swtpm/tests/test_tpm2_parameters

#!/bin/bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

PARAMETERS=(
	""
	"--createek"
	"--createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--createek --allow-signing"
	"--createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--ecc --createek"
	"--ecc --createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--ecc --createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--ecc --createek --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--ecc --createek --allow-signing"
	"--ecc --createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--ecc --createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--ecc --createek --allow-signing --create-ek-cert --create-platform-cert --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
)

# produced file size is always the same with TPM2

if [ "$(id -u)" -ne 0 ]; then
	echo "Need to be root to run this test."
	exit 77
fi

SWTPM=swtpm
SWTPM_EXE=$ROOT/src/swtpm/$SWTPM
TPMDIR=$(mktemp -d)
SWTPM_SETUP_CONF=$ROOT/etc/swtpm_setup.conf
SWTPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl
# filesystem privileges require to run swtpm_setup as root during test
TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --tpm2 --config ${SWTPM_SETUP_CONF} --runas root"
PATH=${ROOT}/src/swtpm_bios:$PATH

source ${TESTDIR}/test_config

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	if [ -n "$TPMDIR" ]; then
		rm -rf $TPMDIR
	fi
}

chown $TSS_USER:$TSS_GROUP $TPMDIR 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Could not change ownership of $TPMDIR to $TSS_USER:$TSS_GROUP." \
	     "You need to be root."
	exit 1
fi

# swtpm_setup.conf points to the local create_certs.sh
# For create_certs.sh to be found (with out full path)
# add this directory to the PATH
PATH=$PATH:$TESTDIR

for (( i=0; i<${#PARAMETERS[*]}; i++)); do
	rm -rf $TPMDIR/*
	echo -n "Test $i: "
	$TPMAUTHORING \
		--tpm-state $TPMDIR \
		--tpm "$SWTPM_EXE socket" \
		--swtpm_ioctl "$SWTPM_IOCTL" \
		${PARAMETERS[$i]} 2>&1 >/dev/null

	if [ $? -ne 0 ]; then
		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
		exit 1
	elif [ ! -f $TPMDIR/tpm2-00.permall ]; then
		echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
		      produce file $TPMDIR/tpm2-00.permall."
		exit 1
	fi

	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
done