#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

TPMDIR=`mktemp -d`
SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
PID_FILE=$TPMDIR/swtpm.pid
LOG_FILE=$TPMDIR/swtpm.log
CMD_PATH=$TPMDIR/cmd
RESP_PATH=$TPMDIR/resp

source ${TESTDIR}/test_common

trap "cleanup" SIGTERM EXIT

function cleanup()
{
	rm -rf $TPMDIR
	if [ -n "$PID" ]; then
		kill_quiet -SIGTERM $PID 2>/dev/null
	fi
}

SWTPM_INTERFACE=socket+unix
SWTPM_SERVER_PORT=65430
SWTPM_SERVER_NAME=localhost
source ${TESTDIR}/common

# Test 1: test the control channel on the socket tpm

# OS X would not allow nobody to access the $TPMDIR easily; skip it
if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
	FOWNER=",uid=nobody,gid=$(id -Gn nobody | cut -d" " -f1)"
	FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)"
	RUNAS="--runas nobody"
	chown nobody $TPMDIR
	if [ $? -ne 0 ]; then
		echo "Error: Could not change ownership of $TPMDIR"
		exit 1
	fi
fi

if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then
	FILEMODE=661
else
	FILEMODE=621
fi

case "$(uname -s)" in
FreeBSD)
	kldload pty
	;;
esac

# use a pseudo terminal
if [ -c /dev/ptmx ]; then
	exec 100<>/dev/ptmx
elif [ -c /dev/ptm ]; then
	exec 100<>/dev/ptm
else
	echo "Could not find chardev for opening file descriptor."
	exit 1
fi

case $(uname -s) in
Linux|CYGWIN_NT-|Darwin)
	PIDPARAM="fd=101"
	exec 101<>$PID_FILE
	;;
*)
	PIDPARAM="file=$PID_FILE"
	;;
esac

$SWTPM_EXE socket \
	--fd 100 \
	--tpmstate dir=$TPMDIR \
	--pid $PIDPARAM \
	--ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \
	--log file=$LOG_FILE,level=20 \
	$RUNAS \
	${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
exec 100>&-
exec 101>&-

if wait_for_file $PID_FILE 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile $PID $PID_FILE

# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
	exp=" 00 00 00 00 00 00 7f ff"
else
	exp=" 00 00 00 00 00 00 6f ff"
fi
if [ "$res" != "$exp" ]; then
	echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH)
if [ "$filemode" != "$FILEMODE" ]; then
	echo "Filemode bits are wrong"
	echo "Expected: $FILEMODE"
	echo "Actual  : $filemode"
	exit 1
fi

fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH)
if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then
	echo "File ownership is wrong"
	echo "Expected: $FILEOWNER"
	echo "Actual  : $fileowner"
	exit 1
fi

# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Unexpected response from CMD_INIT:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send unknown command to the TPM
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
	echo "Error: Unexpected response from sending unsupported command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
	echo "Error: Socket TPM: Did not write volatile state file"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# To enable coverage of the above running as non-root we change the .gcda
# files' ownership with this small hack
if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
	find $ROOT -name *.gcda -exec chown nobody {} \;
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Unexpected response from CMD_SHUTDOWN:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if wait_file_gone $PID_FILE 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone ${PID} 4; then
	echo "Error: TPM should not be running anymore."
	exit 1
fi

check_logfile_patterns_level_20 $LOG_FILE
rm -f $LOG_FILE

echo "OK"

# Test 2: test the control channel on the socket tpm

# There are a few more tests here that require sending commands to the TPM

# use a pseudo terminal
run_swtpm ${SWTPM_INTERFACE} \
	--tpmstate dir=$TPMDIR \
	--pid file=$PID_FILE \
	--log file=$LOG_FILE \
	--flags startup-clear  \
	$RUNAS
PID=$SWTPM_PID

if wait_for_file ${PID_FILE} 4; then
	echo "Error: Socket TPM did not write pidfile."
	cat $LOG_FILE
	exit 1
fi

validate_pidfile $PID $PID_FILE

swtpm_open_cmddev ${SWTPM_INTERFACE} 100

# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
	exp=" 00 00 00 00 00 00 7f ff"
else
	exp=" 00 00 00 00 00 00 6f ff"
fi
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send unknown command to the TPM
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT)
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$res" != "$exp" ]; then
	echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
	echo "Error: Socket TPM: Did not write volatile state file"
	exit 1
fi

# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
# We send 0x100 null bytes
echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH
dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null
socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \
	sed -n '/^ /p' | \
	tail -n1 > $RESP_PATH
res="$(cat $RESP_PATH)"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 01 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Read PCR 17
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
if [ "$res" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
#                                                  cmd  |     flags     |     type      |    offset     |
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
#      result    |   flags   | totlength |   length  |
exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
if [ "${res:0:48}" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Read PCR 17 -- should fail now
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 0a 00 00 00 09'
if [ "$res" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if wait_file_gone $PID_FILE 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone ${PID} 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

# Expecting to see an error message for the unknown command
check_logfile_patterns_level_1 $LOG_FILE 1
rm -f $LOG_FILE

echo "OK"

# Test 3: test the control channel on the socket tpm: resume encrypted state

# copy all the state files
cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR}

run_swtpm ${SWTPM_INTERFACE} \
	--tpmstate dir=$TPMDIR \
	--pid file=$PID_FILE \
	--key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
	--log file=$LOG_FILE,level=20 \
	--flags not-need-init
PID=$SWTPM_PID

if wait_for_file $PID_FILE 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile $PID $PID_FILE

# Read PCR 10
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
#                                                      cmd  |     flags     |     type      |    offset     |
vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
#      result    |   flags   | totlength |   length  |
exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22"
if [ "${vstate:0:48}" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
	echo "       actual  : ${vstate:0:48}"
	echo "       expected: $exp"
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if wait_file_gone $PID_FILE 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone ${PID} 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

check_logfile_patterns_level_20 $LOG_FILE
rm -f $LOG_FILE

echo "OK"

# remove volatile state
rm -f $TPMDIR/*.volatilestate

run_swtpm ${SWTPM_INTERFACE} \
	--tpmstate dir=$TPMDIR \
	--pid file=$PID_FILE \
	--key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
	--log file=$LOG_FILE \
	--flags not-need-init
PID=$SWTPM_PID

if wait_for_file $PID_FILE 3; then
	echo "Error: Socket TPM did not write pidfile."
	exit 1
fi

validate_pidfile $PID $PID_FILE

# Read PCR 10 -- this should fail now
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$res" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send the volatile state to the TPM (while it is stopped)
#         |      cmd      |    flags      |     type      |
vstate=${vstate:48}
size=$((${#vstate} / 3))
size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
vstate=$(echo "${vstate}" | sed 's/ /\\x/g')
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Send init command to the TPM: CMD_INIT = 00 00 00 02
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Read PCR 10 -- has to return same result as before
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Reset PCR 20 while in locality 0 -- should not work
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 33'
if [ "$res" != "$exp" ]; then
	echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# In locality 2 we can reset PCR 20
# Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

# Reset PCR 20 while in locality 2 -- has to work
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$res" != "$exp" ]; then
	echo "Error: Could not reset PCR 20 in locality 2"
	echo "expected: $exp"
	echo "received: $res"
	exit 1
fi

# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
	echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
	echo "       actual  : $res"
	echo "       expected: $exp"
	exit 1
fi

if wait_file_gone $PID_FILE 2; then
	echo "Error: TPM should have removed PID file by now."
	exit 1
fi

if wait_process_gone ${PID} 4; then
	echo "Error: Socket TPM should not be running anymore."
	exit 1
fi

# (Currently) expecting to see nothing in the log file
check_logfile_patterns_level_1 $LOG_FILE 0
rm -f $LOG_FILE

echo "OK"

exit 0
