lib/tpm2_alg_util.c

@@ -351,7 +351,7 @@ UINT8* tpm2_extract_plain_signature(UINT16 *size, TPMT_SIGNATURE *signature) {
         if (!buffer) {
             goto nomem;
         }
-        memcpy(buffer, &hmac_sig, *size);
+        memcpy(buffer, hmac_sig, *size);
         break;
     }
     case TPM2_ALG_ECDSA: {

man/tpm2_getcap.1.md

@@ -58,16 +58,32 @@ command.
     * handles-saved-session:
       Display handles about saved sessions.
 
+  * **-l**, **--list**:
+    List known supported capability names. These names can be
+    supplied as the argument to the **-c** option. Output is in a
+    YAML compliant list to stdout.
+
+    For example:
+```
+    - algorithms
+    - commands
+    - properties-fixed
+    ...
+```
+
 [common options](common/options.md)
 
 [common tcti options](common/tcti.md)
 
 # EXAMPLES
 
-```
-tpm2_getcap --capability="properties-fixed"
+To list the fixed properties of the TPM:
 
-```
+```tpm2_getcap --capability="properties-fixed"```
+
+To list the supported capability arguments to **-c**:
+
+```tpm2_getcap -l```
 
 # RETURNS
 

test/system/helpers.sh

@@ -99,3 +99,53 @@ hash_alg_supported() {
         fi
     done
 }
+
+#
+# Verifies that the contexts of a file path provided
+# as the first argument loads as a YAML file.
+#
+function yaml_verify() {
+python << pyscript
+from __future__ import print_function
+
+import sys
+import yaml
+
+with open("$1") as f:
+	try:
+		y = yaml.load(f)
+	except yaml.YAMLError as exc:
+		sys.exit(exc)
+pyscript
+}
+
+#
+# Given a file as argument 1, prints the value of the key
+# provided as argument 2 and optionally argument 3 (for nested maps).
+# Note that if key is a string, pass the quotes. This allows lookups
+# on string or numerical keys.
+#
+function yaml_get_kv() {
+
+third_arg=\"\"
+if [ $# -eq 3 ]; then
+  third_arg=$3
+fi
+
+python << pyscript
+from __future__ import print_function
+
+import sys
+import yaml
+
+with open("$1") as f:
+	try:
+		y = yaml.load(f)
+		if $# == 3:
+			print(y[$2][$third_arg])
+		else:
+			print(y[$2])
+	except yaml.YAMLError as exc:
+		sys.exit(exc)
+pyscript
+}

test/system/tests/create.sh

@@ -49,27 +49,6 @@ cleanup() {
 }
 trap cleanup EXIT
 
-function yaml_get() {
-
-python << pyscript
-from __future__ import print_function
-
-import sys
-import yaml
-
-with open("$2") as f:
-	try:
-		y = yaml.load(f)
-		found = "$1" in y
-		if (not found):
-			sys.stderr.write('Could not find index 0x%X\n' % ("$1"))
-		print(y["$1"])
-		sys.exit(not found)
-	except yaml.YAMLError as exc:
-		sys.exit(exc)
-pyscript
-}
-
 cleanup
 
 tpm2_createprimary -Q -H o -g sha1 -G rsa -C context.out
@@ -91,7 +70,7 @@ echo "$policy_orig" | xxd -r -p > policy.bin
 tpm2_create -c context.out -g sha256 -G 0x1 -L policy.bin -u key.pub -r key.priv \
   -A 'sign|fixedtpm|fixedparent|sensitivedataorigin' > out.pub
 
-policy_new=$(yaml_get "authorization policy" out.pub)
+policy_new=$(yaml_get_kv out.pub \"authorization\ policy\")
 
 test "$policy_orig" == "$policy_new"
 

test/system/tests/createprimary.sh

@@ -63,27 +63,6 @@ for gAlg in `populate_hash_algs mixed`; do
     done
 done
 
-function yaml_get() {
-
-python << pyscript
-from __future__ import print_function
-
-import sys
-import yaml
-
-with open("$2") as f:
-	try:
-		y = yaml.load(f)
-		found = "$1" in y
-		if (not found):
-			sys.stderr.write('Could not find index 0x%X\n' % ("$1"))
-		print(y["$1"])
-		sys.exit(not found)
-	except yaml.YAMLError as exc:
-		sys.exit(exc)
-pyscript
-}
-
 policy_orig="f28230c080bbe417141199e36d18978228d8948fc10a6a24921b9eba6bb1d988"
 
 #test for createprimary objects with policy authorization structures
@@ -94,7 +73,7 @@ tpm2_createprimary -Q -H o -G rsa -g sha256 -C context.out -L policy.bin \
 
 tpm2_readpublic -c context.out > pub.out
 
-policy_new=$(yaml_get "authorization policy" pub.out)
+policy_new=$(yaml_get_kv pub.out \"authorization\ policy\")
 
 test "$policy_orig" == "$policy_new"
 

test/system/tests/dictionarylockout.sh

@@ -32,6 +32,15 @@
 #;**********************************************************************;
 ###this script use for test the implementation tpm2_dictionarylockout 
 
+source helpers.sh
+
+out=out.yaml
+
+cleanup() {
+    rm -f $out
+}
+trap cleanup EXIT
+
 onerror() {
     echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
     exit 1
@@ -40,17 +49,23 @@ trap onerror ERR
 
 tpm2_dictionarylockout -s -n 5 -t 6 -l 7
 
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_MAX_AUTH_FAIL | sed -e 's/TPM2_PT_MAX_AUTH_FAIL: \+//')" != "0x00000005" ];then
- echo "Failure: setting up the number of allowed tries in the lockout parameters"
- exit 1
+tpm2_getcap -c properties-variable > $out
+v=$(yaml_get_kv "$out" \"TPM2_PT_MAX_AUTH_FAIL\")
+if [ $v -ne 5 ];then
+  echo "Failure: setting up the number of allowed tries in the lockout parameters"
+  exit 1
 fi
 
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_LOCKOUT_INTERVAL | sed -e 's/TPM2_PT_LOCKOUT_INTERVAL: \+//')" != "0x00000006" ];then
- echo "Failure: setting up the lockout period in the lockout parameters"
+v=$(yaml_get_kv "$out" \"TPM2_PT_LOCKOUT_INTERVAL\")
+if [ $v -ne 6 ];then
+  echo "Failure: setting up the lockout period in the lockout parameters"
+  exit 1
 fi
 
-if [ "$(tpm2_getcap -c properties-variable | grep TPM2_PT_LOCKOUT_RECOVERY | sed -e 's/TPM2_PT_LOCKOUT_RECOVERY: \+//')" != "0x00000007" ];then
- echo "Failure: setting up the lockout recovery period in the lockout parameters"
+v=$(yaml_get_kv "$out" \"TPM2_PT_LOCKOUT_RECOVERY\")
+if [ $v -ne 7 ];then
+  echo "Failure: setting up the lockout recovery period in the lockout parameters"
+  exit 1
 fi
 
 exit 0

test/system/tests/getcap.sh

@@ -31,18 +31,56 @@
 # THE POSSIBILITY OF SUCH DAMAGE.
 #;**********************************************************************;
 
+source helpers.sh
+
+out=out.yaml
+
+cleanup() {
+    rm -f $out
+}
+
+trap cleanup EXIT
+
 onerror() {
     echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
     exit 1
 }
 trap onerror ERR
 
-tpm2_getcap -Q --capability="properties-fixed"
+function yaml_to_list() {
+
+python << pyscript
+from __future__ import print_function
+
+import sys
+import yaml
+
+with open("$1") as f:
+	try:
+		y = yaml.load(f)
+		print(' '.join(y))
+	except yaml.YAMLError as exc:
+		sys.exit(exc)
+pyscript
+}
+
+tpm2_getcap -l > $out
+
+caplist=$(yaml_to_list $out)
 
-tpm2_getcap -Q --capability="properties-variable"
+for c in $caplist; do
+	tpm2_getcap --capability="$c" > $out
+	yaml_verify $out
+done;
 
-tpm2_getcap -Q --capability="algorithms"
+# negative tests
+trap - ERR
 
-tpm2_getcap -Q --capability="commands"
+# Regression test, ensure that getcap -c never accepts prefix matches
+tpm2_getcap -Q --capability="comma" 2>/dev/null
+if [ $? -eq 0 ]; then
+  echo "Expected \"tpm2_getcap -Q --capability=\"comma\"\" to fail."
+  exit 1
+fi
 
 exit 0

test/system/tests/getrandom.sh

@@ -31,6 +31,8 @@
 # THE POSSIBILITY OF SUCH DAMAGE.
 #;**********************************************************************;
 
+source helpers.sh
+
 onerror() {
     echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
     exit 1
@@ -50,4 +52,6 @@ tpm2_getrandom -o random.out 32
 #test stdout
 tpm2_getrandom 4 > random.out
 
+yaml_verify random.out
+
 exit 0

test/system/tests/hash.sh

@@ -33,6 +33,8 @@
 
 #this script is for hash case testing 
 
+source helpers.sh
+
 onerror() {
     echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
     exit 1
@@ -42,9 +44,10 @@ trap onerror ERR
 ticket_file=ticket.out
 hash_out_file=hash.out
 hash_in_file=hash.in
+out=out.yaml
 
 cleanup() {
-  rm -f $ticket_file $hash_out_file $hash_in_file
+  rm -f $ticket_file $hash_out_file $hash_in_file $out
 }
 trap cleanup EXIT
 
@@ -77,7 +80,7 @@ cleanup
 
 # Test stdout output as well as no options.
 # Validate that hash outputs are as expected.
-tpm_hash_val=`echo 1234 | tpm2_hash | grep hash | cut -d\: -f 2-2 | tr -d '[:space:]'`
+tpm_hash_val=`echo 1234 | tpm2_hash | tee $out | grep sha1 | cut -d\: -f 2-2 | tr -d '[:space:]'`
 sha1sum_val=`echo 1234 | sha1sum  | cut -d\  -f 1-2 | tr -d '[:space:]'`
 if [ "$tpm_hash_val" != "$sha1sum_val" ]; then
   echo "Expected tpm and sha1sum to produce same hashes."
@@ -87,9 +90,12 @@ if [ "$tpm_hash_val" != "$sha1sum_val" ]; then
   exit 1
 fi
 
+# Verify the yaml output
+yaml_verify $out
+
 # Test a file that cannot be done in 1 update call. The tpm works on a 1024 block size.
 dd if=/dev/urandom of=$hash_in_file bs=2093 count=1 2>/dev/null
-tpm_hash_val=`tpm2_hash $hash_in_file | grep hash | cut -d\: -f 2-2 | tr -d '[:space:]'`
+tpm_hash_val=`tpm2_hash $hash_in_file | grep sha1 | cut -d\: -f 2-2 | tr -d '[:space:]'`
 sha1sum_val=`sha1sum $hash_in_file | cut -d\  -f 1-2 | tr -d '[:space:]'`
 if [ "$tpm_hash_val" != "$sha1sum_val" ]; then
   echo "Expected tpm and sha1sum to produce same hashes"

test/system/tests/listpersistent.sh

@@ -56,7 +56,7 @@ onerror() {
 trap onerror ERR
 
 
-function yaml_get() {
+function yaml_get_len() {
 
 python << pyscript
 from __future__ import print_function
@@ -85,7 +85,7 @@ done
 
 tpm2_listpersistent > out.yaml
 
-handle_cnt=$(yaml_get out.yaml)
+handle_cnt=$(yaml_get_len out.yaml)
 
 if [ "$handle_cnt" -ne "${#keys[@]}" ]; then
     echo "Only $handle_cnt of ${#keys[@]} persistent objects were listed"