Почетна Преглед Помоћ
Пријавите се
SoftwareDesign
/
csu3_am335x
8
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Грана: master
Гране Ознаке
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
fapi
/
fapi-authorize-policy.sh

fapi-authorize-policy.sh 4.1 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. 

  2. set -e
    3. 

  3. source helpers.sh
    4. 

  4. 

  5. start_up
    6. 

  6. 

  7. CRYPTO_PROFILE="RSA"
    8. 

  8. setup_fapi $CRYPTO_PROFILE
    9. 

  9. 

  10. function cleanup {
    11. 

  11.     tss2 delete --path=/
    12. 

  12.     shut_down
    13. 

  13. }
    14. 

  14. 

  15. trap cleanup EXIT
    16. 

  16. 

  17. KEY_PATH=HS/SRK/mySignKey
    18. 

  18. POLICY_SIGN_KEY_PATH=HS/SRK/myPolicySignKey
    19. 

  19. PCR_POLICY_DATA=$TEMP_DIR/pol_pcr16_0.json
    20. 

  20. AUTHORIZE_POLICY_DATA=$TEMP_DIR/pol_authorize_ref.json
    21. 

  21. POLICY_PCR=policy/pcr-policy
    22. 

  22. POLICY_AUTHORIZE=policy/authorize-policy
    23. 

  23. POLICY_REF=$TEMP_DIR/policy_ref.file
    24. 

  24. SIGNATURE_FILE=$TEMP_DIR/signature.file
    25. 

  25. PUBLIC_KEY_FILE=$TEMP_DIR/public_key.file
    26. 

  26. DIGEST_FILE=$TEMP_DIR/digest.file
    27. 

  27. LOG_FILE=$TEMP_DIR/log.file
    28. 

  28. 

  29. touch $LOG_FILE
    30. 

  30. 

  31. EMPTY_FILE=$TEMP_DIR/empty.file
    32. 

  32. BIG_FILE=$TEMP_DIR/big_file.file
    33. 

  33. 

  34. echo -n 01234567890123456789012345678901 > $DIGEST_FILE
    35. 

  35. echo 'f0f1f2f3f4f5f6f7f8f9' | xxd -r -p > $POLICY_REF
    36. 

  36. 

  37. tss2 provision
    38. 

  38. 

  39. tss2 import --path=$POLICY_PCR --importData=$PCR_POLICY_DATA
    40. 

  40. 

  41. tss2 import --path=$POLICY_AUTHORIZE --importData=$AUTHORIZE_POLICY_DATA
    42. 

  42. 

  43. echo "tss2 import with EMPTY_FILE" # Expected to fail
    44. 

  44. expect <<EOF
    45. 

  45. spawn sh -c "tss2 import --path=$POLICY_AUTHORIZE --importData=$EMPTY_FILE 2> $LOG_FILE"
    46. 

  46. set ret [wait]
    47. 

  47. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    48. 

  48.     set file [open $LOG_FILE r]
    49. 

  49.     set log [read \$file]
    50. 

  50.     close $file
    51. 

  51.     send_user "[lindex \$log]\n"
    52. 

  52.     exit 1
    53. 

  53. }
    54. 

  54. EOF
    55. 

  55. 

  56. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    57. 

  57.   echo "Error: AddressSanitizer triggered."
    58. 

  58.   cat $LOG_FILE
    59. 

  59.   exit 1
    60. 

  60. fi
    61. 

  61. 

  62. echo "tss2 import with BIG_FILE" # Expected to fail
    63. 

  63. expect <<EOF
    64. 

  64. spawn sh -c "tss2 import --path=$POLICY_AUTHORIZE --importData=$BIG_FILE 2> $LOG_FILE"
    65. 

  65. set ret [wait]
    66. 

  66. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    67. 

  67.     set file [open $LOG_FILE r]
    68. 

  68.     set log [read \$file]
    69. 

  69.     close $file
    70. 

  70.     send_user "[lindex \$log]\n"
    71. 

  71.     exit 1
    72. 

  72. }
    73. 

  73. EOF
    74. 

  74. 

  75. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    76. 

  76.   echo "Error: AddressSanitizer triggered."
    77. 

  77.   cat $LOG_FILE
    78. 

  78.   exit 1
    79. 

  79. fi
    80. 

  80. 

  81. tss2 createkey --path=$POLICY_SIGN_KEY_PATH --type="noDa, sign" --authValue=""
    82. 

  82. 

  83. tss2 authorizepolicy --keyPath=$POLICY_SIGN_KEY_PATH --policyPath=$POLICY_PCR \
    84. 

  84.     --policyRef=$POLICY_REF
    85. 

  85. 

  86. tss2 createkey --path=$KEY_PATH --type="noDa, sign" \
    87. 

  87.     --policyPath=$POLICY_AUTHORIZE --authValue=""
    88. 

  88. 

  89. if [ "$CRYPTO_PROFILE" = "RSA" ]; then
    90. 

  90.     tss2 sign --keyPath=$KEY_PATH --padding="RSA_PSS" --digest=$DIGEST_FILE \
    91. 

  91.         --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
    92. 

  92. else
    93. 

  93.     tss2 sign --keyPath=$KEY_PATH --digest=$DIGEST_FILE \
    94. 

  94.         --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE
    95. 

  95. fi
    96. 

  96. 

  97. echo "tss2 sign with BIG_FILE" # Expected to fail
    98. 

  98. expect <<EOF
    99. 

  99. spawn sh -c "tss2 sign --keyPath=$KEY_PATH --padding=RSA_PSS --digest=$BIG_FILE \
    100. 

  100.     --signature=$SIGNATURE_FILE --publicKey=$PUBLIC_KEY_FILE 2> $LOG_FILE"
    101. 

  101. set ret [wait]
    102. 

  102. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    103. 

  103.     set file [open $LOG_FILE r]
    104. 

  104.     set log [read \$file]
    105. 

  105.     close $file
    106. 

  106.     send_user "[lindex \$log]\n"
    107. 

  107.     exit 1
    108. 

  108. }
    109. 

  109. EOF
    110. 

  110. 

  111. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    112. 

  112.   echo "Error: AddressSanitizer triggered."
    113. 

  113.   cat $LOG_FILE
    114. 

  114.   exit 1
    115. 

  115. fi
    116. 

  116. 

  117. 

  118. expect <<EOF
    119. 

  119. # Try with missing policyPath
    120. 

  120. spawn tss2 authorizepolicy --keyPath=$POLICY_SIGN_KEY_PATH \
    121. 

  121.     --policyRef=$POLICY_REF
    122. 

  122. set ret [wait]
    123. 

  123. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    124. 

  124.     Command has not failed as expected\n"
    125. 

  125.     exit 1
    126. 

  126. }
    127. 

  127. EOF
    128. 

  128. 

  129. expect <<EOF
    130. 

  130. # Try with missing keyPath
    131. 

  131. spawn tss2 authorizepolicy \
    132. 

  132.     --policyPath=$POLICY_PCR --policyRef=$POLICY_REF
    133. 

  133. set ret [wait]
    134. 

  134. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    135. 

  135.     Command has not failed as expected\n"
    136. 

  136.     exit 1
    137. 

  137. }
    138. 

  138. EOF
    139. 

  139. 

  140. echo "tss2 authorizepolicy with EMPTY_FILE" # Expected to succeed
    141. 

  141. tss2 authorizepolicy --keyPath=$POLICY_SIGN_KEY_PATH --policyPath=$POLICY_PCR \
    142. 

  142.   --policyRef=$EMPTY_FILE
    143. 

  143. 

  144. echo "tss2 authorizepolicy with BIG_FILE" # Expected to fail
    145. 

  145. expect <<EOF
    146. 

  146. spawn sh -c "tss2 authorizepolicy --keyPath=$POLICY_SIGN_KEY_PATH \
    147. 

  147.     --policyPath=$POLICY_PCR --policyRef=$BIG_FILE 2> $LOG_FILE"
    148. 

  148. set ret [wait]
    149. 

  149. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    150. 

  150.     set file [open $LOG_FILE r]
    151. 

  151.     set log [read \$file]
    152. 

  152.     close $file
    153. 

  153.     send_user "[lindex \$log]\n"
    154. 

  154.     exit 1
    155. 

  155. }
    156. 

  156. EOF
    157. 

  157. 

  158. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    159. 

  159.   echo "Error: AddressSanitizer triggered."
    160. 

  160.   cat $LOG_FILE
    161. 

  161.   exit 1
    162. 

  162. fi
    163. 

  163. 

  164. exit 0
    165.