#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:=$(dirname "$0")}

PATH=$ROOT/src/swtpm:$PATH

PARAMETERS=(
	""
	"--createek"
	"--take-ownership"
	"--createek --lock-nvram"
	"--take-ownership --lock-nvram"
	"--lock-nvram"
	"--take-ownership --ownerpass OOO"
	"--take-ownership --srkpass SSS"
	"--take-ownership --ownerpass OO --srkpass SS"
	"--take-ownership --lock-nvram --display"
	"--display"
	"--lock-nvram --display"
	"--take-ownership --srk-well-known"
	"--take-ownership --owner-well-known"
	"--take-ownership --srk-well-known --owner-well-known"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
	"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
)

# Open read-only file descriptors referenced in test cases
exec 100<"${TESTDIR}/data/keyfile256bit.txt"
exec 101<"${TESTDIR}/data/pwdfile.txt"

FILESIZES=(
	1185
	1605
	2066
	1605
	2066
	1185
	2066
	2066
	2066
	2066
	1185
	1185
	2066
	2066
	2066
	1721
	1788
	1788
	1820
	1820
	1820
	1820
)

source "${TESTDIR}/common"
skip_test_no_tpm12 "${SWTPM_EXE}"

TPMDIR="$(mktemp -d)" || exit 1
# filesystem privileges require to run swtpm_setup as root during test
TPMAUTHORING="$SWTPM_SETUP --config ${SWTPM_SETUP_CONF}"
PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -rf "$TPMDIR"
}

# swtpm_setup.conf points to the local create_certs.sh
# For create_certs.sh to be found (with out full path)
# add this directory to the PATH
PATH=$PATH:$PWD

for (( i=0; i<${#PARAMETERS[*]}; i++)); do
	rm -rf "${TPMDIR:?}"/*
	echo -n "Test $i: "
	params=${PARAMETERS[$i]}
	if ! $TPMAUTHORING \
		--tpm-state "$TPMDIR" \
		--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
		${params:+${params}} &>/dev/null;
	then
		echo "ERROR: Test with parameters '${params}' failed."
		exit 1
	elif [ ! -f "$TPMDIR/tpm-00.permall" ]; then
		echo "ERROR: Test with parameters '${params}' did not
		      produce file $TPMDIR/tpm-00.permall."
		exit 1
	fi

	FILESIZE=$(get_filesize "$TPMDIR/tpm-00.permall")
	if [ "${FILESIZE}" -ne "${FILESIZES[$i]}" ]; then
		echo "ERROR: Unexpected file size of $FILESIZE, "\
		     "expected ${FILESIZES[$i]}. Parameters: ${params}"
		exit 1
	fi

	# Make sure the state is encrypted when a key was given.
	# We expect sequences of 4 0-bytes in unencrypted state
	# and no such sequences in encrypted state.
	nullseq="$(od -t x1 -A n < "$TPMDIR/tpm-00.permall" | tr -d '\n' | tr -s ' ' |
			grep "00 00 00 00")"
	if [[ "$params}" =~ (keyfile|pwdfile) ]]; then
		if [ -n "${nullseq}" ]; then
			echo "ERROR: State file is not encrypted with" \
			     "parameters '${params}'"
		fi
	else
		if [ -z "${nullseq}" ]; then
			echo "ERROR: State must not be encrypted with" \
			     "parameters '${params}'"
		fi
	fi

	echo "SUCCESS with parameters '${params}'."
done

exec 100>&-
exec 101>&-

exit 0