PATH} ]; then + echo "Wrong path to libtpms library: ${LD_LIBRARY_PATH}" + exit 1 + fi + + if ! [ -f "$(readlink -f ${LD_LIBRARY_PATH}/libtpms.so)" ]; then + echo "Cannot find libtpms at ${LD_LIBRARY_PATH}/libtpms.so" + exit 1 + fi + ;; +*) + ;; +esac + +function cleanup() +{ + rm -rf ${WORKDIR} +} + +trap "cleanup" QUIT EXIT + +pushd $WORKDIR &>/dev/null + +${DIR}/tpm2_pcr_read +rc=$? + +fs=$(get_filesize NVChip) +[ $? -ne 0 ] && exit 1 +if [ $fs -ne 131072 ]; then + echo "Error: Unexpected size of NVChip file." + echo "Expected: 131072" + echo "Got : $fs" + rc=1 +fi + +popd &>/dev/null + +exit $rc