test: Make sure that when key is passed state is encrypted

Make sure that when keyfile/keyfile-fd or pwdfile/pwdfile-fd are passed to swtpm_setup that the resulting state is actually encrypted. We check for encrypted state by making sure that 4-byte sequences of 0-bytes are not there while they are there for un-encrypted state. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Jun 27, 2019 · 4d8cd82 · 4d8cd82
1 parent 8a2d8bc
commit 4d8cd82
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/tests/test_tpm2_parameters b/tests/test_tpm2_parameters
@@ -93,6 +93,24 @@ for (( i=0; i<${#PARAMETERS[*]}; i++)); do
 		exit 1
 	fi
 
+	# Make sure the state is encrypted when a key was given.
+	# We expect sequences of 4 0-bytes in unencrypted state
+	# and no such sequences in encrypted state.
+	nullseq="$(cat $TPMDIR/tpm2-00.permall | \
+			od -t x1 -A n | tr -d '\n' |
+			grep "00 00 00 00")"
+	if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then
+		if [ -n "${nullseq}" ]; then
+			echo "ERROR: State file is not encrypted with" \
+			     "parameters '${PARAMETERS[$i]}'"
+		fi
+	else
+		if [ -z "${nullseq}" ]; then
+			echo "ERROR: State must not be encrypted with" \
+			     "parameters '${PARAMETERS[$i]}'"
+		fi
+	fi
+
 	echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
 done