Add support for --disable-tests to disable the tests and the checking
for tools that only need to be installed for the tests. Keep the tests
enabled as default as it was before.
Resolves: https://github.com/stefanberger/swtpm/issues/843
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case that monitors the locking of the storage by swtpm using the
directory storage backend to ensure that the lock is taken at the right
time and released when required.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an option to enter a chroot after starting swtpm. This is useful for
sandboxing purposes. When this option is used, it is expected that swtpm
is started as root and the --runas option is used to subsequently drop
privileges (otherwise the chroot could be escaped).
Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com>
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Add a test case that checks that swtpm sends a TPM2_Shutdown() to the
TPM 2 upon abrupt re-initialization (CMD_INIT) or graceful shutdown
(control channel, CMD_SHUTDOWN) of the TPM 2 and avoids a potential
dictionary attack (DA) lock-out. A previously sent command failing
authorization with DA implications would otherwise trigger the
TPM_PT_LOCKOUT_COUNTER to increase by '1' if the TPM 2 was not properly
shut down by the client (guest OS) with a TPM2_Shutdown() command.
The test case tests whether a TPM2_Shutdown() is now sent before a reset.
The defined password-protected NVRAM area has the DA flag set and the test
case tries to read from it without providing a password. If we didn't send
the TPM2_Shutdown() before the test cases sends the reset (CMD_INIT), then
the dictionary attack lockout counter would be increased by one. With the
instrumentation in the previous patch the automatically sent
TPM2_Shutdown() keeps the counter at 0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Adapt save_load_state tests to include coverage of the "linear file"
backend mode. "tpm2" is save/load is tested with both a regular file and
a loop device to excercise the blockdev mmap code.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
Add a test case for testing the --runas parameter and the ability to access
existing files that have restrictive access permission so that only allow
the --runas user is able to access these files. This is to ensure that
swtpm can access these files properly when the handling of options and the
changing to the --runas user is moved around within swtpm.
Skip the test case if swtpm is linked with ASAN since then we get these
types of error messages that fail tests:
==== Starting swtpm with interfaces socket+socket ====
==3303263==LeakSanitizer has encountered a fatal error.
==3303263==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==3303263==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The two tests test_tpm2_samples_create_tpmca and
test_tpm2_swtpm_localca_pkcs11 cannot complete successfully if run in
parallel. To solve this issue, introduce a dependency via the log files
to prevent parallel execution of the two test. We have to append the
.test suffix to their names to be able to do this.
docs:
https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html
Resolves issue #501, though the problem with stability of the tpm2 pkcs11
module is not resolved.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
--print-states reports TPM states stored in --tpmstate backend.
This feature is supposed to be used by swtpm_setup for checking TPM state
existence.
Sample output is as follows:
$ swtpm socket --print-states --tpmstate dir=/tmp --tpm2 | jq .
{
"type": "swtpm",
"states": [
{
"name": "tpm2-00.permall"
}
]
}
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
The tests for the following options:
- with "--overwrite"
- with "--not-overwrite"
- without "--overwrite" nor "--not-overwrite"
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Skip tests that require the chardev after checking for the chardev
interface support in swtpm. Remove the conditional addition of chardev
related tests from the Makefile.am.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
- Move swtpm_localca's sources out of samples/ (where they no longer
belong now that swtpm_localca is a binary) to src/swtpm_localca/.
- Tests now call the swtpm_localca binary directly at the location
where it was built, as they do with all other compiled programs.
- Simplify samples/swtpm-localca.in and delete swtpm-localca.2inst,
removing the now-unnecessary logic to selectively call swtpm_localca
from different locations (samples/ when running tests vs. /usr/bin/
post-installation).
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
The test test_tpm2_save_load_state seems to have been forgotten
about and was not run. Add it now to the the tests to run.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add restoring of the volatile state after having it stored.
Since this is now taking a long time it must be explicitly enabled
by setting the environment variable SWTPM_TEST_STORE_VOLATILE=1.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Apply patches to the IBM TSS2 test suite rather than using sed on its
files and other types of file manipulations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Upgrade to use the IBM TSS2 tests from v1.6.0.
Add a patch that eliminates all testing of 3072 bit RSA keys in case
libtpms does not support such keys. Also disable a test case related
to ACT for older revisions.
This test passes with libtpms 0.8.0 as well libtpms 0.6.0 and 0.7.0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch adds support for partial reads to the CUSE swtpm.
We introduce a ptm_read_offset variable that holds the offset where to read
from next. It is reset every time a command has been processed as part of a
write() so that subsequent read()s start reading from offset 0. It is
advanced by the number of bytes that were read.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch over to the new python implementation of swtpm_setup. We need to
also adjust test cases that involved the tcsd that otherwise fail for
various reasons. For in-place testing we need to adjust the PYTHONPATH
and PATH so that swtpm_setup.py can be found and so that swtpm_setup.py
then finds swtpm if it is not explicitly passed as parameter.
Adjust the man page for swtpm_setup to reflect the changes.
We now can run swtpm_setup as any user. However, libvirt still runs it
as tss:tss (for example), which is then creating the signing key as tss:tss
as well. Ideally libvirt would run it as tss:root or any other combination
since the tss group may be used for user wanting to access /dev/tpmrm0 for
example. We at least change the directory ownership of /var/lib/swtpm-localca
to tss:root and keep the world out of this directory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Upgrade to use the IBM TSS2 tests from v1.5.0.
Add a patch that eliminates all testing of 3072 bit RSA keys in case
libtpms does not support such keys. This test also passes with libtpms
0.6.0 and 0.7.0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case that fills up the NVRAM area with as many persisted keys
as possible and then fills up the rest with an NVRAM index so that all
space is occupied. We have to be able to load this state again into the
NVRAM once the OBJECT's size increases due to RSA keys size increase,
which must have us increase the total size of NVRAM in libtpm's TPM profile.
The state in tests/data/tpm2state5/tpm2-00.permall was created using
libtpms 0.6.0, where only 2048 bit keys were supported and total NVRAM size
was 128kb. This state file should never be changed and always be loadable
into a current libtpms. In its USER NVRAM it holds 64 persisted 2048 bit
keys and an NVRAM index with 236 bytes. For this to stay the reference
NVRAM, we need to make sure that it fits exactly to the byte.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case testing the returned value from
swtpm <iface> --tpm2 --print-capabilities
along with those return from swtpm_setup.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the script that creates a CA that uses a TPM 2 for signing.
For this we have to create tokens using the TPM 2 pkcs11 module's
tpm2_ptool and can then use the p11tool for creating keys.
Add a test case that requires a running tpm2-abrmd and tpm2_ptool.
Eventually the test case should (try to) start its own tpm2-abrmd
and talk to swtpm directly but the tcti module to do that isn't
available as a package, yet.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow passing signing key and parent key via files and file descriptors
and environment variables. Adapt a test case to exercise this new
functionality.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the existing key derivation test case for TPM 2 with test cases
that use a newer TPM 2 state where we now exercise the new
CryptAdjustPrimeCandidate algorithm that produces the same results on
big and little enidan 32 bit and 64 bit machines. This newer algorithm
is available in libtpms with revision 155 of the TPM 2 code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case that downloads the TPM 1.2 package from sourceforge,
patches a few files for OpenSSL compatibility, and runs a few test
cases of that test suite. Look for ERROR output in the test suite.
This test suite also provides better code coverage for libtpms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use SoftHSM to create a pkcs11 URI and then use the pkcs11 URI
to sign the certificate of a TPM 2.0 with this key using swtpm-localca.
This test case works with softhsm >= 2.3.0 on Fedora and should work
with a recent version of Ubuntu. If an error is encountered setting
up the softhsm2 environment, we just skip the test.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Run the TPM CA setup script with a local swtpm and tcsd instance.
We have to take ownership of the TPM and set its SRK passwork so
that the TPM CA setup script can create a signing key as a child
key of the SRK.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get the IBM TSS2 test suite from its git repo, compile it, and run
its test suite if SWTPM_TEST_EXPENSIVE=1 is set.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some test cases that root has to run did not pass the out-of-tree
builds. We need to pass the top level source dir to these test cases
and change some variable accessing config files to the right directory
for the out-of-tree build to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
