Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-14 21:18:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
22fda83bf9
swtpm/tests/test_encrypted_state
Stefan Berger bd98690a4a Add ioctl to get configuration flags about keys in use 
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-05-26 07:30:38 -04:00

227 lines
5.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# For the license, see the LICENSE file in the root directory.
#set -x
if [ "$(id -u)" -ne 0 ]; then
echo "Need to be root to run this test."
exit 77
fi
DIR=$(dirname "$0")
ROOT=${DIR}/..
SWTPM=swtpm_cuse
SWTPM_EXE=$ROOT/src/swtpm/$SWTPM
CUSE_TPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl
VTPM_NAME="vtpm-test-encrypted-state"
export TPM_PATH=$(mktemp -d)
STATE_FILE=$TPM_PATH/tpm-00.permall
VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate
KEY=1234567890abcdef1234567890abcdef
keyfile=$(mktemp)
logfile=$(mktemp)
echo "$KEY" > $keyfile
function cleanup()
{
pid=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}')
if [ -n "$pid" ]; then
kill -9 $pid
fi
rm -f $keyfile $logfile
rm -rf $TPM_PATH
}
trap "cleanup" EXIT
modprobe cuse
if [ $? -ne 0 ]; then
exit 1
fi
rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
$SWTPM_EXE -n $VTPM_NAME --key file=$keyfile,mode=aes-cbc,format=hex \
--log file=$logfile
#sleep 20
#echo "continuing"
sleep 0.5
PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}')
ps aux | grep $SWTPM | grep -v grep
kill -0 $PID
if [ $? -ne 0 ]; then
echo "Error: CUSE TPM did not start."
exit 1
fi
# Init the TPM
$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME
if [ $? -ne 0 ]; then
echo "Error: CUSE TPM initialization failed."
exit 1
fi
sleep 0.5
kill -0 $PID 2>/dev/null
if [ $? -ne 0 ]; then
echo "Error: CUSE TPM not running anymore after INIT."
exit 1
fi
export TPM_DUMP_COMMANDS=1
export TPM_DEVICE=/dev/$VTPM_NAME
#tpmbios -o
# Startup the TPM
exec 100<>/dev/$VTPM_NAME
echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' >&100
RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n)
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
echo "expected: $exp"
echo "received: $RES"
exit 1
fi
$CUSE_TPM_IOCTL -h 1234 /dev/$VTPM_NAME
# Read PCR 17
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100
RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
if [ "$RES" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $RES"
exit 1
fi
# Save the volatile state
$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME
if [ ! -r $VOLATILE_STATE_FILE ]; then
echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
exit 1
fi
tmp=$($CUSE_TPM_IOCTL -g /dev/$VTPM_NAME | cut -d":" -f2)
if [ $? -ne 0 ]; then
echo "Error: Could not get the configration flags of the CUSE TPM."
exit 1
fi
if [ "$tmp" != " 0x1" ]; then
echo "Error: Unexpected configuration flags: $tmp; expected 0x1."
exit 1
fi
# Shut the TPM down
exec 100>&-
$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME
# Start the TPM again; have the keyfile removed
$SWTPM_EXE -n $VTPM_NAME --key file=$keyfile,mode=aes-cbc,format=hex,remove \
--log file=$logfile
sleep 0.5
PID=$(ps aux | grep $SWTPM | grep -E "$VTPM_NAME " | gawk '{print $2}')
ps aux | grep $SWTPM | grep -v grep
kill -0 $PID
if [ $? -ne 0 ]; then
echo "Error (2): CUSE TPM did not start."
exit 1
fi
if [ -r $keyfile ]; then
echo "Error: Keyfile $keyfile was not removed by swtpm_cuse."
exit 1
fi
# Init the TPM
$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME
if [ $? -ne 0 ]; then
echo "Error: CUSE TPM initialization failed."
exit 1
fi
# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
exit 1
fi
# Read the PCR again ...
exec 100<>/dev/$VTPM_NAME
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100
RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
if [ "$RES" != "$exp" ]; then
echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $RES"
exit 1
fi
# Save the volatile state again
$CUSE_TPM_IOCTL -v /dev/$VTPM_NAME
if [ ! -r $VOLATILE_STATE_FILE ]; then
echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
exit 1
fi
# Send a new TPM_Init
$CUSE_TPM_IOCTL -i /dev/$VTPM_NAME
if [ $? -ne 0 ]; then
echo "Error: CUSE TPM initialization failed."
exit 1
fi
# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
exit 1
fi
# Read the PCR again ...
exec 100<>/dev/$VTPM_NAME
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100
RES=$(dd if=/proc/self/fd/100 2>/dev/null | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
if [ "$RES" != "$exp" ]; then
echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $RES"
exit 1
fi
# Final shut down
exec 100>&-
$CUSE_TPM_IOCTL -s /dev/$VTPM_NAME
sleep 0.5
kill -0 $PID 2>/dev/null
if [ $? -eq 0 ]; then
echo "Error: CUSE TPM should not be running anymore."
exit 1
fi
if [ ! -e $STATE_FILE ]; then
echo "Error: TPM state file $STATE_FILE does not exist."
exit 1
fi
echo "OK"
exit 0
Reference in New Issue View Git Blame Copy Permalink