Inicio Explorar Axuda
Iniciar sesión
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: master
Ramas Etiquetas
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
fapi
/
fapi-nv-write-read-policy-or2.sh

fapi-nv-write-read-policy-or2.sh 3.6 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. set -e
    2. 

  2. source helpers.sh
    3. 

  3. 

  4. start_up
    5. 

  5. 

  6. CRYPTO_PROFILE="ECC"
    7. 

  7. setup_fapi $CRYPTO_PROFILE
    8. 

  8. 

  9. function cleanup {
    10. 

  10.     tss2 delete --path=/
    11. 

  11.     shut_down
    12. 

  12. }
    13. 

  13. 

  14. trap cleanup EXIT
    15. 

  15. 

  16. PW=abc
    17. 

  17. NV_PATH=/nv/Owner/myNV
    18. 

  18. DATA_WRITE_FILE=$TEMP_DIR/nv_write_data.file
    19. 

  19. DATA_READ_FILE=$TEMP_DIR/nv_read_data.file
    20. 

  20. POLICY_PWD_NV_DATA=$TEMP_DIR/pol_pwd_nv_read_write.json
    21. 

  21. POLICY_PWD_NV=/policy/pwd_nv_read_write
    22. 

  22. LOG_FILE=$TEMP_DIR/log.file
    23. 

  23. touch $LOG_FILE
    24. 

  24. PW=abc
    25. 

  25. 

  26. tss2 provision
    27. 

  27. 

  28. echo test > $DATA_WRITE_FILE
    29. 

  29. 

  30. tss2 import -i $POLICY_PWD_NV_DATA -p $POLICY_PWD_NV
    31. 

  31. tss2 createnv -p $NV_PATH -P $POLICY_PWD_NV -s 16 --authValue=$PW
    32. 

  32. 

  33. echo "Write without password but policy write."
    34. 

  34. expect <<EOF
    35. 

  35. spawn sh -c "tss2 nvwrite --nvPath=$NV_PATH --data=$DATA_WRITE_FILE> $LOG_FILE"
    36. 

  36. set timout 0
    37. 

  37. expect -re {
    38. 

  38.     "Select a branch.*" { }
    39. 

  39.     eof {
    40. 

  40.         send_user "The system has not asked for branch selection\n"
    41. 

  41.         exit 1
    42. 

  42.     }
    43. 

  43.     }
    44. 

  44. send "2\r"
    45. 

  45. expect -re {
    46. 

  46.     "Your choi.*" { }
    47. 

  47.     eof {
    48. 

  48.         send_user "The system did not comment selection\n"
    49. 

  49.         exit 1
    50. 

  50.     }
    51. 

  51.     }
    52. 

  52. expect -re {
    53. 

  53.     "Select.*" { }
    54. 

  54.     eof {
    55. 

  55.         send_user "The system has not asked for password\n"
    56. 

  56.         exit 1
    57. 

  57.     }
    58. 

  58.     }
    59. 

  59. send "1\r"
    60. 

  60. set ret [wait]
    61. 

  61. if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
    62. 

  62.     send_user "Using interactive prompt has failed\n"
    63. 

  63.     exit 1
    64. 

  64. }
    65. 

  65. EOF
    66. 

  66. 

  67. echo "Write with password policy"
    68. 

  68. expect <<EOF
    69. 

  69. spawn sh -c "tss2 nvwrite --nvPath=$NV_PATH --data=$DATA_WRITE_FILE> $LOG_FILE"
    70. 

  70. set timout 0
    71. 

  71. expect -re {
    72. 

  72.     "Select a branch.*" { }
    73. 

  73.     eof {
    74. 

  74.         send_user "The system has not asked for branch selection\n"
    75. 

  75.         exit 1
    76. 

  76.     }
    77. 

  77.     }
    78. 

  78. send "1\r"
    79. 

  79. expect -re {
    80. 

  80.     "Your choi.*" { }
    81. 

  81.     eof {
    82. 

  82.         send_user "The system did not comment selection\n"
    83. 

  83.         exit 1
    84. 

  84.     }
    85. 

  85.     }
    86. 

  86. expect -re {
    87. 

  87.     "Authorize.*" { }
    88. 

  88.     eof {
    89. 

  89.         send_user "The system has not asked for password\n"
    90. 

  90.         exit 1
    91. 

  91.     }
    92. 

  92.     }
    93. 

  93. send "$PW\r"
    94. 

  94. set ret [wait]
    95. 

  95. if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
    96. 

  96.     send_user "Using interactive prompt has failed\n"
    97. 

  97.     exit 1
    98. 

  98. }
    99. 

  99. EOF
    100. 

  100. 

  101. echo "Read with password policy"
    102. 

  102. expect <<EOF
    103. 

  103. spawn sh -c "tss2 nvread --nvPath=$NV_PATH --data=$DATA_READ_FILE > $LOG_FILE"
    104. 

  104. set timout 0
    105. 

  105. expect -re {
    106. 

  106.     "Select a branch.*" { }
    107. 

  107.     eof {
    108. 

  108.         send_user "The system has not asked for branch selection\n"
    109. 

  109.         exit 1
    110. 

  110.     }
    111. 

  111.     }
    112. 

  112. send "1\r"
    113. 

  113. expect -re {
    114. 

  114.     "Your choi.*" { }
    115. 

  115.     eof {
    116. 

  116.         send_user "The system did not comment selection\n"
    117. 

  117.         exit 1
    118. 

  118.     }
    119. 

  119.     }
    120. 

  120. expect -re {
    121. 

  121.     "Authorize.*" { }
    122. 

  122.     eof {
    123. 

  123.         send_user "The system has not asked for password\n"
    124. 

  124.         exit 1
    125. 

  125.     }
    126. 

  126.     }
    127. 

  127. send "$PW\r"
    128. 

  128. set ret [wait]
    129. 

  129. if {[lindex \$ret 2] || [lindex \$ret 3] != 0} {
    130. 

  130.     send_user "Using interactive prompt has failed\n"
    131. 

  131.     exit 1
    132. 

  132. }
    133. 

  133. EOF
    134. 

  134. 

  135. echo "Write with wrong password should fail"
    136. 

  136. expect <<EOF
    137. 

  137. # Check if system asks for branch selection
    138. 

  138. spawn sh -c "tss2 nvwrite --nvPath=$NV_PATH --data=$DATA_WRITE_FILE> $LOG_FILE"
    139. 

  139. set timout 0
    140. 

  140. expect -re {
    141. 

  141.     "Select a branch.*" { }
    142. 

  142.     eof {
    143. 

  143.         send_user "The system has not asked for branch selection\n"
    144. 

  144.         exit 1
    145. 

  145.     }
    146. 

  146.     }
    147. 

  147. send "1\r"
    148. 

  148. expect -re {
    149. 

  149.     "Your choi.*" { }
    150. 

  150.     eof {
    151. 

  151.         send_user "The system did not comment selection\n"
    152. 

  152.         exit 1
    153. 

  153.     }
    154. 

  154.     }
    155. 

  155. expect -re {
    156. 

  156.     "Authorize.*" { }
    157. 

  157.     eof {
    158. 

  158.         send_user "The system has not asked for password\n"
    159. 

  159.         exit 1
    160. 

  160.     }
    161. 

  161.     }
    162. 

  162. send "XXXXX\r"
    163. 

  163. set ret [wait]
    164. 

  164. if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
    165. 

  165.     send_user "Using interactive prompt has failed\n"
    166. 

  166.     exit 1
    167. 

  167. }
    168. 

  168. EOF
    169. 

  169. 

  170. tss2 delete --path=$NV_PATH
    171. 

  171. 

  172. if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
    173. 

  173.   echo "Error: AddressSanitizer triggered."
    174. 

  174.   cat $LOG_FILE
    175. 

  175.   exit 1
    176. 

  176. fi
    177. 

  177. 

  178. exit 0
    179. 

  179.