set -e source helpers.sh start_up CRYPTO_PROFILE="RSA" setup_fapi $CRYPTO_PROFILE function cleanup { tss2 delete --path=/ shut_down } trap cleanup EXIT KEY_PATH=HS/SRK/sealKey SEALED_DATA_FILE=$TEMP_DIR/seal-data.file SEAL_DATA="data to seal" printf "$SEAL_DATA" > $SEALED_DATA_FILE UNSEALED_DATA_FILE=$TEMP_DIR/unsealed-data.file PCR_POLICY_DATA=$TEMP_DIR/pol_pcr16_0.json POLICY_PCR=policy/pcr-policy COUNT_FILE=$TEMP_DIR/count.file EMPTY_FILE=$TEMP_DIR/empty.file BIG_FILE=$TEMP_DIR/big_file.file LOG_FILE=$TEMP_DIR/log.file touch $LOG_FILE tss2 provision expect < $LOG_FILE" set ret [wait] if {[lindex \$ret 2] || [lindex \$ret 3] != 1} { set file [open $LOG_FILE r] set log [read \$file] close $file send_user "[lindex \$log]\n" exit 1 } EOF if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then echo "Error: AddressSanitizer triggered." cat $LOG_FILE exit 1 fi echo "tss2 createseal with BIG_FILE" # Expected to fail expect < $LOG_FILE" set ret [wait] if {[lindex \$ret 2] || [lindex \$ret 3] != 1} { set file [open $LOG_FILE r] set log [read \$file] close $file send_user "[lindex \$log]\n" exit 1 } EOF if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then echo "Error: AddressSanitizer triggered." cat $LOG_FILE exit 1 fi tss2 createseal --path=$KEY_PATH --policyPath=$POLICY_PCR --type="noDa" \ --data=$SEALED_DATA_FILE --authValue="" tss2 unseal --path=$KEY_PATH --data=$UNSEALED_DATA_FILE --force if [ "`xxd $UNSEALED_DATA_FILE`" != "`xxd $SEALED_DATA_FILE`" ]; then echo "Seal/Unseal failed" exit 1 fi tss2 delete --path=$KEY_PATH printf "$SEAL_DATA" | tss2 createseal --path=$KEY_PATH --policyPath=$POLICY_PCR --type="noDa" \ --data=- --authValue="" UNSEALED_DATA=$(tss2 unseal --path=$KEY_PATH --data=- | xxd) V1=$(printf "$SEAL_DATA" | xxd) V2=$UNSEALED_DATA if [ "$V1" != "$V2" ]; then echo "Seal/Unseal failed" exit 1 fi expect < $UNSEALED_DATA_FILE expect < $COUNT_FILE if [ "$(< $COUNT_FILE)" != "15" ]; then echo "Wrong size" exit 99 fi printf "" > $SEALED_DATA_FILE expect <