From 70733e919aaa72aa03cccf6cd453bbe0da752de1 Mon Sep 17 00:00:00 2001
From: jetwhiz <Charles.Munson@ll.mit.edu>
Date: Tue, 9 Apr 2019 17:57:36 -0400
Subject: [PATCH] Add attestation test, which ensures full attestation
 process works

Signed-off-by: jetwhiz <Charles.Munson@ll.mit.edu>
---
 test/system/test_attestation.sh | 125 ++++++++++++++++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100755 test/system/test_attestation.sh

diff --git a/test/system/test_attestation.sh b/test/system/test_attestation.sh
new file mode 100755
index 00000000000..ea9da13a419
--- /dev/null
+++ b/test/system/test_attestation.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+#;**********************************************************************;
+#
+# Copyright (c) 2019 Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# 3. Neither the name of Intel Corporation nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#;**********************************************************************;
+
+source test_helpers.sh
+
+handle_ek=0x81010007
+handle_ak=0x81010008
+handle_nv=0x1500018
+handle_hier=0x40000001
+ek_alg=rsa
+ak_alg=rsa
+digestAlg=sha256
+signAlg=rsassa
+ownerpw=ownerpass
+endorsepw=endorsepass
+ekpw=ekpass
+akpw=akpass
+
+file_input_data=secret.data
+file_input_key=nv.data
+output_ek_pub_pem=ekpub.pem
+output_ek_pub=ek.pub
+output_ak_pub_pem=akpub.pem
+output_ak_pub=ak.pub
+output_ak_priv=ak.priv
+output_ak_pub_name=ak.name
+output_mkcredential=mkcred.out
+output_actcredential=actcred.out
+output_quote=quote.out
+output_quotesig=quotesig.out
+output_quotepcr=quotepcr.out
+
+cleanup() {
+  rm -f $output_ak_priv \
+        $file_input_data $file_input_key $output_ek_pub $output_ek_pub_pem $output_ak_pub \
+        $output_ak_pub_pem $output_ak_pub_name $output_mkcredential \
+        $output_actcredential $output_quote $output_quotesig $output_quotepcr rand.out 
+
+  tpm2_pcrreset 16
+  tpm2_evictcontrol -Q -Ao -c $handle_ek 2>/dev/null || true
+  tpm2_evictcontrol -Q -Ao -c $handle_ak 2>/dev/null || true
+
+  tpm2_nvrelease -Q -x $handle_nv -a $handle_hier -P "$ownerpw" 2>/dev/null || true
+
+  tpm2_takeownership -c 2>/dev/null || true
+}
+trap cleanup EXIT
+
+
+cleanup
+
+echo "12345678" > $file_input_data
+echo "1234567890123456789012345678901" > $file_input_key
+
+getrandom() {
+  tpm2_getrandom -Q -o rand.out $1
+  local file_size=`stat --printf="%s" rand.out`
+  loaded_randomness=`cat rand.out | xxd -p -c $file_size`
+}
+
+
+tpm2_takeownership -o "$ownerpw" -e "$endorsepw"
+
+# Key generation
+tpm2_getpubek -Q -H $handle_ek -g $ek_alg -f $output_ek_pub -P "$ekpw" -o "$ownerpw" -e "$endorsepw"
+tpm2_readpublic -Q -H $handle_ek -o $output_ek_pub_pem -f pem
+tpm2_getpubak -Q -E $handle_ek -k $handle_ak -g $ak_alg -D $digestAlg -s $signAlg -f $output_ak_pub -n $output_ak_pub_name -e "$endorsepw" -P "$akpw" -o "$ownerpw"
+tpm2_readpublic -Q -H $handle_ak -o $output_ak_pub_pem -f pem
+
+# Validate keys (registrar)
+file_size=`stat --printf="%s" $output_ak_pub_name`
+loaded_key_name=`cat $output_ak_pub_name | xxd -p -c $file_size`
+tpm2_makecredential -Q -T none -e $output_ek_pub  -s $file_input_data -n $loaded_key_name -o $output_mkcredential 
+tpm2_activatecredential -Q -H $handle_ak -k $handle_ek -f $output_mkcredential -o $output_actcredential -P "$akpw" -e "$endorsepw"
+diff $file_input_data $output_actcredential
+
+
+# Quoting
+tpm2_pcrreset -Q 16
+tpm2_pcrextend -Q 16:sha256=6ea40aa7267bb71251c1de1c3605a3df759b86b22fa9f62aa298d4197cd88a38
+tpm2_pcrlist -Q
+getrandom 20
+tpm2_quote -Q -k $handle_ak -L $digestAlg:15,16,22 -q $loaded_randomness -m $output_quote -s $output_quotesig -p $output_quotepcr -G $digestAlg -P "$akpw"
+
+
+# Verify quote
+tpm2_checkquote -Q -c $output_ak_pub_pem -m $output_quote -s $output_quotesig -p $output_quotepcr -G $digestAlg -q $loaded_randomness
+
+
+# Save U key from verifier
+tpm2_nvdefine -Q -x $handle_nv -a $handle_hier -s 32 -t "ownerread|policywrite|ownerwrite" -I "indexpass" -P "$ownerpw"
+tpm2_nvwrite -Q -x $handle_nv -a $handle_hier -P "$ownerpw" $file_input_key
+tpm2_nvread -Q -x $handle_nv -a $handle_hier -s 32 -P "$ownerpw"
+
+exit 0
-- 
2.21.0