Makefile.am

@@ -32,7 +32,7 @@
 
 ACLOCAL_AMFLAGS = -I m4
 
-INCLUDE_DIRS = -I$(top_srcdir)/src -I$(top_srcdir)/lib -I$(top_srcdir)/lib/tcti
+INCLUDE_DIRS = -I$(top_srcdir)/tools -I$(top_srcdir)/lib -I$(top_srcdir)/lib/tcti
 LIB_COMMON := lib/libcommon.a
 
 AM_CFLAGS := \

lib/tpm2_util.c

@@ -28,13 +28,14 @@
 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 // THE POSSIBILITY OF SUCH DAMAGE.
 //**********************************************************************;
-#include "tpm2_util.h"
-
 #include <ctype.h>
 #include <errno.h>
 #include <stdbool.h>
 #include <stdio.h>
 
+#include "tpm2_tool.h"
+#include "tpm2_util.h"
+
 bool tpm2_util_concat_buffer(TPM2B_MAX_BUFFER *result, TPM2B *append) {
 
     if (!result || !append) {
@@ -130,6 +131,10 @@ int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLength,
 
 void tpm2_util_print_tpm2b(TPM2B *buffer) {
 
+    if (!output_enabled) {
+        return;
+    }
+
     unsigned i;
     for (i = 0; i < buffer->size; i++) {
         printf("%2.2x ", buffer->buffer[i]);

test/system/test.sh

@@ -0,0 +1,119 @@
+#!/bin/bash
+#;**********************************************************************;
+#
+# Copyright (c) 2016, Intel Corporation
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of Intel Corporation nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#;**********************************************************************;
+
+# We Assume that the tests are run from the system/test location.
+SRC_DIR=`realpath ../../tools/`
+PATH=$SRC_DIR:$PATH
+
+# Some test helpers are in the test directory
+# and might be needed on PATH
+TEST_DIR=`realpath .`
+PATH=$TEST_DIR:$PATH
+
+# Keep track of failures and successes for reporting
+pass=0
+fail=0
+
+# Keep track of failed test scripts.
+fail_summary=""
+
+red=$'\e[1;31m'
+grn=$'\e[1;32m'
+yel=$'\e[1;33m'
+blu=$'\e[1;34m'
+mag=$'\e[1;35m'
+cyn=$'\e[1;36m'
+end=$'\e[0m'
+
+test_wrapper() {
+
+  ./$1 &
+  # Process Id of the previous running command
+  pid=$!
+  spin='-\|/'
+  i=0
+  while kill -0 $pid 2>/dev/null; do
+    i=$(( (i+1) %4 ))
+    printf "\r${yel}${spin:$i:1}${end}"
+    sleep .1
+  done
+
+  wait $pid
+  if [ $? -eq 0 ]; then
+    printf "\r${grn}$1 ... PASSED${end}\n"
+    let "pass++"
+  else
+    printf "\r${red}$1 ... FAILED${end}\n"
+    let "fail++"
+    fail_summary="$fail_summary"$'\n'"$1"
+  fi
+}
+
+# Get a list of test scripts, all tests should begin with test_tpm2_ and
+# be a shell script. This avoids adding test_all.sh
+tests=`ls test_tpm2_*.sh`
+
+# Building with asan on clang, the leak sanitizier
+# portion (lsan) on ancient versions is:
+# 1. Detecting a leak that (maybe) doesn't exist.
+#    OpenSSL is hard...
+# 2. The suppression option via ASAN_OPTIONS doesn't
+#    exist for 3.6.
+# TODO When this is fixed, remove it.
+# Bug: https://github.com/01org/tpm2-tools/issues/390
+if [ "$ASAN_ENABLED" == "true" ]; then
+  tests=`echo $tests | grep -v test_tpm2_getmanufec.sh`
+fi
+
+# If command line arguments are provided, assume it is
+# the test suite to execute.
+# IE: test_tpm2_getrandom.sh
+if [ "$#" -gt 0 ]; then
+  tests="$@"
+fi
+
+
+for t in $tests; do
+  test_wrapper $t;
+done;
+
+# Report the status of the tests
+printf "${grn}Tests passed: $pass${end}\n"
+printf "${red}Tests Failed: $fail${end}\n"
+
+if [ $fail -gt 0 ]; then
+  echo "Fail summary:"
+  echo "$fail_summary"
+fi
+
+exit $fail

test/system/test_all.sh

@@ -55,36 +55,7 @@ test_wrapper()
   fi
 }
 
-test_wrapper test_tpm2_takeownership_all.sh
-test_wrapper test_tpm2_nv.sh
-test_wrapper test_tpm2_pcrlist.sh
-test_wrapper test_tpm2_getrandom.sh
-test_wrapper test_tpm2_getrandom_func.sh
-test_wrapper test_tpm2_createprimary_all.sh
-test_wrapper test_tpm2_create_all.sh
-test_wrapper test_tpm2_load.sh
-test_wrapper test_tpm2_loadexternal.sh
-test_wrapper test_tpm2_evictcontrol.sh
-test_wrapper test_tpm2_hash.sh
-test_wrapper test_tpm2_hmac.sh
-test_wrapper test_tpm2_quote.sh
-test_wrapper test_tpm2_unseal.sh
-test_wrapper test_tpm2_akparse.sh
-test_wrapper test_tpm2_certify.sh
-test_wrapper test_tpm2_getpubek.sh
-test_wrapper test_tpm2_getpubak.sh
-test_wrapper test_tpm2_makecredential.sh
-test_wrapper test_tpm2_activecredential.sh
-test_wrapper test_tpm2_readpublic.sh
-test_wrapper test_tpm2_rsaencrypt.sh
-test_wrapper test_tpm2_rsadecrypt.sh
-test_wrapper test_tpm2_encryptdecrypt.sh
-test_wrapper test_tpm2_sign.sh
-test_wrapper test_tpm2_verifysignature.sh
-test_wrapper test_tpm2_send_command.sh
-test_wrapper test_tpm2_dump_capability.sh
-test_wrapper test_tpm2_startup.sh
-test_wrapper test_tpm2_pcrevent.sh
+tests=`ls test_tpm2_*.sh`
 
 # Building with asan on clang, the leak sanitizier
 # portion (lsan) on ancient versions is:
@@ -94,14 +65,13 @@ test_wrapper test_tpm2_pcrevent.sh
 #    exist for 3.6.
 # TODO When this is fixed, remove it.
 # Bug: https://github.com/01org/tpm2-tools/issues/390
-if [ "$ASAN_ENABLED" != "true" ]; then
-  test_wrapper test_tpm2_getmanufec.sh
+if [ "$ASAN_ENABLED" == "true" ]; then
+    tests=`echo $tests | grep -v test_tpm2_getmanufec.sh`
 fi
 
-test_wrapper test_tpm2_dictionarylockout.sh
-test_wrapper test_tpm2_createpolicy.sh
-test_wrapper test_tpm2_pcrextend.sh
-test_wrapper test_tpm2_rc_decode.sh
+for t in $tests; do
+    test_wrapper $t;
+done;
 
 echo -e "\033[32m Tests passed: $pass \033[0m"
 echo -e "\033[31m Tests Failed: $fail  \033[0m"

test/system/test_tpm2_activecredential.sh

@@ -4,81 +4,62 @@
 # Copyright (c) 2016, Intel Corporation
 # All rights reserved.
 #
-# Redistribution and use in source and binary forms, with or without 
+# Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
-# 
-# 1. Redistributions of source code must retain the above copyright notice, 
+#
+# 1. Redistributions of source code must retain the above copyright notice,
 # this list of conditions and the following disclaimer.
-# 
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation 
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
 # and/or other materials provided with the distribution.
 #
 # 3. Neither the name of Intel Corporation nor the names of its contributors
 # may be used to endorse or promote products derived from this software without
 # specific prior written permission.
 #
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 # THE POSSIBILITY OF SUCH DAMAGE.
 #;**********************************************************************;
-handle_ek=0x81010009
-handle_ak=0x8101000a
-ek_alg=0x001
-ak_alg=0x0001
-digestAlg=0x000B 
-signAlg=0x0014
-
-file_input_data=secret.data
-output_ek_pub=ek_pub.out
-output_ak_pub=ak_pub.out
-output_ak_pub_name=ak_name_pub.out
-output_mkcredential=mkcredential.out
-output_actcredential=actcredential.out
 
-fail()
-{
-	    echo "$1 test fail, please check the environment or parameters!"
-		exit 1
+onerror() {
+    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
+    exit 1
 }
+trap onerror ERR
 
-rm $output_ek_pub $output_ak_pub $output_ak_pub_name  $output_mkcredential $output_actcredential -rf 
+cleanup() {
+    rm -f secret.data ek.pub ak.pub ak.name mkcred.out ak.out actcred.out \
+          &>/dev/null
+
+    # Evict persistent handles, we want them to always succeed and never trip
+    # the onerror trap.
+	tpm2_evictcontrol -Q -A o -H 0x81010009 2>/dev/null || true
+	tpm2_evictcontrol -Q -A o -H 0x8101000a 2>/dev/null || true
+}
+trap cleanup EXIT
 
-if [ ! -e "$file_input_data" ]   
-  then    
-echo "12345678" > $file_input_data
-fi 
+cleanup
 
-tpm2_getpubek  -H $handle_ek -g $ek_alg -f $output_ek_pub 
-if [ $? != 0 ] || [ ! -e $output_ek_pub ];then
-	fail getpubek 
-fi
+echo "12345678" > secret.data
 
-tpm2_getpubak  -E $handle_ek  -k $handle_ak -g $ak_alg -D $digestAlg -s $signAlg -f $output_ak_pub  -n $output_ak_pub_name |tee output_ak 
-if [ $? != 0 ] || [ ! -e output_ak ];then
-	fail getpubak 
-fi
-grep  -A 3 "Name of loaded key:" output_ak|tr "\n" " " >grep.txt
-Loadkeyname=`sed -e 's/ //g'  grep.txt | awk  -F':' '{print $2}'`
+tpm2_getpubek -Q -H 0x81010009 -g rsa -f ek.pub
 
-tpm2_makecredential -e $output_ek_pub  -s $file_input_data  -n $Loadkeyname -o $output_mkcredential
-if [ $? != 0 ];then
-	fail makecredential 
-fi
+tpm2_getpubak -E 0x81010009 -k 0x8101000a -g rsa -D sha256 -s rsassa -f ak.pub -n ak.name > ak.out
 
-tpm2_activatecredential  -H $handle_ak -k $handle_ek -f $output_mkcredential  -o $output_actcredential
-if [ $? != 0 ];then
-	fail activatecredential 
-fi
+loaded_key_name=`grep -A 3 "Name of loaded key:" ak.out | tr "\n" " " | sed -e 's/ //g' | awk  -F':' '{print $2}'`
 
-echo "activcredential successfully!"
+tpm2_makecredential -Q -e ek.pub  -s secret.data -n $loaded_key_name -o mkcred.out
 
+tpm2_activatecredential -Q -H 0x8101000a -k 0x81010009 -f mkcred.out -o actcred.out
 
+exit 0