|
92 | 92 |
|
93 | 93 | log_dir="${data}/logs" |
94 | 94 |
|
95 | | -metadata="${data}/metadata-signed" |
| 95 | +metadata_raw="${data}/metadata-raw" |
| 96 | +metadata_signed="${data}/metadata-signed" |
96 | 97 | storage="${data}/cmc-storage" |
97 | 98 | cache="${data}/cmc-cache" |
98 | 99 | peercache="${data}/cmc-peer-cache" |
99 | 100 | ctrlog="${data}/cmc-container-measurements" |
100 | 101 |
|
101 | 102 | est_params=( |
102 | | - "-port" "9000" \ |
| 103 | + "-estaddr" "0.0.0.0:9000" \ |
103 | 104 | "-estcakey" "${data}/pki/ca-key.pem" \ |
104 | 105 | "-estcachain" "${data}/pki/ca.pem" \ |
| 106 | + "-metadatacas" "${data}/pki/ca.pem" \ |
105 | 107 | "-httpfolder" "${data}" \ |
106 | 108 | "-tpmekcertdb" "${data}/tpm-ek-certs.db" \ |
107 | 109 | "-tlskey" "${data}/pki/est-tls-key.pem" \ |
108 | | - "-tlscerts" "${data}/pki/est-tls.pem" \ |
| 110 | + "-tlscachain" "${data}/pki/est-tls.pem" \ |
109 | 111 | "-loglevel" "trace" \ |
110 | 112 | "-logfile" "${log_dir}/estserver.log" \ |
| 113 | + "-authmethods" "none" \ |
111 | 114 | "-verifyekcert=false" \ |
112 | 115 | ) |
113 | 116 |
|
114 | 117 | cmc_params=( |
115 | 118 | "-cmcaddr" "localhost:9955" \ |
116 | 119 | "-provaddr" "https://localhost:9000" \ |
117 | | - "-metadata" "file://${metadata}" \ |
| 120 | + "-metadata" "file://${metadata_signed}" \ |
118 | 121 | "-drivers" "tpm,sw" \ |
119 | 122 | "-ima=true" \ |
120 | 123 | "-imapcr" "10" \ |
@@ -152,23 +155,25 @@ api_serializers=("json" "cbor") |
152 | 155 |
|
153 | 156 | protocols=("grpc" "coap" "socket") |
154 | 157 |
|
155 | | -modes_server=("generate" "listen" "serve") |
| 158 | +commands_server=("generate" "listen" "serve") |
156 | 159 |
|
157 | | -modes_server_params=("" "-addr 0.0.0.0:4443" "-addr 0.0.0.0:8082") |
| 160 | +commands_params_server=("" "-addr 0.0.0.0:4443" "-addr 0.0.0.0:8082") |
158 | 161 |
|
159 | | -modes_client=("verify" "dial" "request") |
| 162 | +commands_client=("verify" "dial" "request") |
160 | 163 |
|
161 | | -modes_client_params=("" "-addr localhost:4443" "-addr https://localhost:8082/post -method POST -data \"hello ahttps\" -header \"Content-Type: text/plain\"") |
| 164 | +commands_params_client=("" "-addr localhost:4443" "-addr https://localhost:8082/post -method POST -data \"hello ahttps\" -header \"Content-Type: text/plain\"") |
162 | 165 |
|
163 | | -modes_server_ready_msg=("Wrote attestation response" "Serving under" "Serving HTTPS under") |
| 166 | +commands_server_ready_msg=("Wrote attestation response" "Serving under" "Serving HTTPS under") |
164 | 167 |
|
165 | | -modes_server_success_msg=("Wrote attestation response" "Server-side aTLS connection complete" "Server-side aHTTPS request completed") |
166 | | -modes_client_success_msg=("SUCCESS: Verification for Prover" "Client-side aTLS connection complete" "Client-side aHTTPS request completed") |
| 168 | +commands_server_success_msg=("Wrote attestation response" "Server-side aTLS connection complete" "Server-side aHTTPS request completed") |
| 169 | +commands_client_success_msg=("SUCCESS: Verification for Prover" "Client-side aTLS connection complete" "Client-side aHTTPS request completed") |
167 | 170 |
|
168 | | -modes_server_fail_msg=("Wrote attestation response" "attestation report verification failed" "attestation report verification failed") |
169 | | -modes_client_fail_msg=("FAILED: Verification for Prover" "attestation report verification failed" "attestation report verification failed") |
| 171 | +commands_server_fail_msg=("Wrote attestation response" "attestation report verification failed" "attestation report verification failed") |
| 172 | +commands_client_fail_msg=("FAILED: Verification for Prover" "attestation report verification failed" "attestation report verification failed") |
170 | 173 |
|
171 | 174 | # Clean start |
| 175 | +sudo rm -rf "${metadata_raw}" |
| 176 | +sudo rm -rf "${metadata_signed}" |
172 | 177 | sudo rm -rf "${storage}" |
173 | 178 | sudo rm -rf "${cache}" |
174 | 179 | sudo rm -rf "${peercache}" |
|
218 | 223 | stty sane |
219 | 224 | echo "Restarted cmcd ----------------------------------------------------------------" |
220 | 225 |
|
221 | | - for j in "${!modes_server[@]}" |
| 226 | + for j in "${!commands_server[@]}" |
222 | 227 | do |
223 | | - server_log="${log_dir}/cmcctl_${success}_${ar_serializer}_${api_serializer}_${protocols[i]}_${modes_server[j]}.log" |
224 | | - client_log="${log_dir}/cmcctl_${success}_${ar_serializer}_${api_serializer}_${protocols[i]}_${modes_client[j]}.log" |
| 228 | + server_log="${log_dir}/cmcctl_${success}_${ar_serializer}_${api_serializer}_${protocols[i]}_${commands_server[j]}.log" |
| 229 | + client_log="${log_dir}/cmcctl_${success}_${ar_serializer}_${api_serializer}_${protocols[i]}_${commands_client[j]}.log" |
225 | 230 |
|
226 | | - printf "TEST MODE %-8s | ATT %-7s | AR %s | SER %s | API %s\t" "${modes_client[j]}" "${success}" "${ar_serializer}" "${api_serializer}" "${protocols[i]}" |
| 231 | + printf "TEST CMD %-8s | ATT %-7s | AR %s | SER %s | API %s\t" "${commands_client[j]}" "${success}" "${ar_serializer}" "${api_serializer}" "${protocols[i]}" |
227 | 232 |
|
228 | 233 | "${dir}/cmcctl/cmcctl" \ |
| 234 | + "${commands_server[j]}" \ |
229 | 235 | "${cmcctl_params[@]}" \ |
230 | 236 | -logfile "${server_log}" \ |
231 | | - -mode ${modes_server[j]} \ |
232 | 237 | -api ${protocols[i]} \ |
233 | 238 | -apiserializer ${api_serializer} \ |
234 | | - ${modes_server_params[j]} \ |
| 239 | + ${commands_params_server[j]} \ |
235 | 240 | & |
236 | 241 | disown |
237 | | - wait_for_message $! "${server_log}" "${modes_server_ready_msg[j]}" |
| 242 | + wait_for_message $! "${server_log}" "${commands_server_ready_msg[j]}" |
238 | 243 | stty sane |
239 | 244 |
|
240 | 245 | "${dir}/cmcctl/cmcctl" \ |
| 246 | + "${commands_client[j]}" \ |
241 | 247 | "${cmcctl_params[@]}" \ |
242 | 248 | -logfile "${client_log}" \ |
243 | | - -mode "${modes_client[j]}" \ |
244 | 249 | -apiserializer "${api_serializer}" \ |
245 | 250 | -api "${protocols[i]}" \ |
246 | | - ${modes_client_params[j]} |
| 251 | + ${commands_params_client[j]} |
247 | 252 | stty sane |
248 | 253 |
|
249 | 254 | if [[ "${success}" == "success" ]]; then |
250 | | - wait_msg_server="${modes_server_success_msg[j]}" |
251 | | - wait_msg_client="${modes_client_success_msg[j]}" |
| 255 | + wait_msg_server="${commands_server_success_msg[j]}" |
| 256 | + wait_msg_client="${commands_client_success_msg[j]}" |
252 | 257 | else |
253 | | - wait_msg_server="${modes_server_fail_msg[j]}" |
254 | | - wait_msg_client="${modes_client_fail_msg[j]}" |
| 258 | + wait_msg_server="${commands_server_fail_msg[j]}" |
| 259 | + wait_msg_client="${commands_client_fail_msg[j]}" |
255 | 260 | fi |
256 | 261 |
|
257 | 262 | # Verify the server and client output |
|
0 commit comments