Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-12-29 00:15:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fbc596abbb
swtpm/tests/test_parameters
Stefan Berger 638bd3ba19 swtpm: Encrypt the data with a random IV every time 
Whenever we encrypt the data we generate a new random IV and append a
tlv block with the IV to the byte stream. We mark the IV with different
tags depending on whether they are for the migration data or the (TPM)
data directly. All IVs are part of the HMAC and are added to it after
the data blob.

Adjust test cases that now return larger sizes of data. A constant
checksum over the data cannot be expected anymore, thus we have to remove
the verification of the checksum over the returned state (IV changes
every time).

The size of the blobs grow by 22 bytes, 6 for the tlv header, 16 bytes
for the IV (128 bit AES key).

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2018-07-02 07:28:16 -04:00

119 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# For the license, see the LICENSE file in the root directory.
DIR=$(dirname "$0")
ROOT=${DIR}/..
PARAMETERS=(
""
"--createek"
"--take-ownership"
"--createek --lock-nvram"
"--take-ownership --lock-nvram"
"--lock-nvram"
"--take-ownership --ownerpass OOO"
"--take-ownership --srkpass SSS"
"--take-ownership --ownerpass OO --srkpass SS"
"--take-ownership --lock-nvram --display"
"--display"
"--lock-nvram --display"
"--take-ownership --srk-well-known"
"--take-ownership --owner-well-known"
"--take-ownership --srk-well-known --owner-well-known"
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${DIR}/swtpm_setup.conf --vmid test --display"
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${DIR}/swtpm_setup.conf --vmid test --display --keyfile ${DIR}/data/keyfile.txt"
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${DIR}/swtpm_setup.conf --vmid test --display --pwdfile ${DIR}/data/pwdfile.txt"
)
FILESIZES=(
1185
1605
2066
1605
2066
1185
2066
2066
2066
2066
1185
1185
2066
2066
2066
1721
1788
1788
)
if [ "$(id -u)" -ne 0 ]; then
echo "Need to be root to run this test."
exit 77
fi
SWTPM=swtpm
SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
SWTPM_IOCTL=${SWTPM_IOCTL:-$ROOT/src/swtpm_ioctl/swtpm_ioctl}
TCSD=`type -P tcsd`
TPMDIR=`mktemp -d`
SWTPM_SETUP_CONF=$ROOT/etc/swtpm_setup.conf
# filesystem privileges require to run swtpm_setup as root during test
TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF} --runas root"
PATH=${PWD}/${ROOT}/src/swtpm_bios:$PATH
PATH=${PWD}/${ROOT}/src/swtpm_setup:$PATH
source ${DIR}/test_config
trap "cleanup" SIGTERM EXIT
if test "$TCSD" = ""; then
echo "TCSD executable 'tcsd' was not found in path."
exit 1
fi
function cleanup()
{
rm -rf $TPMDIR
}
chown $TSS_USER:$TSS_GROUP $TPMDIR 2>/dev/null
if [ $? -ne 0 ]; then
echo "Could not change ownership of $TPMDIR to $TSS_USER:$TSS_GROUP." \
"You need to be root."
exit 1
fi
# swtpm_setup.conf points to the local create_certs.sh
# For create_certs.sh to be found (with out full path)
# add this directory to the PATH
PATH=$PATH:$PWD
for (( i=0; i<${#PARAMETERS[*]}; i++)); do
rm -rf $TPMDIR/*
echo -n "Test $i: "
$TPMAUTHORING \
--tpm-state $TPMDIR \
--tpm "$SWTPM_EXE socket" \
--swtpm_ioctl "$SWTPM_IOCTL" \
${PARAMETERS[$i]} 2>&1 >/dev/null
if [ $? -ne 0 ]; then
echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
exit 1
elif [ ! -f $TPMDIR/tpm-00.permall ]; then
echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
produce file $TPMDIR/tpm-00.permall."
exit 1
fi
FILESIZE=`stat -c%s $TPMDIR/tpm-00.permall`
if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
echo "ERROR: Unexpected file size of $FILESIZE, "\
"expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
exit 1
fi
echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
done
Reference in New Issue View Git Blame Copy Permalink