set -e source helpers.sh start_up CRYPTO_PROFILE="ECC" setup_fapi $CRYPTO_PROFILE function cleanup { # In case the test is skipped no key is created and a # failure is expected here. Therefore, we need to pass a successful # execution in any case tss2 delete --path=/ && true shut_down } trap cleanup EXIT PLAIN_TEXT=$TEMP_DIR/plaintext.file KEY_PATH="HS/SRK/myRSACrypt" ENCRYPTED_FILE=$TEMP_DIR/encrypted.file DECRYPTED_FILE=$TEMP_DIR/decrypted.file PCR_POLICY_DATA=$TEMP_DIR/pol_pcr16_0.json POLICY_PCR=policy/pcr-policy TYPES="noDa,decrypt" EMPTY_FILE=$TEMP_DIR/empty.file BIG_FILE=$TEMP_DIR/big_file.file LOG_FILE=$TEMP_DIR/log.file touch $LOG_FILE echo -n "Secret Text!" > $PLAIN_TEXT set -x if [ "$CRYPTO_PROFILE" = "ECC" ]; then echo ECC currently not supported for encryption. Skipping test. exit 077 fi tss2 provision expect < $LOG_FILE" set ret [wait] if {[lindex \$ret 2] || [lindex \$ret 3] != 1} { set file [open $LOG_FILE r] set log [read \$file] close $file send_user "[lindex \$log]\n" exit 1 } EOF if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then echo "Error: AddressSanitizer triggered." cat $LOG_FILE exit 1 fi tss2 encrypt --keyPath=$KEY_PATH --plainText=$PLAIN_TEXT \ --cipherText=$ENCRYPTED_FILE --force expect < $LOG_FILE" set ret [wait] if {[lindex \$ret 2] || [lindex \$ret 3] != 1} { set file [open $LOG_FILE r] set log [read \$file] close $file send_user "[lindex \$log]\n" exit 1 } EOF if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then echo "Error: AddressSanitizer triggered." cat $LOG_FILE exit 1 fi echo "tss2 decrypt with BIG_FILE" # Expected to fail expect < $LOG_FILE" set ret [wait] if {[lindex \$ret 2] || [lindex \$ret 3] != 1} { set file [open $LOG_FILE r] set log [read \$file] close $file send_user "[lindex \$log]\n" exit 1 } EOF if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then echo "Error: AddressSanitizer triggered." cat $LOG_FILE exit 1 fi tss2 delete --path=$KEY_PATH # Encrypt/Decrypt with password tss2 createkey --path=$KEY_PATH --type="noDa, decrypt" --authValue=abc tss2 encrypt --keyPath=$KEY_PATH --plainText=$PLAIN_TEXT \ --cipherText=$ENCRYPTED_FILE --force echo -n "Fail" > $DECRYPTED_FILE expect <=2.4.2. # Therefore, make the test conditional VERSION="$(tss2 createkey -v | grep -Po 'fapi-version=.*' | grep -Eo '([0-9]+\.{1})+[0-9]' | sed 's/[^0-9]*//g')" if [ $VERSION -ge "242" ]; then tss2 delete --path=$KEY_PATH tss2 createkey --path=$KEY_PATH --authValue=abc fi exit 0