To get better code coverage, convert existing test case to
use one time a hex formatted key and the other time the same
key in binary format.
Do some improvements on the test code on the way.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2 file sizes were missing. Also use $() to execut commands rather
than ``. Use get_filesize to get the size of a file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the swtpm-create-tpmca test with test cases using the
'well known' password of 20 zero bytes if tpmtool supports the
--srk-well-known option.
Besides that, extend the existing test to actually use the TPM CA
for signing a TPM 1.2 or TPM 2 (test) EK and check the contents of the
certificate by grepping through the text info provided by certtool.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Refactor the swtpm-create-tpmca test case so we can use it for
testing with the 'well known' (20 bytes of zeros) SRK password
in the next pass.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Run the TPM CA setup script with a local swtpm and tcsd instance.
We have to take ownership of the TPM and set its SRK passwork so
that the TPM CA setup script can create a signing key as a child
key of the SRK.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Support creation and usage of the root CA with a password protected
private key. The root CA's key password can be set using the environment
variable SWTPM_ROOTCA_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some tests are expected to fail. Capture the error output and test it
against epected error output. This also makes the test output less
noisy.
Also remove some other output noise.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Shut down the swtpm process at the end to avoid it being killed
and with that getting noise in the test log.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Get the IBM TSS2 test suite from its git repo, compile it, and run
its test suite if SWTPM_TEST_EXPENSIVE=1 is set.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Wait a few seconds for files to appear or disappear after starting the
swtpm process. This helps avoid test failures when the system is under
load.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a delay of 0.2s after a file is found in wait_for_file so that the
process can also write into it. Sometimes we are also interested in the
content and don't seem to get the content since we didn't wait for
the file to have been written to. It happens occasionally when the system
is under load that we don't seem to be able to read the file content
afterwards.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To avoid timeouts when running the tests with valgrind, increase
the timeout until the swtpm process must have terminated after a
shutdown signal to 4 seconds.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Call a function display_processes_by_name that displays all processes
if needed. The function is quiet, though.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fedora policy seems to be to use python3 explicitly for the hashbang
rather than python, which could be either python2 or python3. So convert
it to python3. Also adapt configure.ac to require python3 executable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use pbkdf2 as the default kdf and sha512 for the existing
test case. Do away with file limit of 32 bytes. This may
break backwards compatibility for some but better to do this
before a release...
Switch the existing test cases to use kdf=sha512 on the command
line where necessary to that the state for these test cases
does not need to be recreated.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On some systems /bin/bash does not exists but the bash is somewhere
else and can be invoked with /usr/bin/env bash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some test cases that root has to run did not pass the out-of-tree
builds. We need to pass the top level source dir to these test cases
and change some variable accessing config files to the right directory
for the out-of-tree build to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the file descriptor 100 is open prior to trying to open
it, it must be closed first on OS/X, otherwise we get test
case failures due to interrupted connections.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The -cs parameter to swtpm_bios is like -c -s and therefore ambiguous.
Use the unambiguous long version --cs. This makes the test case work
on NetBSD, which does not support getopt_long_only().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
test_tpm2_ctrlchannel2 was not active and was not complete. This
patch fixes the test case and activates it. It uses chardev, so
it needs to be gated by WITH_CHARDEV.
Signed-off-by: Stefran Berger <stefanb@linux.vnet.ibm.com>
With the SAN data in the certificate properly generated and accepted by
certtool, we can now activate the test case for swtpm-localca.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On Cygwin the swtpm_setup executable is located in src/swtpm_setup/.libs
dir and we need to copy the swtpm_setup.sh file there as well.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce compile-time variable HAVE_TCSD if the TCSD could
be found. It influences whether TPM 1.2 related swtpm_setup
test cases can be run. If it is set, they can be run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Run TPM 2 related swtpm_setup tests under less restrictions.
For TPM 2 related tests only WITH_GNUTLS, which allows swtpm_cert
to be built, needs to be set since swtpm_setup is now being built
under all conditions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the requirement to run the test_tpm2_swtpm_setup_create_cert
test with root rights. It's not necessary to run this as root.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Pass the top_builddir and top_srcdir via TESTS_ENVIRONMENT
variable in Makefile.am.
Use TESTDIR for the path to the test directory and replace
previously used DIR in all occurences.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Adapt the loop that is polling for the authentication failure due
to lockout until a certain time. We run the tests also when $timeout
has been reached but don't care for the result if it failed. This
accomodates slow or busy systems that run some of the commands too
slowly and allow the TPM to release the lockout.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
A few files were wrong in the EXTRA_DIST file list due to changes to
test cases. Add the proper files.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Test that a key written to volatile state is properly loaded again
and produces the same signature as before.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Test the certs created by swtpm_localca by verifying the certificate
chain and checking their key usage.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a test case that tests the TPM 2 volatile state. This test
requires the latest TPM2 version of libtpms that also writes the
TPM Established bit into the volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check the TPM2 state using the TPM2 utilities, if available.
Create persistent state and check it, then shut down the TPM 2 and
restart it, and check the persistent state again.
Use previously created state and have the TPM 2 start with it
and check the persistent state. The persistent state must be
readable on little and big endian machines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
libtpms preview branch tpm2-preview.rev142 enables volatile state
marshalling and unmarshalling which in turn enables the suspending
and resumption of the TPM state. This patch enables the capabilty
bits and adds test cases for testing the TPM state suspending and
resumption.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Provide support for creating certificates for TPM2 ECC type of keys.
Extend the test cases and the man pages.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support TPM 2 in swtpm_setup and swtpm_setup.sh.
Implement support for all command line options except for:
o --take-ownership and anything related to ownership passwords
o --lock-nvram
o --display
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
TPM2 allows the primary key to also be a signing key, so in case
--tpm2 is provided, --allow-signing can be provided as well in
case the primary can also be used for signing operations.
We use SHA256 for the signing algorithm when TPM 2 is being used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the swtpm_bios tool with a --tpm2 command line parameter
to support TPM 2 initialization.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have the test cases wait for the process to be gone after 1s using
wait_process_gone rather than trying use kill -0 once after 0.5s.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Whenever we encrypt the data we generate a new random IV and append a
tlv block with the IV to the byte stream. We mark the IV with different
tags depending on whether they are for the migration data or the (TPM)
data directly. All IVs are part of the HMAC and are added to it after
the data blob.
Adjust test cases that now return larger sizes of data. A constant
checksum over the data cannot be expected anymore, thus we have to remove
the verification of the checksum over the returned state (IV changes
every time).
The size of the blobs grow by 22 bytes, 6 for the tlv header, 16 bytes
for the IV (128 bit AES key).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Prepend tag-length-value (tlv) headers in front of all data being stored in
the byte stream following the header. This lets us uniquely identify plain
data (= TPM state), encrypted data (= encrytped TPM state), migration data
(which is wrapped plain or encrytped TPM state), and an HMAC block to
validate the plain data.
We keep support for version 1 for reading the data but convert them to
version 2 when writing them out. This way we loose backwards compatibility
(downgrading of swtpm is not possible), but it allows us to extend the state
in the future by adding addition blocks with tlv headers.
Version 1 of the encryption was prepending the hash on the plaintext data
then encrypting all of it. This method is not so good. In version 2 we now
use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an
HMAC on the encrypted data.
Files written by the swtpm didn't have a header before. Now they also get a
header. This means that the state written into files and the state retrieved
using the API (swtpm_ioctl --save) have the same format, but still differ
in so far as the API wraps the data in a tlv header for migration, which the
files written out as state would never get.
Adapt a couple of test cases show file sizes and hashes have changed now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check for a '#define WITH_CUSE 1' line in config.h to determine whether
the swtpm was compiled with the CUSE interface and skip the tests with
the CUSE interface if no such line can be found.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Poll for process to be gone for 1 seconds after a shutdown was requested
and it was found that the PID file had been removed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than writing to files directly and having to validate the state in
those files using TPMLIB_ValidatetState(), we now use the new
TPMLIB_SetState() call to set the TPM's state blobs. The advantage of this
call is that it doesn't overwrite state files and ends up leaving state in
files that the TPM cannot use. Instead, it validates the state immediately
when the blob is set and returns an error in case the state cannot be
accepted.
We need to adapt one test case that now gets a failure earlier than before.
Before the TPM_INIT failed, now setting the encrypted blob fails because it
cannot be decrypted and thus cannot be accepted by the TPM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To avoid test failures in test_ctrchannel2 due to the swtpm process
still running after it has removed the PID file, give it 0.5 seconds
to actually terminate.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the new --info parameter for swtpm_ioctl to get TPM specification
info from the swtpm and use this as a parameter for creating the EK
certificate.
Extend the man page.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
We quetry the swtpm for TPM specification info that goes into the
certificate for the EK.
Update the test cases that now see more capabilties being returned
by the swtpm.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the test case test_swtpm_cert to have its issuercert signed
by a created root CA so that we have the Authority Key Id in the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create the TPMSpecification SEQUENCE and add it to the subject
directory attributes of an EK cert.
The code generates the same ASN.1 for the Subject Directory Attributes
as the example in the EK spec has.
> openssl asn1parse -in ${cert} -strparse 603
0:d=0 hl=2 l= 30 cons: SEQUENCE
2:d=1 hl=2 l= 28 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :2.23.133.2.16
11:d=2 hl=2 l= 19 cons: SET
13:d=3 hl=2 l= 17 cons: SEQUENCE
15:d=4 hl=2 l= 3 prim: UTF8STRING :1.2
20:d=4 hl=2 l= 4 prim: INTEGER :41010000
26:d=4 hl=2 l= 4 prim: INTEGER :7B000000
Extend existing test case so they create the ASN.1 as well.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Loading an invalid state blobs now fails ealier since libtpms is
called to check whether it can accept the blob.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the encrypted state test with a test case using a wrong key
for decrypting the state and make sure that the init fails and the
state files remain unmodified.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a command for setting and querying the buffer size the
TPM implementation (libtpms) is using. The setting of the
buffersize allows to reduce the size of the buffer to a size
that the interface can support so that these two sizes match
and the TPM will not produce larger responses than what the
interface can support.
Extend swtpm_ioctl with an option to set the buffersize.
Adapt the existing tests to reflect the newly supported command.
Implement a new test for getting/setting of the buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether /dev/ptmx or /dev/ptm exists and use it to open a file
descriptor on it, raise an error otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OpenBSD uses different tools for sha1 and file size calculations,
so we wrap them in functions and check which one to call by using
uname -s.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use uname -s to check for Linux rather than uname -o, which doesn't
seem to be supported on OpenBSD.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than using the non-bash echo tool, which doesn't seem to
support -e on OpenBSD, use the bash echo tool to write the binary
code into a file and cat the file into the device. This also works
around a problem when a sequence contains \x0a, which then seems
to be the last character written to the device if bash's echo is
used. It does this correctly when writing to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The control channel of a UnixIO socket is not supported
on Cygwin, so do not present this flag. Return an error
if this command is run.
Adapt the test case.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Copy the test case that use 'swtpm chardev' to test_ctrlchannel4
and convert this test in test_ctrlchannel to use a socket. Make
test_ctrlchannel run on all platforms. test_ctrlchannel4 only
runs when WITH_CHARDEV is set in the Makefile.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Split off the CMD_SET_DATAFD into its own file. This test only works on
Linux, so we skip it on Cygwin for example. Otherwise it should be able
to run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To enable the test suite to for example run a mixture of 32- and
64bit executables, allow users to specify the executables to use by
setting the variables SWTPM_EXE, SWTPM_IOCTL, and SWTPM_BIOS via
command line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the send1msg() ot the twisted sendmsg package since sendmsg()
is only supported in more recent versions of twisted.
Following this we also don't need to install a recent version of twisted
via pip on Travis, which runs Ubuntu 14.04.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than sending two separate messages with the bare python 2
API, use the python twisted package to send the control and data
in one sendmsg() call. This avoids occasional test failures in
the ctrlchannel test case that is currently sending the data and
control part of the message in 2 steps, which can lead to the
recpient not seeing the whole message.
Add python-twisted as a build dependency to the rpm and Debian
builds and the .travis.yml.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Add the missing PTM_CAP_GET_CONFIG to the returned flags.
Fix the order of the flags on the way.
Fix the test cases that test for the flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Refactor the tests so that they all run on socket interfaces as well.
Use socket ports in the range of 65400-65499 for TPM 1.2 tests.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To be able to run tests with either one of the interfaces, add function
for running swtpm and swtpm_ioctl commands and form the command line
parameters dependent on the type of interface being passed. We rely on
environment variables to provide the specific parameters that are needed
to run the program with the appropriate parameters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Change the startup behavior with respect to requiring an INIT command
via control channel. We change this for the socket and chardev
interfaces so that the behavior now is the same as that of the CUSE
interface.
Introduce the --flag not-need-init command line option for the socket
and chardev interfaces to allow the old behavior using this option.
Adapt some of the test cases and swtpm_setup.sh.in that now need this
command line flag.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement allow-set-locality for CUSE TPM and extend the existing
locality test case with commands that try to write the SetLocality
comamnd to the device.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Skip the CUSE TPM related tests if the CUSE kernel module is not
available. Return similar error messages for both CUSE and VTPM proxy
module if they are not available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Wait for the chardev the VTPM proxy device creates to actually appear.
In some cases the exec statement opening the file would otherwise
create a file /dev/tpm0 for example and subsequently tests then ended
up failing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Detect whether to build with the chardev interface and only run tests that
need the chardev if it is supported on a particular platform.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce wait_for_file function to wait for a file for a max. amount of
time and have that function poll for the file to appear.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for UnixIO and TCP control channels. Both types of
transport require that packets are sent in big endian format
and therefore some code needs to be adjusted for that. The
ioctl interface is local and in that case no endianess conversion
is done.
Add a new test case that uses the extended swtpm_ioctl tool to
test the control channel.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix a typo in two command names so that they are similar to
the command name spelling used for the ioctl's.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Deactivate the code around resetting the TPM established bit
since its implementation currently requires libtpms 0.6.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement two more control channel commands:
- CMD_STORE_VOLATILE
- CMD_HASH_DATA
Implement test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Deactivate the checking for the certificate size since different
GnuTLS versions may create certificates of different sizes by adding
additional fields or other data to the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the macros defined in endian.h for endianess conversion.
Fix the conversion of a 64bit variable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the swtpm_bios tool with an option to give up physical presence.
Have the TPM error codes reflected in the exit error of 128.
Add a test case for the tool.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a control channel for the 'chardev' swtpm that implements
a minimal set of control messages for now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the hardcodes tss user and group and to configure with
--with-tss-user=tss --with-tss-group=tss to set the tss user
and group to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for the --tpmstate dir=<dir> command line parameter.
It will be used instead of the TPM_PATH, unless it is not set.
Adapt two test cases for the new parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for --pid file=<pidfile> command line parameter support.
The swtpm_cuse and swtpm now write their process IDs (pids) into
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
