.ci/travis-build-and-run-tests.sh

@@ -77,12 +77,23 @@ fi
 # Bootstrap in the tpm2.0-tss tools directory
 ./bootstrap
 
+# clang has asan enabled with options exported that fail
+# make distcheck, so only do this with gcc.
+# Do a make distcheck in the root, clear it and than
+# cd to the variant directory.
+if [ "$CC" == "gcc" ]; then
+    ./configure
+    make distcheck
+    make distclean
+fi
+
 # Make a build variant directory and change to it
 mkdir ./build
 pushd ./build
 
 # Test building without tcti tabrmd
 ../configure --enable-unit --without-tcti-tabrmd $config_flags
+
 make -j$(nproc)
 make -j$(nproc) check
 make -j$(nproc) clean

CHANGELOG.md

@@ -1,6 +1,9 @@
 ## Changelog
 
 ### next
+  * tpm2_dump_capability: renamed to tpm2_getcap.
+  * tpm2_send_command: renamed to tpm2_send and the input file is now an
+    argument vs using -i.
   * tpm2_dump_capability: outputs human readable command codes.
   * camelCase options are now all lower case. For example, --camelCase becomes --camel-case.
   * tpm2_import - A new tool for importing external entities, very limited key support.

Makefile.am

@@ -54,7 +54,7 @@ bin_PROGRAMS = \
     tools/tpm2_createpolicy \
     tools/tpm2_createprimary \
     tools/tpm2_dictionarylockout \
-    tools/tpm2_dump_capability \
+    tools/tpm2_getcap \
     tools/tpm2_encryptdecrypt \
     tools/tpm2_evictcontrol \
     tools/tpm2_getmanufec \
@@ -82,29 +82,36 @@ bin_PROGRAMS = \
     tools/tpm2_readpublic \
     tools/tpm2_rsadecrypt \
     tools/tpm2_rsaencrypt \
-    tools/tpm2_send_command \
+    tools/tpm2_send \
     tools/tpm2_sign \
     tools/tpm2_startup \
     tools/tpm2_takeownership \
     tools/tpm2_unseal \
     tools/tpm2_verifysignature
 
-tcti_src = ""
+tcti_src =
 if HAVE_TCTI_DEV
-tcti_src += lib/tcti/tpm2_tools_tcti_device.c
+tcti_src += \
+    lib/tcti/tpm2_tools_tcti_device.c \
+    lib/tcti/tpm2_tools_tcti_device.h
 endif
 if HAVE_TCTI_SOCK
-tcti_src += lib/tcti/tpm2_tools_tcti_socket.c
+tcti_src += \
+    lib/tcti/tpm2_tools_tcti_socket.c \
+    lib/tcti/tpm2_tools_tcti_socket.h
 endif
 if HAVE_TCTI_TABRMD
-tcti_src += lib/tcti/tpm2_tools_tcti_abrmd.c
+tcti_src += \
+    lib/tcti/tpm2_tools_tcti_abrmd.c \
+    lib/tcti/tpm2_tools_tcti_abrmd.h
 endif
 
 
 noinst_LIBRARIES = $(LIB_COMMON)
 lib_libcommon_a_SOURCES = \
 	$(tcti_src) \
     lib/conversion.c \
+    lib/conversion.h \
     lib/files.c \
     lib/files.h \
     lib/log.c \
@@ -135,15 +142,15 @@ lib_libcommon_a_SOURCES = \
     lib/tpm_session.c \
     lib/tpm_session.h
 
-TOOL_SRC := tools/tpm2_tool.c tools/tool.h
+TOOL_SRC := tools/tpm2_tool.c tools/tpm2_tool.h
 
 tools_tpm2_create_SOURCES = tools/tpm2_create.c $(TOOL_SRC)
 tools_tpm2_createprimary_SOURCES = tools/tpm2_createprimary.c $(TOOL_SRC)
-tools_tpm2_dump_capability_SOURCES = tools/tpm2_dump_capability.c $(TOOL_SRC)
+tools_tpm2_getcap_SOURCES = tools/tpm2_getcap.c $(TOOL_SRC)
 tools_tpm2_pcrlist_SOURCES = tools/tpm2_pcrlist.c $(TOOL_SRC)
 tools_tpm2_listpersistent_SOURCES = tools/tpm2_listpersistent.c $(TOOL_SRC)
 tools_tpm2_load_SOURCES = tools/tpm2_load.c $(TOOL_SRC)
-tools_tpm2_send_command_SOURCES = tools/tpm2_send_command.c $(TOOL_SRC)
+tools_tpm2_send_SOURCES = tools/tpm2_send.c $(TOOL_SRC)
 tools_tpm2_startup_SOURCES = tools/tpm2_startup.c $(TOOL_SRC)
 tools_tpm2_verifysignature_SOURCES = tools/tpm2_verifysignature.c $(TOOL_SRC)
 tools_tpm2_getmanufec_CFLAG = $(AM_CFLAGS) $(CURL_CFLAGS)
@@ -244,7 +251,7 @@ if HAVE_PANDOC
     man/man1/tpm2_createpolicy.1 \
     man/man1/tpm2_createprimary.1 \
     man/man1/tpm2_dictionarylockout.1 \
-    man/man1/tpm2_dump_capability.1 \
+    man/man1/tpm2_getcap.1 \
     man/man1/tpm2_encryptdecrypt.1 \
     man/man1/tpm2_evictcontrol.1 \
     man/man1/tpm2_getmanufec.1 \
@@ -272,7 +279,7 @@ if HAVE_PANDOC
     man/man1/tpm2_readpublic.1 \
     man/man1/tpm2_rsadecrypt.1 \
     man/man1/tpm2_rsaencrypt.1 \
-    man/man1/tpm2_send_command.1 \
+    man/man1/tpm2_send.1 \
     man/man1/tpm2_sign.1 \
     man/man1/tpm2_startup.1 \
     man/man1/tpm2_takeownership.1 \

RELEASE.md

@@ -89,5 +89,14 @@ $ git push origin [signed-tag-name]
 ```
 **NOTE**: this assumes origin is the tpm2-tools official repo.
 
+### Making a GitHub release.
+
+1. Create a release using the signed release tag.
+2. Add to the binary file section:
+
+    1. A release tarball from `make dist`.
+    2. A detached signature for the tarball made via:
+      `gpg --armor --detach-sign <tarball>`
+
 A lot of this git/gpg information was edited from:
 <https://blog.thesoftwarecraft.com/2013/03/signing-git-tags.html>

man/tpm2_dump_capability.1.md → man/tpm2_getcap.1.md

@@ -1,18 +1,18 @@
-% tpm2_dump_capability(1) tpm2-tools | General Commands Manual
+% tpm2_getcap(1) tpm2-tools | General Commands Manual
 %
 % SEPTEMBER 2017
 
 # NAME
 
-**tpm2_dump_capability**(1) - Display TPM capabilities in a human readable form.
+**tpm2_getcap**(1) - Display TPM capabilities in a human readable form.
 
 # SYNOPSIS
 
-**tpm2_dump_capability** [*OPTIONS*]
+**tpm2_getcap** [*OPTIONS*]
 
 # DESCRIPTION
 
-**tpm2_dump_capability**(1) - Query the TPM for it's capabilities / properties and
+**tpm2_getcap**(1) - Query the TPM for it's capabilities / properties and
 dump them to the console. This is a thin wrapper around the GetCapability
 command.
 
@@ -65,7 +65,7 @@ command.
 # EXAMPLES
 
 ```
-tpm2_dump_capability --capability="properties-fixed"
+tpm2_getcap --capability="properties-fixed"
 
 ```
 

man/tpm2_send_command.1.md → man/tpm2_send.1.md

@@ -1,18 +1,18 @@
-% tpm2_send_command(1) tpm2-tools | General Commands Manual
+% tpm2_send(1) tpm2-tools | General Commands Manual
 %
 % SEPTEMBER 2017
 
 # NAME
 
-**tpm2_send_command**(1) - Send a raw command buffer to the TPM.
+**tpm2_send**(1) - Send a raw command buffer to the TPM.
 
 # SYNOPSIS
 
-**tpm2_send_command** [*OPTIONS*]
+**tpm2_send** [*OPTIONS*]
 
 # DESCRIPTION
 
-**tpm2_send_command**(1) Sends a TPM command to the TPM. The command is
+**tpm2_send**(1) Sends a TPM command to the TPM. The command is
 read from a file as a binary stream and transmitted to the TPM using the TCTI
 specified by the caller. The response received from the TPM is written to
 the output file.
@@ -39,10 +39,10 @@ program to decode and display the response in a human readable form.
 Send the contents of tpm2-command.bin to a device and collect the response as tpm2-response.bin.
 All examples of below accomplish this task.
 ```
-tpm2_send_command --tcti=device < tpm2-command.bin > tpm2-response.bin
-tpm2_send_command --tcti=device -i tpm2-command.bin > tpm2-response.bin
-tpm2_send_command --tcti=device < tpm2-command.bin -o tpm2-response.bin
-tpm2_send_command --tcti=device -i tpm2-command.bin -o tpm2-response.bin
+tpm2_send --tcti=device < tpm2-command.bin > tpm2-response.bin
+tpm2_send --tcti=device -i tpm2-command.bin > tpm2-response.bin
+tpm2_send --tcti=device < tpm2-command.bin -o tpm2-response.bin
+tpm2_send --tcti=device -i tpm2-command.bin -o tpm2-response.bin
 ```
 
 # RETURNS

test/system/test_helpers.sh

@@ -38,7 +38,7 @@ populate_hash_algs() {
         ["sha512"]=0x0D
         ["sm3_256"]=0x12
     )
-    local algs="`tpm2_dump_capability -c algorithms | grep 'hash:\s*set$' -B 3 | awk '{ print $6 }' | xargs`"
+    local algs="`tpm2_getcap -c algorithms | grep 'hash:\s*set$' -B 3 | awk '{ print $6 }' | xargs`"
     local algs_supported=""
     local t_alg
 

test/system/test_tpm2_dictionarylockout.sh

@@ -40,16 +40,16 @@ trap onerror ERR
 
 tpm2_dictionarylockout -s -n 5 -t 6 -l 7
 
-if [ $(tpm2_dump_capability -c properties-variable | grep TPM_PT_MAX_AUTH_FAIL | sed -e 's/TPM_PT_MAX_AUTH_FAIL: \+//') != "0x00000005" ];then
+if [ $(tpm2_getcap -c properties-variable | grep TPM_PT_MAX_AUTH_FAIL | sed -e 's/TPM_PT_MAX_AUTH_FAIL: \+//') != "0x00000005" ];then
  echo "Failure: setting up the number of allowed tries in the lockout parameters"
  exit 1
 fi
 
-if [ $(tpm2_dump_capability -c properties-variable | grep TPM_PT_LOCKOUT_INTERVAL | sed -e 's/TPM_PT_LOCKOUT_INTERVAL: \+//') != "0x00000006" ];then
+if [ $(tpm2_getcap -c properties-variable | grep TPM_PT_LOCKOUT_INTERVAL | sed -e 's/TPM_PT_LOCKOUT_INTERVAL: \+//') != "0x00000006" ];then
  echo "Failure: setting up the lockout period in the lockout parameters"
 fi
 
-if [ $(tpm2_dump_capability -c properties-variable | grep TPM_PT_LOCKOUT_RECOVERY | sed -e 's/TPM_PT_LOCKOUT_RECOVERY: \+//') != "0x00000007" ];then
+if [ $(tpm2_getcap -c properties-variable | grep TPM_PT_LOCKOUT_RECOVERY | sed -e 's/TPM_PT_LOCKOUT_RECOVERY: \+//') != "0x00000007" ];then
  echo "Failure: setting up the lockout recovery period in the lockout parameters"
 fi
 

test/system/test_tpm2_encryptdecrypt.sh

@@ -47,7 +47,7 @@ trap cleanup EXIT
 cleanup
 
 # Check for encryptdecrypt command code 0x164
-tpm2_dump_capability -c commands | grep -q 0x164
+tpm2_getcap -c commands | grep -q 0x164
 if [ $? != 0 ];then
     echo "WARN: Command EncryptDecrypt is not supported by your device, skipping..."
     exit 0

test/system/test_tpm2_dump_capability.sh → test/system/test_tpm2_getcap.sh

@@ -37,12 +37,12 @@ onerror() {
 }
 trap onerror ERR
 
-tpm2_dump_capability -Q --capability="properties-fixed"
+tpm2_getcap -Q --capability="properties-fixed"
 
-tpm2_dump_capability -Q --capability="properties-variable"
+tpm2_getcap -Q --capability="properties-variable"
 
-tpm2_dump_capability -Q --capability="algorithms"
+tpm2_getcap -Q --capability="algorithms"
 
-tpm2_dump_capability -Q --capability="commands"
+tpm2_getcap -Q --capability="commands"
 
 exit 0

test/system/test_tpm2_import.sh

@@ -38,25 +38,25 @@ onerror() {
 trap onerror ERR
 
 cleanup() {
-    tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005 2>/dev/null
+    tpm2_evictcontrol -Q -A o -H 0x81010005 -S 0x81010005 2>/dev/null
     rm -f import_key.ctx  import_key.name  import_key.priv  import_key.pub \
           parent.ctx parent.pub  plain.dec.ssl  plain.enc  plain.txt  sym.key
 }
 trap cleanup EXIT
 
 cleanup
 
-tpm2_createprimary -G 1 -g 0xb -A o -C parent.ctx
-tpm2_evictcontrol -A o -c parent.ctx -S 0x81010005
+tpm2_createprimary -Q -G 1 -g 0xb -A o -C parent.ctx
+tpm2_evictcontrol -Q -A o -c parent.ctx -S 0x81010005
 
-dd if=/dev/urandom of=sym.key bs=1 count=16
+dd if=/dev/urandom of=sym.key bs=1 count=16 2>/dev/null
 
-tpm2_readpublic -H 0x81010005 --opu parent.pub
+tpm2_readpublic -Q -H 0x81010005 --opu parent.pub
 
-tpm2_import -k sym.key -H 0x81010005 -f parent.pub -q import_key.pub \
+tpm2_import -Q -k sym.key -H 0x81010005 -f parent.pub -q import_key.pub \
 -r import_key.priv
 
-tpm2_load  -H 0x81010005 -u import_key.pub -r import_key.priv -n import_key.name \
+tpm2_load -Q -H 0x81010005 -u import_key.pub -r import_key.priv -n import_key.name \
 -C import_key.ctx
 
 echo "plaintext" > "plain.txt"
@@ -72,6 +72,4 @@ echo "TEST: tpm2_import failed"
 exit 1
 fi
 
-echo "TEST: tpm2_import succeeded"
-
 exit 0

test/system/test_tpm2_nv.sh

@@ -84,7 +84,7 @@ tpm2_nvrelease -Q -x 0x1500016 -a 0x40000001
 #
 # Test large writes
 #
-large_file_size=$(tpm2_dump_capability -c properties-fixed | grep TPM_PT_NV_INDEX_MAX | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
+large_file_size=$(tpm2_getcap -c properties-fixed | grep TPM_PT_NV_INDEX_MAX | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
 nv_test_index=0x1000000
 
 # Create an nv space with attributes 1010 = TPMA_NV_PPWRITE and TPMA_NV_AUTHWRITE

test/system/test_tpm2_quote.sh

@@ -52,7 +52,7 @@ Handle_ak_quote=0x81010016
 Handle_ek_quote=0x81010017
 Handle_ak_quote2=0x81010018
 
-maxdigest=$(tpm2_dump_capability -c properties-fixed | grep TPM_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
+maxdigest=$(tpm2_getcap -c properties-fixed | grep TPM_PT_MAX_DIGEST | sed -r -e 's/.*(0x[0-9a-f]+)/\1/g')
 nonce=12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde12345abcde
 nonce=${nonce:0:2*$maxdigest}
 

test/system/test_tpm2_send_command.sh → test/system/test_tpm2_send.sh

@@ -45,6 +45,13 @@ if [ ! -f "${TPM2_COMMAND_FILE}" ]; then
     exit 1
 fi
 
-tpm2_send_command < ${TPM2_COMMAND_FILE} > /dev/null
+# check default stdin(file fd)/stdout
+tpm2_send < ${TPM2_COMMAND_FILE} > /dev/null
+
+# check default stdin(pipe fd) with output file
+cat ${TPM2_COMMAND_FILE} | tpm2_send -o /dev/null
+
+# check -o out and argument file input
+tpm2_send -o /dev/null ${TPM2_COMMAND_FILE}
 
 exit 0