diff --git a/tests/Makefile.am b/tests/Makefile.am index 99f6c0c..fbe427e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -15,7 +15,6 @@ TESTS += \ test_ctrlchannel2 endif -if WITH_CUSE TESTS += \ test_encrypted_state \ test_getcap \ @@ -24,16 +23,12 @@ TESTS += \ test_init \ test_locality \ test_migration_key \ - test_migration_key_2 \ test_resume_volatile \ test_save_load_encrypted_state \ - test_save_load_encrypted_state_2 \ test_save_load_state \ - test_save_load_state_2 \ - test_swtpm_bios \ test_volatilestate \ + test_swtpm_bios \ test_wrongorder -endif if WITH_SWTPM_SETUP TESTS += \ diff --git a/tests/_test_encrypted_state b/tests/_test_encrypted_state new file mode 100755 index 0000000..f501f8c --- /dev/null +++ b/tests/_test_encrypted_state @@ -0,0 +1,266 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-encrypted-state" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +KEY=1234567890abcdef1234567890abcdef +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +keyfile=$(mktemp) +logfile=$(mktemp) +echo "$KEY" > $keyfile + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -f $keyfile $logfile + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} \ + --key file=$keyfile,mode=aes-cbc,format=hex \ + --log file=$logfile + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Hash command did not work." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Saving the volatile state failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g | cut -d":" -f2) +if [ $? -ne 0 ]; then + echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ "$tmp" != " 0x1" ]; then + echo "Error: Unexpected configuration flags: $tmp; expected 0x1." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Start the TPM again; have the keyfile removed +run_swtpm ${SWTPM_INTERFACE} \ + --key file=$keyfile,mode=aes-cbc,format=hex,remove \ + --log file=$logfile + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error (2): ${SWTPM_INTERFACE} TPM did not start." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ -r $keyfile ]; then + echo "Error: Keyfile $keyfile was not removed by swtpm_cuse." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Saving the volatile state failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Send a new TPM_Init +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + + +# Final shut down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_getcap b/tests/_test_getcap new file mode 100755 index 0000000..9512491 --- /dev/null +++ b/tests/_test_getcap @@ -0,0 +1,95 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-getcap" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Get the capabilities flags from the TPM +act=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -c) +if [ $? -ne 0 ]; then + echo "Error: Could not get the capability flags of the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after getting capabilities." + exit 1 +fi + +exp="ptm capability is 0x([[:xdigit:]]+)" +if ! [[ "$act" =~ ^${exp}$ ]]; then + echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'." + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_hashing b/tests/_test_hashing new file mode 100755 index 0000000..1602702 --- /dev/null +++ b/tests/_test_hashing @@ -0,0 +1,187 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-hashing" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit before the hashing +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag." + exit 1 +fi +exp='tpmEstablished is 0' +if [ "$RES" != "$exp" ]; then + echo "Error (1): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Hash command did not work." + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit after the hashing +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag." + exit 1 +fi +exp='tpmEstablished is 1' +if [ "$RES" != "$exp" ]; then + echo "Error (2): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Reset the establishment bit via locality 3 +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 3 +if [ $? -ne -0 ]; then + echo "Error: Could not set locality 3" + exit 1 +fi + +# \x40 or \x0B seems to confuse 'normal' echo +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0A\x40\x00\x00\x0B') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Could not reset the establishment bit" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit after the reset +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag." + exit 1 +fi +exp='tpmEstablished is 0' +if [ "$RES" != "$exp" ]; then + echo "Error (3): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# back to locality 0 +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 0 +if [ $? -ne 0 ]; then + echo "Error: Could not set locality 0." + exit 1 +fi + +# Read from a file +dd if=/dev/zero bs=1024 count=1024 2>/dev/null| \ + run_swtpm_ioctl ${SWTPM_INTERFACE} -h - + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 d8 0e 7a 7b 3c 37 88 7d b4 c2 88 08 1d a7 53 f6 4b 11 3a 9c' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_hashing2 b/tests/_test_hashing2 new file mode 100755 index 0000000..24ecfc5 --- /dev/null +++ b/tests/_test_hashing2 @@ -0,0 +1,213 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-hashing2" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit before the hashing +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag from the ${SWTPM_INTERFACE} TPM." + exit 1 +fi +exp='tpmEstablished is 0' +if [ "$RES" != "$exp" ]; then + echo "Error (1): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Hash command did not work." + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit after the hashing +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag from the ${SWTPM_INTERFACE} TPM." + exit 1 +fi +exp='tpmEstablished is 1' +if [ "$RES" != "$exp" ]; then + echo "Error (2): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Reset the establishment bit; we switch to locality 0 and reset via locality 3 +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 0 +if [ $? -ne 0 ]; then + echo "Error: Could not set locality 0" + exit 1 +fi + +for ((l = 0; l <= 2; l++)); do + # Resetting via locality 2 must fail + run_swtpm_ioctl ${SWTPM_INTERFACE} -r $l + if [ $? -eq 0 ]; then + echo "Error: Could reset the establishment bit via locality $l" + exit 1 + fi +done + +# We expect the same results for the TPM_ResetEstablishment command +for ((l = 0; l <= 2; l++)); do + # Set locality + run_swtpm_ioctl ${SWTPM_INTERFACE} -l $l + if [ $? -ne 0 ]; then + echo "Error: Could not choose locality $l" + exit 1 + fi + # Have to use external echo command + swtpm_open_cmddev ${SWTPM_INTERFACE} 100 + RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0a\x40\x00\x00\x0b') + exp=' 00 c4 00 00 00 0a 00 00 00 3d' + if [ "$RES" != "$exp" ]; then + echo "Error: Could reset TPM establishment bit in locality $l using command" + echo "expected: $exp" + echo "received: $RES" + exit 1 + fi +done + +# Resetting via locality 3 must work +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 3 +if [ $? -ne 0 ]; then + echo "Error: Could not reset the establishment bit via locality 3" + exit 1 +fi + +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0a\x40\x00\x00\x0b') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Could reset TPM establishment bit in locality 3 using command" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit after the reset +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +exp='tpmEstablished is 0' +if [ "$RES" != "$exp" ]; then + echo "Error (3): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Read from a file +dd if=/dev/zero bs=1024 count=1024 2>/dev/null |\ + run_swtpm_ioctl ${SWTPM_INTERFACE} -h - + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 d8 0e 7a 7b 3c 37 88 7d b4 c2 88 08 1d a7 53 f6 4b 11 3a 9c' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_init b/tests/_test_init new file mode 100755 index 0000000..ca1c1e9 --- /dev/null +++ b/tests/_test_init @@ -0,0 +1,92 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-init" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +PID_FILE=$TPM_PATH/${SWTPM}.pid +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} --tpmstate dir=$TPM_PATH --pid file=$PID_FILE + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +if [ ! -r $PID_FILE ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not write pidfile." + exit 1 +fi + +PIDF="$(cat $PID_FILE)" +if [ "$PIDF" != "${SWTPM_PID}" ]; then + echo "Error: ${SWTPM_INTERFACE} TPM wrote pid $PIDF, but found ${SWTPM_PID}." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_locality b/tests/_test_locality new file mode 100755 index 0000000..a461f9c --- /dev/null +++ b/tests/_test_locality @@ -0,0 +1,128 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-locality" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Set locality 4 on the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 4 +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not accept locality 4." + exit 1 +fi + +# Set illegal locality 5 on the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 5 +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM accepted locality 5." + exit 1 +fi + +# Set locality 0 on the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 0 +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not accept locality 0." + exit 1 +fi + +# In locality 2 we can reset PCR 20 +run_swtpm_ioctl ${SWTPM_INTERFACE} -l 2 +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not accept locality 2." + exit 1 +fi + + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Reset PCR 20 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Could not reset PCR 20 in locality 2" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Shut down TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_migration_key b/tests/_test_migration_key new file mode 100755 index 0000000..3b6db9a --- /dev/null +++ b/tests/_test_migration_key @@ -0,0 +1,297 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +# set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +MIGRATION_PASSWORD="migration" +VOLATILESTATE=${PWD}/${DIR}/data/migkey1/volatilestate.bin + +tpmstatedir=$(mktemp -d) +if [ -z "$tpmstatedir" ]; then + echo "Could not create temporary directory." + exit 1 +fi + +migpwdfile=$(mktemp) +if [ -z "$migpwdfile" ]; then + echo "Could not create temporary file." + exit 1 +fi +echo -n "$MIGRATION_PASSWORD" > $migpwdfile + +volatilestatefile=$(mktemp) +if [ -z "$volatilestatefile" ]; then + echo "Could not create temporary file." + exit 1 +fi + +SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $migpwdfile $volatilestatefile $tpmstatedir +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +# make a backup of the volatile state +export TPM_PATH=$tpmstatedir +cp ${PWD}/${DIR}/data/tpmstate1/* $TPM_PATH + +run_swtpm ${SWTPM_INTERFACE} --migration-key pwdfile=$migpwdfile,remove=false + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Read PCR 10 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') +exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Assert physical presence +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Create a big NVRAM Area with 4000 bytes (0xfa0) +tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' +tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' +tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00' +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp) +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state into a file +run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $volatilestatefile +if [ $? -ne 0 ]; then + echo "Error: Could not save the volatile state to ${volatilestatefile}." + exit 1 +fi +if [ ! -r $volatilestatefile ]; then + echo "Error: Volatile state file $volatilestatefile does not exist." + exit 1 +fi + +#ls -l $volatilestatefile +size=$(stat -c%s $volatilestatefile) +expsize=1290 +if [ $size -ne $expsize ]; then + echo "Error: Unexpected size of volatile state file." + echo " Expected file with size of $expsize, found $size bytes." + exit 1 +fi + +hash=$(sha1sum $volatilestatefile | cut -f1 -d" ") +exphash="bafa4b918745dee45537484f1a1089f9967b7df7" +if [ "$hash" != "$exphash" ]; then + echo "Error: The checksum of the volatile state file is wrong." + echo " Calculated: $hash" + echo " Expected : $exphash" + exit 1 +fi + +tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g | cut -d":" -f2) +if [ $? -ne 0 ]; then + echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +if [ "$tmp" != " 0x2" ]; then + echo "Error: Unexpected configuration flags: $tmp; expected 0x2." + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s + +echo "Test 1: Ok" + +# Start the vTPM again and load the encrypted volatile state into it +run_swtpm ${SWTPM_INTERFACE} --migration-key pwdfile=$migpwdfile,remove=false + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Do NOT init the TPM now; first load volatile state + +# load the encrypted volatile state into it +run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile +if [ $? -ne 0 ]; then + echo "Error: Could not load encrypted volatile state into TPM." + exit 1 +fi + +# Now init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." + exit 1 +fi + +# Read PCR 10 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') +exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +echo "Test 2: Ok" + + +# Start the vTPM again and load the encrypted volatile state into it +# This time we make this fail since we don't provide the migration key +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Do NOT init the TPM now; first load volatile state + +# load the encrypted volatile state into it +# This will work; the TPM writes the data into the volatile state file +# but doesn't vaidate it +run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile +if [ $? -ne 0 ]; then + echo "Error: Could not load encrypted volatile state into TPM." + exit 1 +fi + +# Now init the TPM; this must fail since the volatile state does not +# match with the integrity hash it is expecting to find +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -eq 0 ]; then + echo "Error: Initializing the ${SWTPM_INTERFACE} TPM should have failed." + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +echo "Test 3: Ok" + +# In this test we now feed it an encrypted volatile state + +# Start the vTPM again and load the encrypted volatile state into it +run_swtpm ${SWTPM_INTERFACE} --migration-key pwdfile=$migpwdfile,remove=true + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# load the encrypted volatile state into it +run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $VOLATILESTATE +if [ $? -ne 0 ]; then + echo "Error: Could not load encrypted volatile state into TPM." + exit 1 +fi + +# Now init the TPM; this must work +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# Read PCR 10 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') +exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +echo "Test 4: Ok" diff --git a/tests/test_migration_key_2 b/tests/_test_migration_key_2 similarity index 100% rename from tests/test_migration_key_2 rename to tests/_test_migration_key_2 diff --git a/tests/_test_resume_volatile b/tests/_test_resume_volatile new file mode 100755 index 0000000..5b21fc1 --- /dev/null +++ b/tests/_test_resume_volatile @@ -0,0 +1,149 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-resume-volatile" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" + +tpmstatedir="$(mktemp -d)" +if [ -z "$tpmstatedir" ]; then + echo "Could not create temporary directory" + exit 1 +fi + +SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $tpmstatedir +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +export TPM_PATH=$tpmstatedir + +# copy all the state files +cp ${PWD}/${DIR}/data/tpmstate1/* ${TPM_PATH} + +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Read PCR 10 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') +exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file." + exit 1 +fi +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s + +echo "Test 1: Ok" + + +# 2nd test: with encrypted state +# copy all the state files +cp ${PWD}/${DIR}/data/tpmstate2/* ${TPM_PATH} + +run_swtpm ${SWTPM_INTERFACE} --key pwdfile=${PWD}/${DIR}/data/tpmstate2/pwdfile.txt + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Read PCR 10 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') +exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file." + exit 1 +fi +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +echo "Test 2: Ok" diff --git a/tests/_test_save_load_encrypted_state b/tests/_test_save_load_encrypted_state new file mode 100755 index 0000000..88fb6a0 --- /dev/null +++ b/tests/_test_save_load_encrypted_state @@ -0,0 +1,306 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="${VTPM_NAME:-vtpm-test-save-load-encrypted-state}" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +KEY=1234567890abcdef1234567890abcdef +MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate +MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +keyfile=$(mktemp) +logfile=$(mktemp) +echo "$KEY" > $keyfile + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -f $keyfile $logfile + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} \ + --key file=$keyfile,mode=aes-cbc,format=hex \ + --log file=$logfile + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Could not hash the data." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Assert physical presence +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Create a big NVRAM Area with 4000 bytes (0xfa0) +tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' +tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' +tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00' +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp) +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE +if [ $? -ne 0 ]; then + echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +if [ ! -r $MY_PERMANENT_STATE_FILE ]; then + echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Saved permanent state." + +run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE +if [ $? -ne 0 ]; then + echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +if [ ! -r $MY_VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Saved volatile state." + +ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* +sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* + +# we will use our own volatile state +rm -f $VOLATILE_STATE_FILE $STATE_FILE + +# Stop the TPM; this will not shut it down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} --stop +if [ $? -ne 0 ]; then + echo "Error (2): Could not stop the ${SWTPM_INTERFACE} TPM" + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# load state into the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE +if [ $? -ne 0 ]; then + echo "Could not load permanent state into vTPM" + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Loaded permanent state." + +run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE +if [ $? -ne 0 ]; then + echo "Could not load volatile state into vTPM" + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Loaded volatile state." + +#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* +#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "TPM Init failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Send a new TPM_Init +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM initialization failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Final shut down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_save_load_state b/tests/_test_save_load_state new file mode 100755 index 0000000..5917b15 --- /dev/null +++ b/tests/_test_save_load_state @@ -0,0 +1,304 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="${VTPM_NAME:-vtpm-test-save-load-state}" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate +MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +logfile=$(mktemp) + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -f $logfile + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} \ + --log file=$logfile + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Hash command did not work." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Assert physical presence +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Create a big NVRAM Area with 4000 bytes (0xfa0) +tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' +tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' +tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' +tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +tmp+='\x00\x00\x00\x00\x00' +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp) +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE +if [ $? -ne 0 ]; then + echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +if [ ! -r $MY_PERMANENT_STATE_FILE ]; then + echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Saved permanent state." + +run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE +if [ $? -ne 0 ]; then + echo "Error: Could not write volatile state file $MY_VOLATILE_STATE_FILE." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +if [ ! -r $MY_VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Saved volatile state." + +#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* +#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* + +# we will use our own volatile state +rm -f $VOLATILE_STATE_FILE $STATE_FILE + +# Stop the TPM; this will not shut it down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} --stop +if [ $? -ne 0 ]; then + echo "Error: Could not stop the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# load state into the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE +if [ $? -ne 0 ]; then + echo "Could not load permanent state into vTPM" + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Loaded permanent state." + +run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE +if [ $? -ne 0 ]; then + echo "Could not load volatile state into vTPM" + echo "TPM Logfile:" + cat $logfile + exit 1 +fi +echo "Loaded volatile state." + +#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* +#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "TPM Init failed." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM store the volatile state to a file." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Send a new TPM_Init +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Final shut down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + echo "TPM Logfile:" + cat $logfile + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_swtpm_bios b/tests/_test_swtpm_bios new file mode 100755 index 0000000..f07d613 --- /dev/null +++ b/tests/_test_swtpm_bios @@ -0,0 +1,168 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +SWTPM_BIOS=$ROOT/src/swtpm_bios/swtpm_bios +VTPM_NAME="vtpm-test-swtpm-bios" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +PID_FILE=$TPM_PATH/${SWTPM}.pid +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} --tpmstate dir=$TPM_PATH --pid file=$PID_FILE + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +if [ ! -r $PID_FILE ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not write pidfile." + exit 1 +fi + +PIDF="$(cat $PID_FILE)" +if [ "$PIDF" != "${SWTPM_PID}" ]; then + echo "Error: ${SWTPM_INTERFACE} TPM wrote pid $PIDF, but found ${SWTPM_PID}." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# must work +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -o 2>&1) +if [ $? -ne 0 ] || [ -n "$res" ]; then + echo "Error: Could not startup the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# must work +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -n -cs 2>&1) +if [ $? -ne 0 ] || [ -n "$res" ]; then + echo "Error: Could not self-test the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# must work +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -n -u 2>&1) +if [ $? -ne 0 ] || [ -n "$res" ]; then + echo "Error: Could not give up physical presence on the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# will NOT work -- we get error output in $res +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -n -u 2>&1) +ret=$? +if [ $ret -eq 0 ] || [ -z "$res" ]; then + echo "Error: Could give up physical presence on the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +if [ $ret -ne 128 ]; then + echo "Error: Wrong return code from swtpm_bios. Should be 128, had $ret." + exit 1 +fi + +# will NOT work (wrong device) -- we get error output in $res +res=$(TPM_DEVICE=/dev/${VTPM_NAME}123 ${SWTPM_BIOS} -n -u 2>&1) +ret=$? +if [ $ret -eq 0 ] || [ -z "$res" ]; then + echo "Error: Could give up physical presence on wrong device." + exit 1 +fi + +if [ $ret -ne 255 ]; then + echo "Error: Wrong return code from swtpm_bios. Should be 255, had $ret." + exit 1 +fi + + +# RESET TPM + +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# must work +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -cs -u 2>&1) +if [ $? -ne 0 ] || [ -n "$res" ]; then + echo "Error: Could not startup the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# will NOT work -- we get error output in $res +res=$(run_swtpm_bios ${SWTPM_INTERFACE} -n -u 2>&1) +ret=$? +if [ $ret -eq 0 ] || [ -z "$res" ]; then + echo "Error: Could give up physical presence on the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +if [ $ret -ne 128 ]; then + echo "Error: Wrong return code from swtpm_bios. Should be 128, had $ret." + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_volatilestate b/tests/_test_volatilestate new file mode 100755 index 0000000..6453b50 --- /dev/null +++ b/tests/_test_volatilestate @@ -0,0 +1,232 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-volatilestate" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +# Startup the TPM +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01') +exp=' 00 c4 00 00 00 0a 00 00 00 00' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 +if [ $? -ne 0 ]; then + echo "Error: Hash command did not work." + exit 1 +fi + +# Read PCR 17 +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check the TPM Established bit after the hashing +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +exp='tpmEstablished is 1' +if [ "$RES" != "$exp" ]; then + echo "Error (2): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM store the volatile state to a file." + exit 1 +fi + +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + exit 1 +fi + +# Shut the TPM down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# Start the TPM again +run_swtpm ${SWTPM_INTERFACE} + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check that the TPM Established bit is still set +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +exp='tpmEstablished is 1' +if [ "$RES" != "$exp" ]; then + echo "Error (2): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Save the volatile state again +run_swtpm_ioctl ${SWTPM_INTERFACE} -v +if [ $? -ne 0 ]; then + echo "Error: Could not have the ${SWTPM_INTERFACE} TPM store the volatile state to a file." + exit 1 +fi + +if [ ! -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." + exit 1 +fi + +# Send a new TPM_Init +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +# Volatile state must have been removed by TPM now +if [ -r $VOLATILE_STATE_FILE ]; then + echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." + exit 1 +fi + +# Read the PCR again ... +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' +if [ "$RES" != "$exp" ]; then + echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Check that the TPM Established bit is still set +RES=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -e) +if [ $? -ne 0 ]; then + echo "Error: Could not get the TPM Established flag from the ${SWTPM_INTERFACE} TPM." + exit 1 +fi +exp='tpmEstablished is 1' +if [ "$RES" != "$exp" ]; then + echo "Error (2): TPM Established flag has wrong value." + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +# Final shut down +exec 100>&- +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +echo "OK" + +exit 0 diff --git a/tests/_test_wrongorder b/tests/_test_wrongorder new file mode 100755 index 0000000..a355759 --- /dev/null +++ b/tests/_test_wrongorder @@ -0,0 +1,125 @@ +#!/bin/bash + +# For the license, see the LICENSE file in the root directory. +#set -x + +DIR=$(dirname "$0") +ROOT=${DIR}/.. +VTPM_NAME="vtpm-test-wrongorder" +SWTPM_DEV_NAME="/dev/${VTPM_NAME}" +export TPM_PATH=$(mktemp -d) +STATE_FILE=$TPM_PATH/tpm-00.permall +LOG_FILE=$TPM_PATH/tpm-00.log +VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock +SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock +SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} + +function cleanup() +{ + pid=${SWTPM_PID} + if [ -n "$pid" ]; then + kill -9 $pid + fi + rm -rf $TPM_PATH +} + +trap "cleanup" EXIT + +[ "${SWTPM_INTERFACE}" == cuse ] && source ${DIR}/test_cuse +source ${DIR}/common +source ${DIR}/test_common + +rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null + +run_swtpm ${SWTPM_INTERFACE} --log file=$LOG_FILE,level=20 + +ps aux | grep $SWTPM | grep -v grep + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM did not start." + exit 1 +fi + +if [ "${SWTPM_INTERFACE}" != "cuse" ]; then + run_swtpm_ioctl ${SWTPM_INTERFACE} --stop + if [ $? -ne 0 ]; then + echo "Error: Could not stop the ${SWTPM_INTERFACE} TPM" + exit 1 + fi +fi + +# Get the established bit before the TPM has been initialized +# This should not work + +run_swtpm_ioctl ${SWTPM_INTERFACE} -e +if [ $? -eq 0 ]; then + echo "Error: Could get established bit from ${SWTPM_INTERFACE} TPM before init." + exit 1 +fi + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM must have crashed." + exit 1 +fi + + +# Read PCR 17 -- this should give a fatal error response +swtpm_open_cmddev ${SWTPM_INTERFACE} 100 +RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') +exp=' 00 c4 00 00 00 0a 00 00 00 09' +if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM_PCRRead(17)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +fi + +exec 100>&- + +kill -0 ${SWTPM_PID} +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM must have crashed." + exit 1 +fi + +# Init the TPM +run_swtpm_ioctl ${SWTPM_INTERFACE} -i +if [ $? -ne 0 ]; then + echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -ne 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." + exit 1 +fi + +run_swtpm_ioctl ${SWTPM_INTERFACE} -s +if [ $? -ne 0 ]; then + echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." + exit 1 +fi + +sleep 0.5 + +kill -0 ${SWTPM_PID} 2>/dev/null +if [ $? -eq 0 ]; then + echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." + exit 1 +fi + +if [ ! -e $STATE_FILE ]; then + echo "Error: TPM state file $STATE_FILE does not exist." + exit 1 +fi + +check_logfile_patterns_level_20 $LOG_FILE +rm -f $LOG_FILE + +echo "OK" + +exit 0 diff --git a/tests/test_ctrlchannel b/tests/test_ctrlchannel index 131dd37..b0334fc 100755 --- a/tests/test_ctrlchannel +++ b/tests/test_ctrlchannel @@ -155,7 +155,7 @@ echo "OK" # use a pseudo terminal $SWTPM_EXE socket \ - --server port=65530,disconnect=true \ + --server port=65430,disconnect=true \ --tpmstate dir=$TPMDIR \ --pid file=$PID_FILE \ --ctrl type=unixio,path=$SOCK_PATH \ @@ -168,7 +168,7 @@ fi PID="$(cat $PID_FILE)" -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 res="$(unix_tx '\x00\x00\x00\x01')" @@ -304,7 +304,7 @@ if [ "$res" != "$exp" ]; then fi # Read PCR 17 -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 RES=$(cat <&100 | od -t x1 -A n | tr -d "\n") exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff' @@ -340,7 +340,7 @@ if [ "$res" != "$exp" ]; then fi # Read PCR 17 -- should fail now -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 RES=$(cat <&100 | od -t x1 -A n | tr -d "\n") exp=' 00 c4 00 00 00 0a 00 00 00 09' @@ -398,7 +398,7 @@ echo "OK" cp ${PWD}/${DIR}/data/tpmstate2/* ${TPMDIR} $SWTPM_EXE socket \ - --server port=65530,disconnect=true \ + --server port=65430,disconnect=true \ --tpmstate dir=$TPMDIR \ --pid file=$PID_FILE \ --ctrl type=unixio,path=$SOCK_PATH \ @@ -415,7 +415,7 @@ PID="$(cat $PID_FILE)" # Read PCR 10 -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' @@ -469,7 +469,7 @@ echo "OK" rm -f $TPMDIR/*.volatilestate $SWTPM_EXE socket \ - --server port=65530,disconnect=true \ + --server port=65430,disconnect=true \ --tpmstate dir=$TPMDIR \ --pid file=$PID_FILE \ --ctrl type=unixio,path=$SOCK_PATH \ @@ -486,7 +486,7 @@ PID="$(cat $PID_FILE)" # Read PCR 10 -- this should fail now -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 0a 00 00 00 26' @@ -535,7 +535,7 @@ fi # Read PCR 10 -- has to return same result as before -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' @@ -548,7 +548,7 @@ fi # Reset PCR 20 while in locality 0 -- should not work -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100 RES=$(cat <&100 | od -t x1 -A n) exp=' 00 c4 00 00 00 0a 00 00 00 33' @@ -571,7 +571,7 @@ if [ "$res" != "$exp" ]; then fi # Reset PCR 20 while in locality 2 -- has to work -exec 100<>/dev/tcp/localhost/65530 +exec 100<>/dev/tcp/localhost/65430 echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100 RES=$(cat <&100 | od -t x1 -A n) exp=' 00 c4 00 00 00 0a 00 00 00 00' diff --git a/tests/test_ctrlchannel2 b/tests/test_ctrlchannel2 index 4eeb250..1de3967 100755 --- a/tests/test_ctrlchannel2 +++ b/tests/test_ctrlchannel2 @@ -118,7 +118,7 @@ echo "OK" # There are a few more tests here that require sending commands to the TPM # use a pseudo terminal -$SWTPM_EXE socket --server port=65531,disconnect=true --tpmstate dir=$TPMDIR --pid file=$PID_FILE --ctrl type=unixio,path=$SOCK_PATH & +$SWTPM_EXE socket --server port=65431,disconnect=true --tpmstate dir=$TPMDIR --pid file=$PID_FILE --ctrl type=unixio,path=$SOCK_PATH & if wait_for_file $PID_FILE 3; then echo "Error: Socket TPM did not write pidfile." @@ -127,7 +127,7 @@ fi PID="$(cat $PID_FILE)" -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 act=$($SWTPM_IOCTL --unix $SOCK_PATH -c 2>&1) @@ -230,7 +230,7 @@ if [ "$act" != "$exp" ]; then fi # Read PCR 17 -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 RES=$(cat <&100 | od -t x1 -A n | tr -d "\n") exp=' 00 c4 00 00 00 1e 00 00 00 00 f9 87 3e 96 6b 9e 46 c8 45 46 2d 1f f2 52 eb cc c1 9b df fd' @@ -256,7 +256,7 @@ if [ $? -ne 0 ]; then fi # Read PCR 17 -- should fail now -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 RES=$(cat <&100 | od -t x1 -A n | tr -d "\n") exp=' 00 c4 00 00 00 0a 00 00 00 09' @@ -307,7 +307,7 @@ echo "OK" cp ${PWD}/${DIR}/data/tpmstate2/* ${TPMDIR} $SWTPM_EXE socket \ - --server port=65531,disconnect=true \ + --server port=65431,disconnect=true \ --tpmstate dir=$TPMDIR \ --pid file=$PID_FILE \ --ctrl type=unixio,path=$SOCK_PATH \ @@ -323,7 +323,7 @@ PID="$(cat $PID_FILE)" # Read PCR 10 -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' @@ -365,7 +365,7 @@ fi rm -f $TPMDIR/*.volatilestate $SWTPM_EXE socket \ - --server port=65531,disconnect=true \ + --server port=65431,disconnect=true \ --tpmstate dir=$TPMDIR \ --pid file=$PID_FILE \ --ctrl type=unixio,path=$SOCK_PATH \ @@ -381,7 +381,7 @@ PID="$(cat $PID_FILE)" # Read PCR 10 -- this should fail now -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 0a 00 00 00 26' @@ -415,7 +415,7 @@ if [ $? -ne 0 ]; then fi # Read PCR 10 -- has to return same result as before -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 RES=$(cat <&100 | od -t x1 -A n -w128) exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' @@ -428,7 +428,7 @@ fi # Reset PCR 20 while in locality 0 -- should not work -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100 RES=$(cat <&100 | od -t x1 -A n) exp=' 00 c4 00 00 00 0a 00 00 00 33' @@ -448,7 +448,7 @@ if [ $? -ne 0 ]; then fi # Reset PCR 20 while in locality 2 -- has to work -exec 100<>/dev/tcp/localhost/65531 +exec 100<>/dev/tcp/localhost/65431 echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100 RES=$(cat <&100 | od -t x1 -A n) exp=' 00 c4 00 00 00 0a 00 00 00 00' diff --git a/tests/test_cuse b/tests/test_cuse index 7778944..e4143ff 100644 --- a/tests/test_cuse +++ b/tests/test_cuse @@ -1,6 +1,16 @@ # For the license, see the LICENSE file in the root directory. +if ! [[ "$(uname -o)" =~ Linux ]]; then + echo "Need Linux to run test with CUSE interface." + exit 77 +fi + +if [ "$(id -u)" -ne 0 ]; then + echo "Need to be root to run test with CUSE interface." + exit 77 +fi + if [ ! -c /dev/cuse ]; then modprobe cuse if [ $? -ne 0 ]; then diff --git a/tests/test_encrypted_state b/tests/test_encrypted_state index 91ca5b6..af9a8ec 100755 --- a/tests/test_encrypted_state +++ b/tests/test_encrypted_state @@ -1,274 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-encrypted-state" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate -KEY=1234567890abcdef1234567890abcdef +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65400 +export SWTPM_CTRL_PORT=65401 +bash _test_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -keyfile=$(mktemp) -logfile=$(mktemp) -echo "$KEY" > $keyfile +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65400 +bash _test_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -f $keyfile $logfile - rm -rf $TPM_PATH -} - -trap "cleanup" EXIT - -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME --key file=$keyfile,mode=aes-cbc,format=hex \ - --log file=$logfile -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Hash command did not work." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Saving the volatile state failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -tmp=$($CUSE_TPM_IOCTL -g /dev/$VTPM_NAME | cut -d":" -f2) -if [ $? -ne 0 ]; then - echo "Error: Could not get the configration flags of the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ "$tmp" != " 0x1" ]; then - echo "Error: Unexpected configuration flags: $tmp; expected 0x1." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Start the TPM again; have the keyfile removed -$SWTPM_EXE -n $VTPM_NAME --key file=$keyfile,mode=aes-cbc,format=hex,remove \ - --log file=$logfile -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error (2): CUSE TPM did not start." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ -r $keyfile ]; then - echo "Error: Keyfile $keyfile was not removed by swtpm_cuse." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Saving the volatile state failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Send a new TPM_Init -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - - -# Final shut down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_getcap b/tests/test_getcap index d381d1f..7ca09bc 100755 --- a/tests/test_getcap +++ b/tests/test_getcap @@ -1,103 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_getcap +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-getcap" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_getcap +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65402 +export SWTPM_CTRL_PORT=65403 +bash _test_getcap +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65402 +bash _test_getcap +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep -ls -l /dev/vtpm* - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Get the capabilities flags from the TPM -act=$($CUSE_TPM_IOCTL -c /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the capability flags of the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after getting capabilities." - exit 1 -fi - -exp="ptm capability is 0x([[:xdigit:]]+)" -if ! [[ "$act" =~ ^${exp}$ ]]; then - echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'." - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_getcap +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_hashing b/tests/test_hashing index a46001d..ff5a564 100755 --- a/tests/test_hashing +++ b/tests/test_hashing @@ -1,198 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_hashing +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-hashing" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_hashing +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65404 +export SWTPM_CTRL_PORT=65405 +bash _test_hashing +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65404 +bash _test_hashing +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit before the hashing -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag." - exit 1 -fi -exp='tpmEstablished is 0' -if [ "$RES" != "$exp" ]; then - echo "Error (1): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Hash command did not work." - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit after the hashing -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag." - exit 1 -fi -exp='tpmEstablished is 1' -if [ "$RES" != "$exp" ]; then - echo "Error (2): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Reset the establishment bit via locality 3 -$CUSE_TPM_IOCTL -l 3 /dev/$VTPM_NAME -if [ $? -ne -0 ]; then - echo "Error: Could not set locality 3" - exit 1 -fi - -ECHO=$(which echo) -if [ -z "$ECHO" ]; then - echo "Could not find NON-bash builtin echo tool." - exit 1 -fi -# \x40 or \x0B seems to confuse 'normal' echo -$ECHO -en '\x00\xC1\x00\x00\x00\x0A\x40\x00\x00\x0B' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Could not reset the establishment bit" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit after the reset -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag." - exit 1 -fi -exp='tpmEstablished is 0' -if [ "$RES" != "$exp" ]; then - echo "Error (3): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# back to locality 0 -$CUSE_TPM_IOCTL -l 0 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not set locality 0." - exit 1 -fi - -# Read from a file -dd if=/dev/zero bs=1024 count=1024 2>/dev/null| \ - $CUSE_TPM_IOCTL -h - /dev/$VTPM_NAME - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 d8 0e 7a 7b 3c 37 88 7d b4 c2 88 08 1d a7 53 f6 4b 11 3a 9c' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_hashing +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_hashing2 b/tests/test_hashing2 index 5683be0..573ceab 100755 --- a/tests/test_hashing2 +++ b/tests/test_hashing2 @@ -1,226 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_hashing2 +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-hashing2" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_hashing2 +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65406 +export SWTPM_CTRL_PORT=65407 +bash _test_hashing2 +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65406 +bash _test_hashing2 +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit before the hashing -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag from the CUSE TPM." - exit 1 -fi -exp='tpmEstablished is 0' -if [ "$RES" != "$exp" ]; then - echo "Error (1): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Hash command did not work." - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit after the hashing -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag from the CUSE TPM." - exit 1 -fi -exp='tpmEstablished is 1' -if [ "$RES" != "$exp" ]; then - echo "Error (2): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Reset the establishment bit; we switch to locality 0 and reset via locality 3 -$CUSE_TPM_IOCTL -l 0 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not set locality 0" - exit 1 -fi - -for ((l = 0; l <= 2; l++)); do - # Resetting via locality 2 must fail - $CUSE_TPM_IOCTL -r $l /dev/$VTPM_NAME - if [ $? -eq 0 ]; then - echo "Error: Could reset the establishment bit via locality $l" - exit 1 - fi -done - -ECHO=$(which echo) -if [ -z "$ECHO" ]; then - echo "Error: Could not find echo tool." - exit 1 -fi - -# We expect the same results for the TPM_ResetEstablishment command -for ((l = 0; l <= 2; l++)); do - # Set locality - $CUSE_TPM_IOCTL -l $l /dev/$VTPM_NAME - if [ $? -ne 0 ]; then - echo "Error: Could not choose locality $l" - exit 1 - fi - # Have to use external echo command - $ECHO -en '\x00\xC1\x00\x00\x00\x0a\x40\x00\x00\x0b' >&100 - RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) - exp=' 00 c4 00 00 00 0a 00 00 00 3d' - if [ "$RES" != "$exp" ]; then - echo "Error: Could reset TPM establishment bit in locality $l using command" - echo "expected: $exp" - echo "received: $RES" - exit 1 - fi -done - -# Resetting via locality 3 must work -$CUSE_TPM_IOCTL -l 3 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not reset the establishment bit via locality 3" - exit 1 -fi - -# Have to use external echo command -$ECHO -en '\x00\xC1\x00\x00\x00\x0a\x40\x00\x00\x0b' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Could reset TPM establishment bit in locality 3 using command" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit after the reset -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -exp='tpmEstablished is 0' -if [ "$RES" != "$exp" ]; then - echo "Error (3): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Read from a file -dd if=/dev/zero bs=1024 count=1024 2>/dev/null| \ - $CUSE_TPM_IOCTL -h - /dev/$VTPM_NAME - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 d8 0e 7a 7b 3c 37 88 7d b4 c2 88 08 1d a7 53 f6 4b 11 3a 9c' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_hashing2 +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_init b/tests/test_init index 2641bdb..b9d8a3c 100755 --- a/tests/test_init +++ b/tests/test_init @@ -1,96 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_init +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-init" -TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate -PID_FILE=$TPM_PATH/${SWTPM}.pid +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_init +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65408 +export SWTPM_CTRL_PORT=65409 +bash _test_init +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65408 +bash _test_init +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE --tpmstate dir=$TPM_PATH --pid file=$PID_FILE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -if [ ! -r $PID_FILE ]; then - echo "Error: CUSE TPM did not write pidfile." - exit 1 -fi - -PIDF="$(cat $PID_FILE)" -if [ "$PIDF" != "$PID" ]; then - echo "Error: CUSE TPM wrote pid $PIDF, but found $PID." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_init +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_locality b/tests/test_locality index 8d828ec..0027127 100755 --- a/tests/test_locality +++ b/tests/test_locality @@ -1,306 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_locality +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-locality" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_locality +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65410 +export SWTPM_CTRL_PORT=65411 +bash _test_locality +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65410 +bash _test_locality +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Set locality 4 on the TPM -$CUSE_TPM_IOCTL -l 4 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not accept locality 4." - exit 1 -fi - -# Set locality 4 via command -- this must fail (TPM_FAIL) -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xc1\x00\x00\x00\x0b\x20\x00\x10\x00\x04' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 09' -if [ "$RES" != "$exp" ]; then - echo "Error (2): Did not get expected result from SetLocality 4 command" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Set locality 3 via command -- this must fail (TPM_FAIL) -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xc1\x00\x00\x00\x0b\x20\x00\x10\x00\x03' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 09' -if [ "$RES" != "$exp" ]; then - echo "Error (2): Did not get expected result from SetLocality 3 command" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Set illegal locality 5 on the TPM -$CUSE_TPM_IOCTL -l 5 /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM accepted locality 5." - exit 1 -fi - -# Set locality 0 on the TPM -$CUSE_TPM_IOCTL -l 0 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not accept locality 0." - exit 1 -fi - -# In locality 2 we can reset PCR 20 -$CUSE_TPM_IOCTL -l 2 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not accept locality 2." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -# Startup the TPM -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Reset PCR 20 -echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Could not reset PCR 20 in locality 2" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Shut down TPM -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" - - -$SWTPM_EXE --locality reject-locality-4 -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Set locality 4 on the TPM -- this must fail now -$CUSE_TPM_IOCTL -l 4 /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM MUST NOT accept locality 4." - exit 1 -fi - -# Set illegal locality 5 on the TPM -$CUSE_TPM_IOCTL -l 5 /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM accepted locality 5." - exit 1 -fi - -# Shut down TPM -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" - -# -# Allow setting of locality via command -# -$SWTPM_EXE --locality reject-locality-4,allow-set-locality -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Set locality 4 on the TPM -- this must fail now -$CUSE_TPM_IOCTL -l 4 /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM MUST NOT accept locality 4." - exit 1 -fi - -# Set locality 4 via command -- this must fail (BAD LOCALITY) -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xc1\x00\x00\x00\x0b\x20\x00\x10\x00\x04' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 3d' -if [ "$RES" != "$exp" ]; then - echo "Error (3): Did not get expected result from SetLocality 4 command" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Set locality 3 via command -- this must work -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xc1\x00\x00\x00\x0b\x20\x00\x10\x00\x03' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error (2): Did not get expected result from SetLocality 3 command" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Set illegal locality 5 on the TPM -$CUSE_TPM_IOCTL -l 5 /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM accepted locality 5." - exit 1 -fi - -# Shut down TPM -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_locality +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_migration_key b/tests/test_migration_key index 4ca4a4b..c3fc078 100755 --- a/tests/test_migration_key +++ b/tests/test_migration_key @@ -1,319 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -# set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_migration_key +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}" -MIGRATION_PASSWORD="migration" -VOLATILESTATE=${PWD}/${DIR}/data/migkey1/volatilestate.bin +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_migration_key +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -tpmstatedir=$(mktemp -d) -if [ -z "$tpmstatedir" ]; then - echo "Could not create temporary directory." - exit 1 -fi +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65412 +export SWTPM_CTRL_PORT=65413 +bash _test_migration_key +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -migpwdfile=$(mktemp) -if [ -z "$migpwdfile" ]; then - echo "Could not create temporary file." - exit 1 -fi -echo -n "$MIGRATION_PASSWORD" > $migpwdfile +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65412 +bash _test_migration_key +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -volatilestatefile=$(mktemp) -if [ -z "$volatilestatefile" ]; then - echo "Could not create temporary file." - exit 1 -fi +export SWTPM_INTERFACE=unix+unix +bash _test_migration_key +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $migpwdfile $volatilestatefile $tpmstatedir -} - -trap "cleanup" EXIT - -source ${DIR}/test_cuse - -# make a backup of the volatile state -export TPM_PATH=$tpmstatedir -cp ${PWD}/${DIR}/data/tpmstate1/* $TPM_PATH - -$SWTPM_EXE --migration-key pwdfile=$migpwdfile,remove=false -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Initializing the CUSE TPM failed." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -ECHO=$(which echo) -if [ -z "$ECHO" ]; then - echo "Could not find NON-bash builtin echo tool." - exit 1 -fi - -# Read PCR 10 -$ECHO -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Assert physical presence -$ECHO -en '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Create a big NVRAM Area with 4000 bytes (0xfa0) -tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' -tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' -tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00' -$ECHO -en $tmp >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state into a file -$CUSE_TPM_IOCTL --save volatile $volatilestatefile /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not save the volatile state to ${volatilestatefile}." - exit 1 -fi -if [ ! -r $volatilestatefile ]; then - echo "Error: Volatile state file $volatilestatefile does not exist." - exit 1 -fi - -#ls -l $volatilestatefile -size=$(stat -c%s $volatilestatefile) -expsize=1290 -if [ $size -ne $expsize ]; then - echo "Error: Unexpected size of volatile state file." - echo " Expected file with size of $expsize, found $size bytes." - exit 1 -fi - -hash=$(sha1sum $volatilestatefile | cut -f1 -d" ") -exphash="bafa4b918745dee45537484f1a1089f9967b7df7" -if [ "$hash" != "$exphash" ]; then - echo "Error: The checksum of the volatile state file is wrong." - echo " Calculated: $hash" - echo " Expected : $exphash" - exit 1 -fi - -tmp=$($CUSE_TPM_IOCTL -g /dev/$VTPM_NAME | cut -d":" -f2) -if [ $? -ne 0 ]; then - echo "Error: Could not get the configration flags of the CUSE TPM." - exit 1 -fi - -if [ "$tmp" != " 0x2" ]; then - echo "Error: Unexpected configuration flags: $tmp; expected 0x2." - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME - -echo "Test 1: Ok" - -# Start the vTPM again and load the encrypted volatile state into it -$SWTPM_EXE --migration-key pwdfile=$migpwdfile,remove=false -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Do NOT init the TPM now; first load volatile state - -# load the encrypted volatile state into it -$CUSE_TPM_IOCTL --load volatile $volatilestatefile /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not load encrypted volatile state into TPM." - exit 1 -fi - -# Now init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Initializing the CUSE TPM failed." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -# Read PCR 10 -$ECHO -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -echo "Test 2: Ok" - - -# Start the vTPM again and load the encrypted volatile state into it -# This time we make this fail since we don't provide the migration key -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Do NOT init the TPM now; first load volatile state - -# load the encrypted volatile state into it -# This will work; the TPM writes the data into the volatile state file -# but doesn't vaidate it -$CUSE_TPM_IOCTL --load volatile $volatilestatefile /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not load encrypted volatile state into TPM." - exit 1 -fi - -# Now init the TPM; this must fail since the volatile state does not -# match with the integrity hash it is expecting to find -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: Initializing the CUSE TPM should have failed." - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -echo "Test 3: Ok" - -# In this test we now feed it an encrypted volatile state - -# Start the vTPM again and load the encrypted volatile state into it -$SWTPM_EXE --migration-key pwdfile=$migpwdfile,remove=true -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# load the encrypted volatile state into it -$CUSE_TPM_IOCTL --load volatile $VOLATILESTATE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not load encrypted volatile state into TPM." - exit 1 -fi - -# Now init the TPM; this must work -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -# Read PCR 10 -$ECHO -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -echo "Test 4: Ok" +exit 0 diff --git a/tests/test_resume_volatile b/tests/test_resume_volatile index 337aa0c..743f0ad 100755 --- a/tests/test_resume_volatile +++ b/tests/test_resume_volatile @@ -1,165 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_resume_volatile +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-resume-volatile" +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_resume_volatile +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -tpmstatedir="$(mktemp -d)" -if [ -z "$tpmstatedir" ]; then - echo "Could not create temporary directory" - exit 1 -fi +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65414 +export SWTPM_CTRL_PORT=65415 +bash _test_resume_volatile +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $tpmstatedir -} +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65414 +bash _test_resume_volatile +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=unix+unix +bash _test_resume_volatile +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -export TPM_PATH=$tpmstatedir - -# copy all the state files -cp ${PWD}/${DIR}/data/tpmstate1/* ${TPM_PATH} - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -ECHO=$(which echo) -if [ -z "$ECHO" ]; then - echo "Could not find NON-bash builtin echo tool." - exit 1 -fi - -# Read PCR 10 -$ECHO -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM write the volatile state to a file." - exit 1 -fi -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME - -echo "Test 1: Ok" - - -# 2nd test: with encrypted state -# copy all the state files -cp ${PWD}/${DIR}/data/tpmstate2/* ${TPM_PATH} - -$SWTPM_EXE -n $VTPM_NAME --key pwdfile=${PWD}/${DIR}/data/tpmstate2/pwdfile.txt -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -exec 100<>/dev/$VTPM_NAME - -# Read PCR 10 -$ECHO -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM write the volatile state to a file." - exit 1 -fi -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -echo "Test 2: Ok" +exit 0 diff --git a/tests/test_save_load_encrypted_state b/tests/test_save_load_encrypted_state index 0a91d81..6a1fc13 100755 --- a/tests/test_save_load_encrypted_state +++ b/tests/test_save_load_encrypted_state @@ -1,313 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_save_load_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="${VTPM_NAME:-vtpm-test-save-load-encrypted-state}" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate -KEY=1234567890abcdef1234567890abcdef -MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate -MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_save_load_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -keyfile=$(mktemp) -logfile=$(mktemp) -echo "$KEY" > $keyfile +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65416 +export SWTPM_CTRL_PORT=65417 +bash _test_save_load_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -f $keyfile $logfile - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65416 +bash _test_save_load_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT - -ECHO=`which echo` -if [ -z "$ECHO" ]; then - echo "Error: Could not find external echo tool." - exit 1 -fi - -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME --key file=$keyfile,mode=aes-cbc,format=hex \ - --log file=$logfile -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not hash the data." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Assert physical presence -$ECHO -en '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Create a big NVRAM Area with 4000 bytes (0xfa0) -tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' -tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' -tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00' -$ECHO -en $tmp >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL --save permanent $MY_PERMANENT_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -if [ ! -r $MY_PERMANENT_STATE_FILE ]; then - echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Saved permanent state." - -$CUSE_TPM_IOCTL --save volatile $MY_VOLATILE_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -if [ ! -r $MY_VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Saved volatile state." - -ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* -sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* - -# we will use our own volatile state -rm -f $VOLATILE_STATE_FILE $STATE_FILE - -# Stop the TPM; this will not shut it down -exec 100>&- -$CUSE_TPM_IOCTL --stop /dev/$VTPM_NAME - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error (2): CUSE TPM is not running anymore." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# load state into the TPM -$CUSE_TPM_IOCTL --load permanent $MY_PERMANENT_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Could not load permanent state into vTPM" - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Loaded permanent state." - -$CUSE_TPM_IOCTL --load volatile $MY_VOLATILE_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Could not load volatile state into vTPM" - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Loaded volatile state." - -#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* -#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "TPM Init failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM write the volatile state to a file." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Send a new TPM_Init -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM initialization failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Final shut down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_save_load_encrypted_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_save_load_encrypted_state_2 b/tests/test_save_load_encrypted_state_2 deleted file mode 100755 index 2110a48..0000000 --- a/tests/test_save_load_encrypted_state_2 +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# Run the test_save_load_encrypted_state with swtpm_ioctl using the -# read/write interface rather than ioctl -export VTPM_NAME="vtpm-test2-save-load-encrypted-state" -cd "$(dirname "$0")" - -export SWTPM_IOCTL_BUFFERSIZE=100 -bash test_save_load_encrypted_state -ret=$? -[ $ret -ne 0 ] && exit $ret - -export SWTPM_IOCTL_BUFFERSIZE=4096 -bash test_save_load_encrypted_state -ret=$? -[ $ret -ne 0 ] && exit $ret - -exit 0 diff --git a/tests/test_save_load_state b/tests/test_save_load_state index bb08c80..ba6a4af 100755 --- a/tests/test_save_load_state +++ b/tests/test_save_load_state @@ -1,318 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_save_load_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="${VTPM_NAME:-vtpm-test-save-load-state}" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate -MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate -MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_save_load_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -logfile=$(mktemp) +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65418 +export SWTPM_CTRL_PORT=65419 +bash _test_save_load_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -f $logfile - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65418 +bash _test_save_load_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT - -ECHO=`which echo` -if [ -z "$ECHO" ]; then - echo "Error: Could not find external echo tool." - exit 1 -fi - -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME \ - --log file=$logfile -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Hash command did not work." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Assert physical presence -$ECHO -en '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Create a big NVRAM Area with 4000 bytes (0xfa0) -tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' -tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' -tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' -tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -tmp+='\x00\x00\x00\x00\x00' -$ECHO -en $tmp >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL --save permanent $MY_PERMANENT_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -if [ ! -r $MY_PERMANENT_STATE_FILE ]; then - echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Saved permanent state." - -$CUSE_TPM_IOCTL --save volatile $MY_VOLATILE_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not write volatile state file $MY_VOLATILE_STATE_FILE." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -if [ ! -r $MY_VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Saved volatile state." - -#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* -#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* - -# we will use our own volatile state -rm -f $VOLATILE_STATE_FILE $STATE_FILE - -# Stop the TPM; this will not shut it down -exec 100>&- -$CUSE_TPM_IOCTL --stop /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not stop the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error (2): CUSE TPM is not running anymore." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# load state into the TPM -$CUSE_TPM_IOCTL --load permanent $MY_PERMANENT_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Could not load permanent state into vTPM" - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Loaded permanent state." - -$CUSE_TPM_IOCTL --load volatile $MY_VOLATILE_STATE_FILE /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Could not load volatile state into vTPM" - echo "TPM Logfile:" - cat $logfile - exit 1 -fi -echo "Loaded volatile state." - -#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/* -#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/* - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "TPM Init failed." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM store the volatile state to a file." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Send a new TPM_Init -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Final shut down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - echo "TPM Logfile:" - cat $logfile - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_save_load_state +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_save_load_state_2 b/tests/test_save_load_state_2 deleted file mode 100755 index 418862d..0000000 --- a/tests/test_save_load_state_2 +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# Run the test_save_load_encrypted_state with swtpm_ioctl using the -# read/write interface rather than ioctl -export VTPM_NAME="vtpm-test2-save-load-state" -cd "$(dirname "$0")" - -export SWTPM_IOCTL_BUFFERSIZE=100 -bash test_save_load_encrypted_state -ret=$? -[ $ret -ne 0 ] && exit $ret - -export SWTPM_IOCTL_BUFFERSIZE=4096 -bash test_save_load_encrypted_state -ret=$? -[ $ret -ne 0 ] && exit $ret - -exit 0 diff --git a/tests/test_swtpm_bios b/tests/test_swtpm_bios index a29ef57..58b934c 100755 --- a/tests/test_swtpm_bios +++ b/tests/test_swtpm_bios @@ -1,175 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi - -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -SWTPM_BIOS=$ROOT/src/swtpm_bios/swtpm_bios -VTPM_NAME="vtpm-test-swtpm-bios" -TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate -PID_FILE=$TPM_PATH/${SWTPM}.pid - -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} - -trap "cleanup" EXIT - -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE --tpmstate dir=$TPM_PATH --pid file=$PID_FILE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -if [ ! -r $PID_FILE ]; then - echo "Error: CUSE TPM did not write pidfile." - exit 1 -fi - -PIDF="$(cat $PID_FILE)" -if [ "$PIDF" != "$PID" ]; then - echo "Error: CUSE TPM wrote pid $PIDF, but found $PID." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# must work -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -o 2>&1) -if [ $? -ne 0 ] || [ -n "$res" ]; then - echo "Error: Could not startup the CUSE TPM." - exit 1 -fi - -# must work -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -n -cs 2>&1) -if [ $? -ne 0 ] || [ -n "$res" ]; then - echo "Error: Could not self-test the CUSE TPM." - exit 1 -fi - -# must work -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -n -u 2>&1) -if [ $? -ne 0 ] || [ -n "$res" ]; then - echo "Error: Could not give up physical presence on the CUSE TPM." - exit 1 -fi - -# will NOT work -- we get error output in $res -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -n -u 2>&1) +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_swtpm_bios ret=$? -if [ $ret -eq 0 ] || [ -z "$res" ]; then - echo "Error: Could give up physical presence on the CUSE TPM." - exit 1 -fi +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -if [ $ret -ne 128 ]; then - echo "Error: Wrong return code from swtpm_bios. Should be 128, had $ret." - exit 1 -fi - -# will NOT work (wrong device) -- we get error output in $res -res=$(TPM_DEVICE=/dev/${VTPM_NAME}123 $SWTPM_BIOS -n -u 2>&1) +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_swtpm_bios ret=$? -if [ $ret -eq 0 ] || [ -z "$res" ]; then - echo "Error: Could give up physical presence on wrong device." - exit 1 -fi +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -if [ $ret -ne 255 ]; then - echo "Error: Wrong return code from swtpm_bios. Should be 255, had $ret." - exit 1 -fi - - -# RESET TPM - -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -# must work -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -cs -u 2>&1) -if [ $? -ne 0 ] || [ -n "$res" ]; then - echo "Error: Could not startup the CUSE TPM." - exit 1 -fi - -# will NOT work -- we get error output in $res -res=$(TPM_DEVICE=/dev/$VTPM_NAME $SWTPM_BIOS -n -u 2>&1) +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65424 +export SWTPM_CTRL_PORT=65425 +bash _test_swtpm_bios ret=$? -if [ $ret -eq 0 ] || [ -z "$res" ]; then - echo "Error: Could give up physical presence on the CUSE TPM." - exit 1 -fi +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -if [ $ret -ne 128 ]; then - echo "Error: Wrong return code from swtpm_bios. Should be 128, had $ret." - exit 1 -fi +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65424 +bash _test_swtpm_bios +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret - - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_swtpm_bios +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_volatilestate b/tests/test_volatilestate index 70d1cd8..061019a 100755 --- a/tests/test_volatilestate +++ b/tests/test_volatilestate @@ -1,242 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_volatilestate +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-volatilestate" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_volatilestate +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65420 +export SWTPM_CTRL_PORT=65421 +bash _test_volatilestate +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65420 +bash _test_volatilestate +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -# Startup the TPM -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n) -exp=' 00 c4 00 00 00 0a 00 00 00 00' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Hash command did not work." - exit 1 -fi - -# Read PCR 17 -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check the TPM Established bit after the hashing -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -exp='tpmEstablished is 1' -if [ "$RES" != "$exp" ]; then - echo "Error (2): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM store the volatile state to a file." - exit 1 -fi - -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - exit 1 -fi - -# Shut the TPM down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -# Start the TPM again -$SWTPM_EXE -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep $VTPM_NAME | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check that the TPM Established bit is still set -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -exp='tpmEstablished is 1' -if [ "$RES" != "$exp" ]; then - echo "Error (2): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Save the volatile state again -$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not have the CUSE TPM store the volatile state to a file." - exit 1 -fi - -if [ ! -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist." - exit 1 -fi - -# Send a new TPM_Init -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -# Volatile state must have been removed by TPM now -if [ -r $VOLATILE_STATE_FILE ]; then - echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists." - exit 1 -fi - -# Read the PCR again ... -exec 100<>/dev/$VTPM_NAME -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' -if [ "$RES" != "$exp" ]; then - echo "Error: (2) Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Check that the TPM Established bit is still set -RES=$($CUSE_TPM_IOCTL -e /dev/$VTPM_NAME) -if [ $? -ne 0 ]; then - echo "Error: Could not get the TPM Established flag from the CUSE TPM." - exit 1 -fi -exp='tpmEstablished is 1' -if [ "$RES" != "$exp" ]; then - echo "Error (2): TPM Established flag has wrong value." - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -# Finale shut down -exec 100>&- -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_volatilestate +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0 diff --git a/tests/test_wrongorder b/tests/test_wrongorder index 77f9b17..985aff8 100755 --- a/tests/test_wrongorder +++ b/tests/test_wrongorder @@ -1,124 +1,37 @@ #!/bin/bash -# For the license, see the LICENSE file in the root directory. -#set -x +cd "$(dirname "$0")" -if [ "$(id -u)" -ne 0 ]; then - echo "Need to be root to run this test." - exit 77 -fi +export SWTPM_IOCTL_BUFFERSIZE=100 +export SWTPM_INTERFACE=cuse +bash _test_wrongorder +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -DIR=$(dirname "$0") -ROOT=${DIR}/.. -SWTPM=swtpm_cuse -SWTPM_EXE=$ROOT/src/swtpm/$SWTPM -CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl -VTPM_NAME="vtpm-test-wrongorder" -export TPM_PATH=$(mktemp -d) -STATE_FILE=$TPM_PATH/tpm-00.permall -LOG_FILE=$TPM_PATH/tpm-00.log -VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate +export SWTPM_IOCTL_BUFFERSIZE=4096 +export SWTPM_INTERFACE=cuse +bash _test_wrongorder +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -function cleanup() -{ - pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - if [ -n "$pid" ]; then - kill -9 $pid - fi - rm -rf $TPM_PATH -} +export SWTPM_INTERFACE=socket+socket +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65422 +export SWTPM_CTRL_PORT=65423 +bash _test_wrongorder +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -trap "cleanup" EXIT +export SWTPM_INTERFACE=socket+unix +export SWTPM_SERVER_NAME=localhost +export SWTPM_SERVER_PORT=65422 +bash _test_wrongorder +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret -source ${DIR}/test_cuse -source ${DIR}/test_common - -rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null - -$SWTPM_EXE --log file=$LOG_FILE,level=20 -n $VTPM_NAME -sleep 0.5 -PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME\$" | gawk '{print $2}') - -ps aux | grep $SWTPM | grep -v grep - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM did not start." - exit 1 -fi - -# Get the established bit before the TPM has been initialized -# This should not work - -$CUSE_TPM_IOCTL -e /dev/$VTPM_NAME -if [ $? -eq 0 ]; then - echo "Error: Could get established bit from CUSE TPM before init." - exit 1 -fi - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM must have crashed." - exit 1 -fi - -# Open access to the TPM -exec 100<>/dev/$VTPM_NAME - -# Read PCR 17 -- this should give a fatal error response -echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100 -RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128) -exp=' 00 c4 00 00 00 0a 00 00 00 09' -if [ "$RES" != "$exp" ]; then - echo "Error: Did not get expected result from TPM_PCRRead(17)" - echo "expected: $exp" - echo "received: $RES" - exit 1 -fi - -exec 100>&- - -kill -0 $PID -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM must have crashed." - exit 1 -fi - -# Init the TPM -$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not initialize the CUSE TPM." - exit 1 -fi - -kill -0 $PID 2>/dev/null -if [ $? -ne 0 ]; then - echo "Error: CUSE TPM not running anymore after INIT." - exit 1 -fi - -$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME -if [ $? -ne 0 ]; then - echo "Error: Could not shut down the CUSE TPM." - exit 1 -fi - -sleep 0.5 - -kill -0 $PID 2>/dev/null -if [ $? -eq 0 ]; then - echo "Error: CUSE TPM should not be running anymore." - exit 1 -fi - -if [ ! -e $STATE_FILE ]; then - echo "Error: TPM state file $STATE_FILE does not exist." - exit 1 -fi - -check_logfile_patterns_level_20 $LOG_FILE -rm -f $LOG_FILE - -echo "OK" +export SWTPM_INTERFACE=unix+unix +bash _test_wrongorder +ret=$? +[ $ret -ne 0 ] && [ $ret -ne 77 ] && exit $ret exit 0