#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

TPMDIR="$(mktemp -d)" || exit 1
PID_FILE=$TPMDIR/swtpm.pid
SOCK_PATH=$TPMDIR/sock
VOLATILESTATE=$TPMDIR/volatile

source "${TESTDIR}/common"
skip_test_no_chardev "${SWTPM_EXE}"
skip_test_no_tpm12 "${SWTPM_EXE}"

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -rf "$TPMDIR"
	if [ -n "$PID" ]; then
		kill_quiet -SIGTERM "$PID" 2>/dev/null
	fi
}

# Test 1: test the control channel on the chardev tpm

# use a pseudo terminal
exec 100<>/dev/ptmx
$SWTPM_EXE chardev \
	--fd 100 \
	--tpmstate "dir=$TPMDIR" \
	--pid "file=$PID_FILE" \
	--ctrl "type=unixio,path=$SOCK_PATH" \
	--daemon \
	${SWTPM_TEST_SECCOMP_OPT:+${SWTPM_TEST_SECCOMP_OPT}}

if  [ ! -f "$PID_FILE" ]; then
	echo "Error: Chardev TPM did not write pidfile."
	exit 1
fi

PID=$(cat "$PID_FILE")

# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -c 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_CAPABILITY failed: $act"
	exit 1
fi

exp="ptm capability is 0x([[:xdigit:]]+)"
if ! [[ "$act" =~ ^${exp}$ ]]; then
	echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'."
	exit 1
fi

# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -i 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
	exit 1
fi

# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -v 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act"
	exit 1
fi

if [ ! -r "$TPMDIR/tpm-00.volatilestate" ]; then
	echo "Error: Socket TPM: Did not write volatile state file"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --stop 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_STOP failed: $act"
	exit 1
fi

# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -g 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_CONFIG failed: $act"
	exit 1
fi

exp="ptm configuration flags: 0x([[:xdigit:]]+)"
if ! [[ "$act" =~ ^${exp}$ ]]; then
	echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'."
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -s 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
	exit 1
fi

if wait_file_gone "$PID_FILE" 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone "${PID}" 4; then
	echo "Error: TPM should not be running anymore."
	exit 1
fi

echo "OK"

# Test 2: test the control channel on the socket tpm

# There are a few more tests here that require sending commands to the TPM

BINDADDR="127.0.0.1"
case $(uname -s) in
Linux*)
	# make sure IPv6 is available
	ip -6 addr show lo | grep -q " ::1/128" && BINDADDR="::1"
	;;
esac

# use a pseudo terminal
$SWTPM_EXE socket \
	--server port=65431,disconnect=true,bindaddr=$BINDADDR \
	--tpmstate "dir=$TPMDIR" \
	--pid "file=$PID_FILE" \
	--ctrl "type=unixio,path=$SOCK_PATH" \
	${SWTPM_TEST_SECCOMP_OPT:+${SWTPM_TEST_SECCOMP_OPT}} &
PID=$!

if wait_for_file "$PID_FILE" 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile "$PID" "$PID_FILE"

# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -c 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_CAPABILITY failed: $act"
	exit 1
fi

exp="ptm capability is 0x([[:xdigit:]]+)"
if ! [[ "$act" =~ ^${exp}$ ]]; then
	echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'."
	exit 1
fi

# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -i 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
	exit 1
fi

# Startup the TPM
if ! msg=$($SWTPM_BIOS --tcp ${BINDADDR}:65431 -o 2>&1); then
	echo "Error: Failed to startup TPM: $msg"
	exit 1
fi

# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -v 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act"
	exit 1
fi

if [ ! -r "$TPMDIR/tpm-00.volatilestate" ]; then
	echo "Error: Socket TPM: Did not write volatile state file"
	exit 1
fi

# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -e 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_TPMESTABLISHED failed: $act"
	exit 1
fi

exp="tpmEstablished is 0"
if [ "$act" != "$exp" ]; then
	echo "Error: Expected '$exp' but got '$act'."
	exit 1
fi

# 2. Hash the given data
data="a"
while [ ${#data} -lt $((0x2000)) ]; do
  data="${data}${data}"
done
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -h $data 2>&1); then
	echo "Error: $SWTPM_IOCTL data hashing failed: $act"
	exit 1
fi

# 3. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -e 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_TPMESTABLISHED failed: $act"
	exit 1
fi

exp="tpmEstablished is 1"
if [ "$act" != "$exp" ]; then
	echo "Error: Expected '$exp' but got '$act'."
	exit 1
fi

# 4. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -r 3 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_RESET_TPMESTABLISHED failed: $act"
	exit 1
fi

# 5. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -e 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_TPMESTABLISHED failed: $act"
	exit 1
fi

exp="tpmEstablished is 0"
if [ "$act" != "$exp" ]; then
	echo "Error: Expected '$exp' but got '$act'."
	exit 1
fi

# Read PCR 17
exec 100<>/dev/tcp/${BINDADDR}/65431
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100
RES=$(cat <&100 | od -t x1 -A n | tr -d "\n")
exp=' 00 c4 00 00 00 1e 00 00 00 00 f9 87 3e 96 6b 9e 46 c8 45 46 2d 1f f2 52 eb cc c1 9b df fd'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --save volatile "$VOLATILESTATE" 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_STATEBLOB failed: $act"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --stop 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_STOP failed: $act"
	exit 1
fi

# Read PCR 17 -- should fail now
exec 100<>/dev/tcp/${BINDADDR}/65431
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11' >&100
RES=$(cat <&100 | od -t x1 -A n | tr -d "\n")
exp=' 00 c4 00 00 00 0a 00 00 00 09'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -g 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_CONFIG failed: $act"
	exit 1
fi

exp="ptm configuration flags: 0x([[:xdigit:]]+)"
if ! [[ "$act" =~ ^${exp}$ ]]; then
	echo "Error: Expected string following regular expression '$exp' from ioctl tool but got '$act'."
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -s 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
	exit 1
fi

if wait_file_gone "$PID_FILE" 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone "${PID}" 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

echo "OK"

# Test 3: test the control channel on the socket tpm: resume encrypted state

# copy all the state files
cp "${TESTDIR}/data/tpmstate2/"* "${TPMDIR}"

$SWTPM_EXE socket \
	--server port=65431,disconnect=true \
	--tpmstate "dir=$TPMDIR" \
	--pid "file=$PID_FILE" \
	--ctrl "type=unixio,path=$SOCK_PATH" \
	--key "pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512" \
	--flags not-need-init \
	${SWTPM_TEST_SECCOMP_OPT:+${SWTPM_TEST_SECCOMP_OPT}} &
PID=$!

if wait_for_file "$PID_FILE" 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile "$PID" "$PID_FILE"

# Read PCR 10
exec 100<>/dev/tcp/localhost/65431
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100
RES=$(cat <&100 | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
rm -f "$VOLATILESTATE"
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --save volatile "$VOLATILESTATE" 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_GET_STATEBLOB failed: $act"
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -s 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
	exit 1
fi

if wait_file_gone "$PID_FILE" 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone "${PID}" 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

# remove volatile state
rm -f "$TPMDIR"/*.volatilestate

$SWTPM_EXE socket \
	--server port=65431,disconnect=true \
	--tpmstate "dir=$TPMDIR" \
	--pid "file=$PID_FILE" \
	--ctrl "type=unixio,path=$SOCK_PATH" \
	--key "pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512" \
	--flags not-need-init \
	${SWTPM_TEST_SECCOMP_OPT:+${SWTPM_TEST_SECCOMP_OPT}} &
PID=$!

if wait_for_file "$PID_FILE" 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile "$PID" "$PID_FILE"

# Read PCR 10 -- this should fail now
exec 100<>/dev/tcp/localhost/65431
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100
RES=$(cat <&100 | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --stop 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_STOP failed: $act"
	exit 1
fi

# Send the volatile state to the TPM (while it is stopped)
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" --load volatile "$VOLATILESTATE" 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SET_STATEBLOB failed: $act"
	exit 1
fi

# Send init command to the TPM: CMD_INIT = 00 00 00 02
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -i 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
	exit 1
fi

# Read PCR 10 -- has to return same result as before
exec 100<>/dev/tcp/localhost/65431
echo -en '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a' >&100
RES=$(cat <&100 | od -t x1 -A n -w128)
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi


# Reset PCR 20 while in locality 0 -- should not work
exec 100<>/dev/tcp/localhost/65431
echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100
RES=$(cat <&100 | od -t x1 -A n)
exp=' 00 c4 00 00 00 0a 00 00 00 33'
if [ "$RES" != "$exp" ]; then
	echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# In locality 2 we can reset PCR 20
# Set the locality on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -l 2 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SET_LOCALITY failed: $act"
	exit 1
fi

# Reset PCR 20 while in locality 2 -- has to work
exec 100<>/dev/tcp/localhost/65431
echo -en '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10' >&100
RES=$(cat <&100 | od -t x1 -A n)
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
	echo "Error: Could not reset PCR 20 in locality 2"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
if ! act=$($SWTPM_IOCTL --unix "$SOCK_PATH" -s 2>&1); then
	echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
	exit 1
fi

if wait_file_gone "$PID_FILE" 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone "${PID}" 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

echo "OK"

exit 0
