#!/usr/bin/env bash # For the license, see the LICENSE file in the root directory. ROOT=${abs_top_builddir:-$(dirname "$0")/..} TESTDIR=${abs_top_testdir:=$(dirname "$0")} PATH=$ROOT/src/swtpm:$PATH PARAMETERS=( "" "--createek" "--take-ownership" "--createek --lock-nvram" "--take-ownership --lock-nvram" "--lock-nvram" "--take-ownership --ownerpass OOO" "--take-ownership --srkpass SSS" "--take-ownership --ownerpass OO --srkpass SS" "--take-ownership --lock-nvram --display" "--display" "--lock-nvram --display" "--take-ownership --srk-well-known" "--take-ownership --owner-well-known" "--take-ownership --srk-well-known --owner-well-known" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc" "--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc" ) # Open read-only file descriptors referenced in test cases exec 100<"${TESTDIR}/data/keyfile256bit.txt" exec 101<"${TESTDIR}/data/pwdfile.txt" FILESIZES=( 1185 1605 2066 1605 2066 1185 2066 2066 2066 2066 1185 1185 2066 2066 2066 1721 1788 1788 1820 1820 1820 1820 ) source "${TESTDIR}/common" skip_test_no_tpm12 "${SWTPM_EXE}" TPMDIR="$(mktemp -d)" || exit 1 # filesystem privileges require to run swtpm_setup as root during test TPMAUTHORING="$SWTPM_SETUP --config ${SWTPM_SETUP_CONF}" PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH trap "cleanup" SIGTERM EXIT function cleanup() { rm -rf "$TPMDIR" } # swtpm_setup.conf points to the local create_certs.sh # For create_certs.sh to be found (with out full path) # add this directory to the PATH PATH=$PATH:$PWD for (( i=0; i<${#PARAMETERS[*]}; i++)); do rm -rf "${TPMDIR:?}"/* echo -n "Test $i: " params=${PARAMETERS[$i]} if ! $TPMAUTHORING \ --tpm-state "$TPMDIR" \ --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \ ${params:+${params}} &>/dev/null; then echo "ERROR: Test with parameters '${params}' failed." exit 1 elif [ ! -f "$TPMDIR/tpm-00.permall" ]; then echo "ERROR: Test with parameters '${params}' did not produce file $TPMDIR/tpm-00.permall." exit 1 fi FILESIZE=$(get_filesize "$TPMDIR/tpm-00.permall") if [ "${FILESIZE}" -ne "${FILESIZES[$i]}" ]; then echo "ERROR: Unexpected file size of $FILESIZE, "\ "expected ${FILESIZES[$i]}. Parameters: ${params}" exit 1 fi # Make sure the state is encrypted when a key was given. # We expect sequences of 4 0-bytes in unencrypted state # and no such sequences in encrypted state. nullseq="$(od -t x1 -A n < "$TPMDIR/tpm-00.permall" | tr -d '\n' | tr -s ' ' | grep "00 00 00 00")" if [[ "$params}" =~ (keyfile|pwdfile) ]]; then if [ -n "${nullseq}" ]; then echo "ERROR: State file is not encrypted with" \ "parameters '${params}'" fi else if [ -z "${nullseq}" ]; then echo "ERROR: State must not be encrypted with" \ "parameters '${params}'" fi fi echo "SUCCESS with parameters '${params}'." done exec 100>&- exec 101>&- exit 0