1#!/bin/bash 2# 3 4################################################################################# 5# # 6# TPM2 regression test # 7# Written by Ken Goldman # 8# IBM Thomas J. Watson Research Center # 9# # 10# (c) Copyright IBM Corporation 2014 - 2020 # 11# # 12# All rights reserved. # 13# # 14# Redistribution and use in source and binary forms, with or without # 15# modification, are permitted provided that the following conditions are # 16# met: # 17# # 18# Redistributions of source code must retain the above copyright notice, # 19# this list of conditions and the following disclaimer. # 20# # 21# Redistributions in binary form must reproduce the above copyright # 22# notice, this list of conditions and the following disclaimer in the # 23# documentation and/or other materials provided with the distribution. # 24# # 25# Neither the names of the IBM Corporation nor the names of its # 26# contributors may be used to endorse or promote products derived from # 27# this software without specific prior written permission. # 28# # 29# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # 30# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # 31# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # 32# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # 33# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # 34# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # 35# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # 36# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # 37# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # 38# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # 39# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # 40# # 41################################################################################# 42 43# handles are 44# 80000000 platform hierarchy primary storage key 45# password pps 46# storage key under primary 47# password sto 48# storepriv.bin 49# signing key under primary 50# password sig 51# signpriv.bin 52# RSA encryption key under primary 53# password dec 54# decpriv.bin 55 56# at test entry and exit, there is a platform primary key at 80000000 and 57# storage and signing keys under them, ready to load. 58# The exception is the last test case, which rolls the seeds. 59 60# This is a namespace prefix 61# For the basic tarball, PREFIX is set to ./ (the current directory) 62 63PREFIX=./ 64 65# The distro releases prefix all the TPM 2.0 utility names with tss, 66# so PREFIX is set to tss 67 68# PREFIX=tss 69 70#PREFIX="valgrind ./" 71 72# hash algorithms to be used for testing 73 74export ITERATE_ALGS="sha1 sha256 sha384 sha512" 75export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1" 76 77printUsage () 78{ 79 echo "" 80 echo "" 81 echo "-h help" 82 echo "-a all tests" 83 echo "-1 random number generator" 84 echo "-2 PCR" 85 echo "-3 primary keys" 86 echo "-4 createloaded - rev 146" 87 echo "-5 HMAC session - no bind or salt" 88 echo "-6 HMAC session - bind" 89 echo "-7 HMAC session - salt" 90 echo "-8 Hierarchy" 91 echo "-9 Storage" 92 echo "-10 Object Change Auth" 93 echo "-11 Encrypt and decrypt sessions" 94 echo "-12 Sign" 95 echo "-13 NV" 96 echo "-14 NV PIN Index - rev 138" 97 echo "-15 Evict control" 98 echo "-16 RSA encrypt decrypt" 99 echo "-17 AES encrypt decrypt" 100 echo "-18 AES encrypt decrypt - rev 138" 101 echo "-19 HMAC and Hash" 102 echo "-20 Attestation" 103 echo "-21 Policy" 104 echo "-22 Policy - rev 138" 105 echo "-23 Context" 106 echo "-24 Clocks and Timers" 107 echo "-25 DA logic" 108 echo "-26 Unseal" 109 echo "-27 Duplication" 110 echo "-28 ECC" 111 echo "-29 Credential" 112 echo "-30 Attestation - rev 155" 113 echo "-31 X509 - rev 155" 114 echo "-32 Get Capability" 115 echo "-35 Shutdown (only run for simulator)" 116 echo "-40 Tests under development (not part of all)" 117 echo "" 118 echo "-50 Change seed" 119} 120 121checkSuccess() 122{ 123if [ $1 -ne 0 ]; then 124 echo " ERROR:" 125 cat run.out 126 exit 255 127else 128 echo " INFO:" 129fi 130 131} 132 133# FIXME should not increment past 254 134 135checkWarning() 136{ 137if [ $1 -ne 0 ]; then 138 echo " WARN: $2" 139 ((WARN++)) 140else 141 echo " INFO:" 142fi 143} 144 145checkFailure() 146{ 147if [ $1 -eq 0 ]; then 148 echo " ERROR:" 149 cat run.out 150 exit 255 151else 152 echo " INFO:" 153fi 154} 155 156cleanup() 157{ 158# stdout 159 rm -f run.out 160# general purpose keys 161 rm -f derrsa2048priv.bin 162 rm -f derrsa2048pub.bin 163 rm -f derrsa3072priv.bin 164 rm -f derrsa3072pub.bin 165 rm -f despriv.bin 166 rm -f despub.bin 167 rm -f khprivsha1.bin 168 rm -f khprivsha256.bin 169 rm -f khprivsha384.bin 170 rm -f khprivsha512.bin 171 rm -f khpubsha1.bin 172 rm -f khpubsha256.bin 173 rm -f khpubsha384.bin 174 rm -f khpubsha512.bin 175 rm -f khrprivsha1.bin 176 rm -f khrprivsha256.bin 177 rm -f khrprivsha384.bin 178 rm -f khrprivsha512.bin 179 rm -f khrpubsha1.bin 180 rm -f khrpubsha256.bin 181 rm -f khrpubsha384.bin 182 rm -f khrpubsha512.bin 183 rm -f prich.bin 184 rm -f pritk.bin 185 rm -f signeccnfpriv.bin 186 rm -f signeccnfpub.bin 187 rm -f signeccnfpub.pem 188 rm -f signeccpriv.bin 189 rm -f signeccpub.bin 190 rm -f signeccpub.pem 191 rm -f signeccrpriv.bin 192 rm -f signeccrpub.bin 193 rm -f signeccrpub.pem 194 rm -f signrsa2048nfpriv.bin 195 rm -f signrsa2048nfpub.bin 196 rm -f signrsa2048nfpub.pem 197 rm -f signrsa2048priv.bin 198 rm -f signrsa2048pub.bin 199 rm -f signrsa2048pub.pem 200 rm -f signrsa3072priv.bin 201 rm -f signrsa3072pub.bin 202 rm -f signrsa3072pub.pem 203 rm -f signrsa2048rpriv.bin 204 rm -f signrsa2048rpub.bin 205 rm -f signrsa2048rpub.pem 206 rm -f stoch.bin 207 rm -f storeeccpriv.bin 208 rm -f storeeccpub.bin 209 rm -f storsach.bin 210 rm -f storsatk.bin 211 rm -f stotk.bin 212 rm -r storersa2048priv.bin 213 rm -r storersa2048pub.bin 214 215# misc 216 rm -f dec.bin 217 rm -f enc.bin 218 rm -f msg.bin 219 rm -f noncetpm.bin 220 rm -f policyapproved.bin 221 rm -f pssig.bin 222 rm -f sig.bin 223 rm -f tkt.bin 224 rm -f tmp.bin 225 rm -f tmp1.bin 226 rm -f tmp2.bin 227 rm -f tmpsha1.bin 228 rm -f tmpsha256.bin 229 rm -f tmpsha384.bin 230 rm -f tmpsha512.bin 231 rm -f tmppriv.bin 232 rm -f tmppub.bin 233 rm -f tmpspriv.bin 234 rm -f tmpspub.bin 235 rm -f to.bin 236 rm -f zero.bin 237} 238 239initprimary() 240{ 241 echo "Create a platform primary RSA storage key" 242 ${PREFIX}createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out 243 checkSuccess $? 244} 245 246 247export -f checkSuccess 248export -f checkWarning 249export -f checkFailure 250export WARN 251export PREFIX 252export -f initprimary 253# hack because the mbedtls port is incomplete 254export CRYPTOLIBRARY=`${PREFIX}getcryptolibrary` 255 256# example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below 257export TPM_SESSION_ENCKEY 258 259main () 260{ 261 RC=0 262 I=0 263 ((WARN=0)) 264 265 if [ "$1" == "-h" ]; then 266 printUsage 267 echo "" 268 echo "crypto library is ${CRYPTOLIBRARY}" 269 echo "" 270 exit 0 271 else 272 # the MS simulator needs power up and startup 273 if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then 274 if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then 275 ./regtests/inittpm.sh 276 fi 277 fi 278 RC=$? 279 if [ $RC -ne 0 ]; then 280 exit 255 281 fi 282 # example for running scripts with encrypted sessions, see TPM_ENCRYPT_SESSIONS above 283 # getrandom must wait until after inittpm.sh (powerup and startup) 284 TPM_SESSION_ENCKEY=`${PREFIX}getrandom -by 16 -ns` 285 ./regtests/initkeys.sh 286 RC=$? 287 if [ $RC -ne 0 ]; then 288 exit 255 289 fi 290 ((WARN=$RC)) 291 fi 292 if [ "$1" == "-a" ] || [ "$1" == "-1" ]; then 293 ./regtests/testrng.sh 294 RC=$? 295 if [ $RC -ne 0 ]; then 296 exit 255 297 fi 298 ((I++)) 299 fi 300 if [ "$1" == "-a" ] || [ "$1" == "-2" ]; then 301 ./regtests/testpcr.sh 302 RC=$? 303 if [ $RC -ne 0 ]; then 304 exit 255 305 fi 306 ((I++)) 307 fi 308 if [ "$1" == "-a" ] || [ "$1" == "-3" ]; then 309 ./regtests/testprimary.sh 310 RC=$? 311 if [ $RC -ne 0 ]; then 312 exit 255 313 fi 314 ((I++)) 315 fi 316 if [ "$1" == "-a" ] || [ "$1" == "-4" ]; then 317 ./regtests/testcreateloaded.sh 318 RC=$? 319 if [ $RC -ne 0 ]; then 320 exit 255 321 fi 322 ((I++)) 323 fi 324 if [ "$1" == "-a" ] || [ "$1" == "-5" ]; then 325 ./regtests/testhmacsession.sh 326 RC=$? 327 if [ $RC -ne 0 ]; then 328 exit 255 329 fi 330 ((I++)) 331 fi 332 if [ "$1" == "-a" ] || [ "$1" == "-6" ]; then 333 ./regtests/testbind.sh 334 RC=$? 335 if [ $RC -ne 0 ]; then 336 exit 255 337 fi 338 ((I++)) 339 fi 340 if [ "$1" == "-a" ] || [ "$1" == "-7" ]; then 341 ./regtests/testsalt.sh 342 RC=$? 343 if [ $RC -ne 0 ]; then 344 exit 255 345 fi 346 ((I++)) 347 fi 348 if [ "$1" == "-a" ] || [ "$1" == "-8" ]; then 349 ./regtests/testhierarchy.sh 350 RC=$? 351 if [ $RC -ne 0 ]; then 352 exit 255 353 fi 354 ((I++)) 355 fi 356 if [ "$1" == "-a" ] || [ "$1" == "-9" ]; then 357 ./regtests/teststorage.sh 358 RC=$? 359 if [ $RC -ne 0 ]; then 360 exit 255 361 fi 362 ((I++)) 363 fi 364 if [ "$1" == "-a" ] || [ "$1" == "-10" ]; then 365 ./regtests/testchangeauth.sh 366 RC=$? 367 if [ $RC -ne 0 ]; then 368 exit 255 369 fi 370 ((I++)) 371 fi 372 if [ "$1" == "-a" ] || [ "$1" == "-11" ]; then 373 ./regtests/testencsession.sh 374 RC=$? 375 if [ $RC -ne 0 ]; then 376 exit 255 377 fi 378 ((I++)) 379 fi 380 if [ "$1" == "-a" ] || [ "$1" == "-12" ]; then 381 ./regtests/testsign.sh 382 RC=$? 383 if [ $RC -ne 0 ]; then 384 exit 255 385 fi 386 ((I++)) 387 fi 388 if [ "$1" == "-a" ] || [ "$1" == "-13" ]; then 389 ./regtests/testnv.sh 390 RC=$? 391 if [ $RC -ne 0 ]; then 392 exit 255 393 fi 394 ((I++)) 395 fi 396 if [ "$1" == "-a" ] || [ "$1" == "-14" ]; then 397 ./regtests/testnvpin.sh 398 RC=$? 399 if [ $RC -ne 0 ]; then 400 exit 255 401 fi 402 ((I++)) 403 fi 404 if [ "$1" == "-a" ] || [ "$1" == "-15" ]; then 405 ./regtests/testevict.sh 406 RC=$? 407 if [ $RC -ne 0 ]; then 408 exit 255 409 fi 410 ((I++)) 411 fi 412 if [ "$1" == "-a" ] || [ "$1" == "-16" ]; then 413 ./regtests/testrsa.sh 414 RC=$? 415 if [ $RC -ne 0 ]; then 416 exit 255 417 fi 418 ((I++)) 419 fi 420 if [ "$1" == "-a" ] || [ "$1" == "-17" ]; then 421 ./regtests/testaes.sh 422 RC=$? 423 if [ $RC -ne 0 ]; then 424 exit 255 425 fi 426 ((I++)) 427 fi 428 if [ "$1" == "-a" ] || [ "$1" == "-18" ]; then 429 ./regtests/testaes138.sh 430 RC=$? 431 if [ $RC -ne 0 ]; then 432 exit 255 433 fi 434 ((I++)) 435 fi 436 if [ "$1" == "-a" ] || [ "$1" == "-19" ]; then 437 ./regtests/testhmac.sh 438 RC=$? 439 if [ $RC -ne 0 ]; then 440 exit 255 441 fi 442 ((I++)) 443 fi 444 if [ "$1" == "-a" ] || [ "$1" == "-20" ]; then 445 ./regtests/testattest.sh 446 RC=$? 447 if [ $RC -ne 0 ]; then 448 exit 255 449 fi 450 ((I++)) 451 ((WARN=$RC)) 452 fi 453 if [ "$1" == "-a" ] || [ "$1" == "-21" ]; then 454 ./regtests/testpolicy.sh 455 RC=$? 456 if [ $RC -ne 0 ]; then 457 exit 255 458 fi 459 ((I++)) 460 fi 461 if [ "$1" == "-a" ] || [ "$1" == "-22" ]; then 462 ./regtests/testpolicy138.sh 463 RC=$? 464 if [ $RC -ne 0 ]; then 465 exit 255 466 fi 467 ((I++)) 468 fi 469 if [ "$1" == "-a" ] || [ "$1" == "-23" ]; then 470 ./regtests/testcontext.sh 471 RC=$? 472 if [ $RC -ne 0 ]; then 473 exit 255 474 fi 475 ((I++)) 476 fi 477 if [ "$1" == "-a" ] || [ "$1" == "-24" ]; then 478 ./regtests/testclocks.sh 479 RC=$? 480 if [ $RC -ne 0 ]; then 481 exit 255 482 fi 483 ((I++)) 484 fi 485 if [ "$1" == "-a" ] || [ "$1" == "-25" ]; then 486 ./regtests/testda.sh 487 RC=$? 488 if [ $RC -ne 0 ]; then 489 exit 255 490 fi 491 ((I++)) 492 fi 493 if [ "$1" == "-a" ] || [ "$1" == "-26" ]; then 494 ./regtests/testunseal.sh 495 RC=$? 496 if [ $RC -ne 0 ]; then 497 exit 255 498 fi 499 ((I++)) 500 fi 501 if [ "$1" == "-a" ] || [ "$1" == "-27" ]; then 502 ./regtests/testdup.sh 503 RC=$? 504 if [ $RC -ne 0 ]; then 505 exit 255 506 fi 507 ((I++)) 508 fi 509 if [ "$1" == "-a" ] || [ "$1" == "-28" ]; then 510 ./regtests/testecc.sh 511 RC=$? 512 if [ $RC -ne 0 ]; then 513 exit 255 514 fi 515 ((I++)) 516 fi 517 if [ "$1" == "-a" ] || [ "$1" == "-29" ]; then 518 ./regtests/testcredential.sh 519 RC=$? 520 if [ $RC -ne 0 ]; then 521 exit 255 522 fi 523 ((I++)) 524 fi 525 if [ "$1" == "-a" ] || [ "$1" == "-30" ]; then 526 ./regtests/testattest155.sh 527 RC=$? 528 if [ $RC -ne 0 ]; then 529 exit 255 530 fi 531 ((I++)) 532 fi 533 if [ "$1" == "-a" ] || [ "$1" == "-31" ]; then 534 ./regtests/testx509.sh 535 RC=$? 536 if [ $RC -ne 0 ]; then 537 exit 255 538 fi 539 ((I++)) 540 fi 541 if [ "$1" == "-a" ] || [ "$1" == "-32" ]; then 542 ./regtests/testgetcap.sh 543 RC=$? 544 if [ $RC -ne 0 ]; then 545 exit 255 546 fi 547 ((I++)) 548 fi 549 if [ "$1" == "-a" ] || [ "$1" == "-35" ]; then 550 # the MS simulator supports power cycling 551 if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then 552 if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then 553 ./regtests/testshutdown.sh 554 fi 555 fi 556 RC=$? 557 if [ $RC -ne 0 ]; then 558 exit 255 559 fi 560 ((I++)) 561 fi 562 if [ "$1" == "-40" ]; then 563 ./regtests/testdevel.sh 564 RC=$? 565 if [ $RC -ne 0 ]; then 566 exit 255 567 fi 568 ((I++)) 569 ((WARN=$RC)) 570 fi 571# this must be the last test 572 if [ "$1" == "-a" ] || [ "$1" == "-50" ]; then 573 ./regtests/testchangeseed.sh 574 RC=$? 575 if [ $RC -ne 0 ]; then 576 exit 255 577 fi 578 ((I++)) 579 fi 580 if [ $RC -ne 0 ]; then 581 echo "" 582 echo "Failed" 583 echo "" 584 exit 255 585 else 586 # -0 is a debug mode that initializes and does not clean up 587 if [ "$1" != "-0" ]; then 588 ${PREFIX}flushcontext -ha 80000000 589 cleanup 590 fi 591 592 echo "" 593 echo "Success - ${I} Tests ${WARN} Warnings" 594 echo "" 595 fi 596} 597 598 599main "$@" 600